Chair: Mark Scrimshire
Scribe: Vanessa Candelora
This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."
Minutes Approved as Presented
Meeting Minutes from Discussion
|Decision Link(if not child)|
|Management||Review ANSI Anti-Trust Policy|
Call Structure & Name Changes
|Call for Da Vinci Member leads for PDex Use Cases|
Save the Date: The final 2021 Community Roundtable will be held Wednesday Dec 8th at 4 pm ET. This replaces both the Nov & Dec roundtables. See Da Vinci 2021 Calendar
|Preparing for HL7 January Connectathon|
HL7 FHIR Connectathon (CST)
January 10-12, 2022 • Virtual Event
Register here: https://www.hl7.org/events/fhir/connectathon/2022/01/
Early Bird Registration through Saturday, December 04, 2021. Online registration closes December 13.
Confluence Event page: 2022 - 01 Connectathon 29
Da Vinci summary coming soon- HL7 Virtual Connectathon - January 2022
See Supporting section below!
Discussion Good Question. It's likely you will need to support multiple versions as customers won't all upgrade at the same time.
Implementer is looking to limit the changes to versions only when there are breaking changes. (e.g. with the coming Formulary update)
How do you expose to your clients?
With versions of FHIR, you can use
2) Resource level...
I'd like to discuss UDAP. The way HRex is implementing UDAP conflicts with the intent of UDAP. PDEX dependency on HREX and HREX's implementation of UDAP has cascading issues.
The approach is an effort to avoid demanding everyone to implement a standard (UDAP)
The passing of consent is a url. there is a question of this process - you pass a token back to the consent resource. Request to look back at this particular flow.
D - used for a few interactions -
1) App credentials (Server to Server registration) - proving identify via a certificate.
2) Find the member - verify common patient
3) Obtain access token to verify
Zulip Chats related:
We did not want to be the trusted payer directory to give out certificates.
Do the dynamic client registration one time, and use the trust community with a purely O-Auth flow.
How do you identify yourself as a requester? 509c-cert on the request. still need a CA, Trust Community,
MTLS with a flip to the token request - should be tested.
Daniel Venton suggested another option.
This is the fast Zulip I was referencing, https://chat.fhir.org/#narrow/stream/294749-FHIR-at.20Scale.20Taskforce.20.28FAST.29.3A.20Security/topic/JWT.2BPKI.2BmTLS.20to.20enable.20unregistered.20clients.3F
YB - From what seen, there is nothing required to allow patients to filter their non-sensitive data out. this added complexity.
BD: The CMS Patient Access API Rule (per preamble) does not replace previous regulation on consent for sharing patient data.
Two layers to consent:
1) The layer we are exchanging in the auth. process is a summary level "I have permission form this patient to access regular to sensitive info" if you want to see the details, here is a reference to the original proof
Then, link back to consent resource with a minimalist
Accordingly to the UDAP spec... discussion about embedding the consent url
You have access to the consent resource through .id with the Mutual TLS.
Don't like the idea of a bi-directional channel. Would prefer a request response that would not open a bi-directional feed. MTLS is bi-directional. We are adding some complexity (Retrieve consent) but it's already bi-directional.
Agreement that UDap may not solve this problem.
EM: Believes it should be the responsibility of the payer requesting data to provide the consent.
Maybe we modify the member match to add the consent record there? LM: No, problem is that member match is good for decades but consent is not- limited time frame)
Yukta Bellani (Evernorth/Cigna) to Everyone
I still have concerns around the requirement to filter sensitive data
Vanessa - may be we line this up for future session or will we discuss this @ 2 pm
think people are still discussing how we share consent but i am worried about the options we are allowing within this consent
Future session, 2 pm we have a lot to cover on PDex V2 tickets.
I have noted for a future call but think there is some offline work here.
Thanks Yukta, you beat me to it!
btw here is my concern around allowing the sensitive filtering https://chat.fhir.org/#narrow/stream/235286-Da-Vinci.20PDex/topic/Consent.20Policy.20.28HRex.29
Jason Teeple to Everyone
Think we need to continue this conversation. It is clear we need to walk through the design and subsequent impacts/implications
1) We need to get this tested throughly.
2) Continue discussion.
No call day after Thanksgiving 11/26/21.
See you on Dec. 3. Topics may include continuing the discussion on Mutual TLS, UDap, and Consent. See notes from 11/19 and previously.
Adjourned at 1:14 pm
|PDex Companion Guides|
|CARIN CPCDS to US Core Mapping|
Latest draft CARIN CPCDS Mapping document: CARIN Mapping to FHIR interim 2020 0818 v2.xlsx
DRAFT - PDEX US Core Mapping from CPCDS source: ResourceMappingUSCoreCPCDS-2020-05-29-v26.xlsx
|PDex - US Core |
Source PowerPoint: PDEXandUSCoreRelationship.pptx
|Da Vinci is seeking answers to open questions and clarifications needed on the implementation and operational needs of the upcoming CMS Patient Directed API Rules.|
Find initial questions and corresponding answers shared from our colleagues at CMS here
Implementers can take advantage of tools: See the Reference links on the Payer Data Exchange (PDex) page to access links for Reference Implementations, sandboxes, test scripts, and more!
ONC FAST National Healthcare Directory (including end points) solution page that includes links to everything (solution doc, Connectathon, HL7 workgroup, etc.): https://oncprojectracking.healthit.gov/wiki/display/TechLabSC/National+Healthcare+Directory
For questions, reach out to us on Zulip:
|Formulary STU 1.1.0 Overview|
|Recording of PDex Provenance Discussion 10/1/2021||Recording of PDex Provenance Discussion 10/1/2021|
|Recording of PDex calls on 10/29||Discussion on Provenance Source and Transmitter - Payer Authoring; Authorized Rep rather than Patient request process for consent, and more.|
- Mark Scrimshire reach out to Corey: Is there something unique in Dental and Vision that would have an impact on USCDI? Does the way CARIN is representing CPCDS warrant any changes needed in PDex?
- Mark Scrimshire - Longer term Action Item from call on 10/15 to provide FAQ guidance on the de-duplication or linking options for payer to payer provenance record sharing. see recording from 10/15 notes.
- Robert Dieterle - 10/29 - Draft and submit questions to CMS about the Authorized Representative for consent on Payer-to-Payer data exchange.
- Mark Neumuth to share feedback from their learnings as third party apps start connecting to their API.
Ramandeep Dhanoa "Raman" Tom Loomis
Present Name Affiliation Present Name Affiliation Onyx Yukta Bellani Evernorth/Cigna Gevity MITRE Alex Kontur HealthLX MITRE Bryan Briegel IBM Watson Health Chris Johnson BCBSAL Evernorth Chetana Suresh IBC Stanley Nachimson Jim Denyer IBC Dave Shekar Mettle Solutions Ezequiel Morales Evernorth/Cigna Rachel E. Foerster Todd Grinaway CBC Versaggi Consultant James Derrickson BCBST Nehal Amin Tom Grannan Azuba Jason Teeple Vanessa Candelora POCP, Da Vinci PMO Kat Cobel NCQA Joel Hansen Mark Neumuth Aetna United Michael Ryan NCQA Joseph Quinn SmileCDR Rich Tallon Jamie Stamps Ronald Wampler CVS Aetna Health Muriel Brechner Evernorth Craig Knier Change Healthcare Jeff Brown MITRE, FM Co-Chair @Dustin R Nides Christopher Gracon Vernell Armstrong Bob Bowman Brett Atwood Dale Brown Evernorth Grace Stambaugh Optum Michelle Barry Availity Christopher Gracon POCP Stephen Roorda IBM Thomas Keane
Ramandeep Dhanoa "Raman"