Chair: Mark Scrimshire

Scribe: Vanessa Candelora 

 

Create Decision from template

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Minutes Approved as Presented 



Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
ManagementReview ANSI Anti-Trust Policy



Call Structure & Name Changes



Call for Da Vinci Member leads for PDex Use Cases

If you are a Da Vinci member and interested in co-leading the PDex Use cases, please reach out to Vanessa Candelora  and Viet Nguyen 



Announcements

Save the Date: The final 2021 Community Roundtable will be held Wednesday Dec 8th at 4 pm ET. This replaces both the Nov & Dec roundtables. See Da Vinci 2021 Calendar



Preparing for HL7 January Connectathon

HL7 FHIR Connectathon (CST)   

January 10-12, 2022   •   Virtual Event

Register here: https://www.hl7.org/events/fhir/connectathon/2022/01/

Early Bird Registration through Saturday, December 04, 2021.  Online registration closes December 13. 

Confluence Event page:  2022 - 01 Connectathon 29 

Da Vinci summary coming soon- HL7 Virtual Connectathon - January 2022




Implementer Resources

See Supporting section below!


TodayVersion Issue
  • We recently worked with a 3rd Party Application that was not able to handle APIs with different versions.
  • Our solution is to change all APIs using the Patient Access base URL to v2.  Going forward anytime we move to a new version with one API we will ensure all other APIs using that same base URL are also moved to that version.  However, this should only occur when there is a breaking change within an IG.
  • When discussing with this particular 3rd Party Developer they stated there shouldn't be any versioning since there shouldn't be any changes.  We decided to keep the version to allow developers the time to adjust to the changes.
  • How are other payers and 3rd party applications handling API versioning?






Response:

Discussion Good Question. It's likely you will need to support multiple versions as customers won't all upgrade at the same time.  

Implementer is looking to limit the changes to versions only when there are breaking changes. (e.g. with the coming Formulary update)

How do you expose to your clients?

With versions of FHIR, you can use
1) Content Negotiation - use same endpoint and multiple version and people can specify what version they want. 

  • with implementation guides, there is not a distinct line time for Plan Net/Formulary for version X.  won't even be a thing.  

2) Resource level...


Summary Response:

  • Likely need a distinct URL for each version.
  • Can monitor traffic on the versions to determine when you drop off support for the older versions.  (leverage best practices on this from other industries. 


Question: 

12:10 PM
Jason Teeple to Everyone

I'd like to discuss UDAP. The way HRex is implementing UDAP conflicts with the intent of UDAP.  PDEX dependency on HREX and HREX's implementation of UDAP has cascading issues.

Summary Response:

The approach is an effort to avoid demanding everyone to implement a standard (UDAP)

The passing of consent is a url. there is a question of this process - you pass a token back to the consent resource.  Request to look back at this particular flow.

D - used for a few interactions -

1) App credentials  (Server to Server registration) - proving identify via a certificate.

2) Find the member - verify common patient

3) Obtain access token to verify

Zulip Chats related: 

https://chat.fhir.org/#narrow/stream/235286-Da-Vinci.20PDex/topic/Resolving.20UDAP.20consent_references

We did not want to be the trusted payer directory to give out certificates.


Do the dynamic client registration one time, and use the trust community with a purely O-Auth flow. 

How do you identify yourself as a requester? 509c-cert on the request.  still need a CA, Trust Community, 


MTLS with a flip to the token request - should be tested.  

Daniel Venton suggested another option. 

This is the fast Zulip I was referencing, https://chat.fhir.org/#narrow/stream/294749-FHIR-at.20Scale.20Taskforce.20.28FAST.29.3A.20Security/topic/JWT.2BPKI.2BmTLS.20to.20enable.20unregistered.20clients.3F



YB - From what seen, there is nothing required to allow patients to filter their non-sensitive data out. this added complexity. 

BD: The CMS Patient Access API Rule (per preamble) does not replace previous regulation on consent for sharing patient data. 





Two layers to consent: 

1) The layer we are exchanging in the auth. process is a summary level "I have permission form this patient to access regular to sensitive info" if you want to see the details, here is a reference to the original proof

2) ??


Then, link back to consent resource with a minimalist 


Accordingly to the UDAP spec... discussion about embedding the consent url


You have access to the consent resource through .id with the Mutual TLS. 

Don't like the idea of a bi-directional channel.  Would prefer a request response that would not open a bi-directional feed.  MTLS is bi-directional.  We are adding some complexity (Retrieve consent) but it's already bi-directional. 

Agreement that UDap may not solve this problem. 

EM: Believes it should be the responsibility of the payer requesting data to provide the consent. 

Maybe we modify the member match to add the consent record there?  LM: No, problem is that member match is good for decades but consent is not- limited time frame)










Chat: 



Yukta Bellani (Evernorth/Cigna) to Everyone

I still have concerns around the requirement to filter sensitive data


12:49 PM
Yukta Bellani (Evernorth/Cigna) to Everyone

Vanessa - may be we line this up for future session or will we discuss this @ 2 pm


12:50 PM
Yukta Bellani (Evernorth/Cigna) to Everyone

think people are still discussing how we share consent but i am worried about the options we are allowing within this consent


12:53 PM
Me to Everyone

Future session, 2 pm we have a lot to cover on PDex V2 tickets.


12:53 PM
Me to Everyone

I have noted for a future call but think there is some offline work here.


12:53 PM
Yukta Bellani (Evernorth/Cigna) to Everyone

https://build.fhir.org/ig/HL7/davinci-ehrx/consent-oauth.html


12:53 PM
Me to Everyone

Thanks Yukta, you beat me to it!


12:54 PM
Yukta Bellani (Evernorth/Cigna) to Everyone

:D


12:55 PM
Yukta Bellani (Evernorth/Cigna) to Everyone

btw here is my concern around allowing the sensitive filtering https://chat.fhir.org/#narrow/stream/235286-Da-Vinci.20PDex/topic/Consent.20Policy.20.28HRex.29

Jason Teeple to Everyone

Think we need to continue this conversation. It is clear we need to walk through the design and subsequent impacts/implications

Next Steps:

1) We need to get this tested throughly. 

2) Continue discussion.


Next Week

No call day after Thanksgiving 11/26/21. 

See you on Dec. 3. Topics may include continuing the discussion on Mutual TLS, UDap, and Consent. See notes from 11/19 and previously. 



 Adjournment

Adjourned at 1:14 pm






Outline Reference

Supporting Document

Minute Approval
PDex Companion Guides

PDex IG Companion Guide List

PDex IG Companion Guide - Laboratory Reporting Resources

CARIN CPCDS to US Core Mapping

Latest draft CARIN CPCDS Mapping document: CARIN Mapping to FHIR interim 2020 0818 v2.xlsx

DRAFT - PDEX US Core Mapping from CPCDS source: ResourceMappingUSCoreCPCDS-2020-05-29-v26.xlsx

PDex - US Core
inter-relationship

Source PowerPoint: PDEXandUSCoreRelationship.pptx

Da Vinci is seeking answers to open questions and clarifications needed on the implementation and operational needs of the upcoming CMS Patient Directed API Rules.

Find initial questions and corresponding answers shared from our colleagues at CMS here

  • Links to Published IGs
Other Links:

Source code is here: https://github.com/HL7/davinci-epdx

  • Other Spreadsheets used to support tables in PDEX IG:

HL7 FM PDEX What to Review 2020-10-20-v1.pptx

Implementer Resources

Da Vinci Implementer Support Page 

Implementers can take advantage of tools: See the Reference links on the Payer Data Exchange (PDex) page to access links for Reference Implementations, sandboxes, test scripts, and more!

Da Vinci PDex for Patient Access API Frequently Asked Questions (FAQs)

CMS Final Rule Questions and Answers log

ONC FAST National Healthcare Directory (including end points) solution page that includes links to everything (solution doc, Connectathon, HL7 workgroup, etc.): https://oncprojectracking.healthit.gov/wiki/display/TechLabSC/National+Healthcare+Directory


For questions, reach out to us on Zulip:

Formulary STU 1.1.0 Overview

Formulary - Searching by DrugName.docx

Recording of Formulary Tickets for STU 1.1.0 Overview

Recording of PDex Provenance Discussion 10/1/2021Recording of PDex Provenance Discussion 10/1/2021
Recording of PDex calls on 10/29Discussion on Provenance Source and Transmitter - Payer Authoring; Authorized Rep rather than Patient request process for consent, and more. 

Action items

  • Mark Scrimshire reach out to Corey: Is there something unique in Dental and Vision that would have an impact on USCDI? Does the way CARIN is representing CPCDS warrant any changes needed in PDex? 
  • Mark Scrimshire - Longer term Action Item from call on 10/15 to provide FAQ guidance on the de-duplication or linking options for payer to payer provenance record sharing.  see recording from 10/15 notes. 
  • Robert Dieterle - 10/29 - Draft and submit questions to CMS about the Authorized Representative for consent on Payer-to-Payer data exchange. 
  • Mark Neumuth to share feedback from their learnings as third party apps start connecting to their API. 

Attendees - 

PresentNameAffiliation
PresentNameAffiliation
  •  

Mark Scrimshire

Onyx
  •  
Yukta BellaniEvernorth/Cigna
  •  

Carie Hammond



  •  

Ramandeep Dhanoa  "Raman"

Gevity
  •  

Corey Spears

MITRE
  •  
Alex Kontur 
  •  

Charlie Provenzano

HealthLX
  •  

Anand Rakshe 


  •  

David Hill

MITRE
  •  
Bryan Briegel IBM Watson Health
  •  

Lloyd McKenzie



  •  
Chris Johnson BCBSAL
  •  

Robert Dieterle



  •  

Clarissa Winchester 


  •  

Mariel Brechner

Evernorth
  •  
Chetana Suresh IBC
  •  
Stanley Nachimson 

  •  
Jim Denyer IBC
  •  

Mary Kay McDaniel



  •  
Dave Shekar 
  •  

Melanie Combs-Dyer

Mettle Solutions
  •  
Ezequiel Morales Evernorth/Cigna
  •  
Rachel E. Foerster

  •  
Todd GrinawayCBC
  •  

Serafina Versaggi

Versaggi Consultant
  •  
James Derrickson
  •  

Susan Langford

BCBST
  •  
Nehal Amin
  •  
Tom GrannanAzuba
  •  
Jason Teeple 
  •  
Vanessa CandeloraPOCP, Da Vinci PMO
  •  
Kat CobelNCQA
  •  
Joel Hansen



  •  
 Mark Neumuth Aetna
  •  

Daniel Venton 

United
  •  
Michael RyanNCQA
  •  
Joseph Quinn SmileCDR
  •  
Rich Tallon
  •  
Jamie Stamps

  •  
 Ronald Wampler CVS Aetna Health
  •  
Muriel Brechner Evernorth
  •  
Craig Knier Change Healthcare
  •  
Jeff Brown MITRE, FM Co-Chair
  •  
@Dustin R Nides 
  •  
Christopher Gracon

  •  
Vernell Armstrong
  •  
Bob Bowman

  •  
Brett Atwood
  •  
Dale Brown

  •  

Tom Loomis

Evernorth
  •  
Grace StambaughOptum
  •  
Michelle BarryAvaility
  •  
Christopher Gracon 

  •  

Katina Burrows 

POCP
  •  
Stephen RoordaIBM
  •  
Thomas Keane