Skip to end of metadata
Go to start of metadata

Chair: @Chris Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet


Agenda Topics

Agenda Overview
  • Minutes
  • FHIR Security
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • HL7 Privacy and Security Information Model PSS
  • Infrastructure SD
  • Share with Protections White Paper Project
  • CARIN Blue Button Report Out
  • HL7 Policy Advisory Committee (PAC)
  • Chat notes

 Minutes Approval

Approve Meeting Minutes: 

2020-07-21 Security WG Agenda/Minutes

Motion to Approve  7/21/2020 WG call

Moved/Second: Beth / Suzanne

Vote - Approve/Abstain/Oppose :   6-0-1

FHIR Security

2020-07-27 FHIR-Security Meeting - Discussed the addition of timestamp to the FHIR DS4P IG Structure definition for the extension-sec-label-classifier extension and support for a Security Labeling Service Contributor Type for tracking system timestamps.

FHIR DS4P IG - discussed various topics:

  • Adding a timestamp to the contributor extension so that it is clear WHEN the tag was added
  • Using that timestamp to indicate when the SLS last updated the tags
    • Recognizing that the SLS would only apply some tags, so this would be only on them
    • Recognizing that the SLS would then be indicated as a type of contributor
  • still not clear why Provenance couldn't be used
  • Discussed how to handle sub-resource tagging or policies
    • Note that FHIR-I has accepted but not yet applied  FHIR-21284 - Define extensions to reference specific elements in the target Resolved - change required  to define how to reference elements within a target Resource. This could be used for policies beyond Consent and Provenance.

September WGM Prep

Planning is underway - See 202009 September WGM Prep

We need to decide how many sessions and time slots.

September Connectathon planning is also underway.

Instead of the usual request for meeting room space, this email is asking Co-Chairs to submit the days/times that they’ll meet based on 2-hour time slots via a Doodle Poll (  The deadline to submit this information is Friday, August 7th.

Planning on hosting a Joint session? 
Joint meetings require a bit more planning. 

First, we want to be able to communicate the focus of joint meetings, so we’d like you to add the discussion topic to your Doodle entry as explained below.  Also, if possible, schedule them at 10am or 4pm ET.

The HOSTING Work Group Co-Chair(s) own the task of requesting the time in the Doodle poll.  Hence, the Co-Chairs of the HOST Work Group should reach out to the Co-Chairs of joining Work Group(s) and determine when they’ll all meet.  Once that’s determined, the Co-Chairs of the HOST Work Group will add a separate entry into the Doodle Poll FOR EACH UNIQUE JOINT MEETING that they’ll host, indicated the Work Groups that are joining and the focus of the joint meeting.


Vocab HOSTING: FHIR-I, MnM Topic: FHIR in the V3 World


Proposed 2 hour Sessions:

Opening Session - PM for international participation

Joint with CBCP Opening Session

FHIR Security Work Session

FHIR DS4P and Cross Paradigm US Regulatory Security Labeling IGs Review Session in preparation for early January Ballot

Share with Protection Ballot Outcome and Reconciliation Session

Privacy & Security Logical Model Work Session in preparation for January Ballot

Housekeeping Session


Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

 Spreadsheet Spreadsheet


Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence


Cross-Paradigm US Regulatory Security Labeling IG

Kathleen - NARA is promoting NIEM 5.0 Beta as the national healthcare standard for conveying CUI

CUI Metadata standard available for review

July 2, 2020July 2, 2020, posted in General updates, Marking & examples, News

The CUI Executive Agent has been working with the CUI Advisory Council and the National Information Exchange Model (NIEM) to develop a metadata standard for CUI categories and limited dissemination controls.  NIEM is a common vocabulary that enables efficient information exchange across diverse public and private organizations.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material: 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

TSC approved 2020-07-20 TSC Agenda/Minutes

Cross Paradigm US Regulatory Security Labeling IG Out-of-cycle ballot request and FHIR US Regulatory Security Labeling IG Out-of-cycle ballot request

Privacy & Security  Logical Model (S&P DAM REFRESH) 

2020-07-08 Privacy and Security Model Report out - Mike Davis

Communication with Ioana - she has converted the information model into EA, but still needs some time to complete the initial stage of work—we will postpone this week's meeting to allow modeler to complete.  (Kathleen will follow up and cancel tomorrow's meeting)


Starting weekly calls 7/8 dedicated to development of the HL7 Privacy and Security Information Model

Wednesdays 1 - 2 ET

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

TSC approved PSS by e-vote last week

Infrastructure SD

Voted affirmatively on the Consent Management Service PSS

Share with Protections White Paper Project

Walk through of Share with Protections White Paper; Please note new section added toward the end of the document. 

 NIB approved and submitted.   Document submitted post updates to misspells on figures.

Note: error in ballot listing was 'sharing with protections' but has now been corrected to read 'share with protections'

Motion to Approve SwP submission for Sept Ballot

2020-06-23 Minutes


Submitted for Ballot

CARIN Blue Button Report Out

Nothing to report.

Security is a cosponsor of CARIN Blue Button IG. Calls Monday Mar 2, 2020 - 02:30 PM (Eastern Time, GMT -05) or Dial: 1 646 876 9923 // Meeting ID: 461 256 971

HL7 Policy Advisory Committee (PAC)

7/20 Meeting - Call for WG input to the ANSI AI Survey, which includes privacy, security, integrity and provenance/lifecycle questions.

ANSI Opens Survey: Standardization Empowering AI-enabled Systems in Health Care

The American National Standards Institute (ANSI) has released a survey on standardization empowering artificial intelligence (AI)-enabled systems in health care. ANSI seeks feedback from interested stakeholders on related standardization issues, solutions, efforts, and the role of standardization in the governance and regulation. Survey responses are requested by July 31, 2020 , and the ...

Notes from CHAT

Requesting review provide comment / recommend participants review the information (links below)

High Water Mark on Bundle -

Consent -

Scopes for data access -


Fine-grained Security Policies

Consent Provisions

 OCR ruling related to Cost for Right of Access

Grahame Provenance agent.type vs agent.role value sets and element semantics

Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1230 Arizona time

Meeting recording: 



@Adam Wong adam.wong@hhs.govHHS
HL7 Austria
Amol Vyas amol.vyas@cambiahealth.comCambia Health
Wave One
Celine Lefebvre AMA
Clara Y. Ren Electronic Health Records Modernization (FEHRM) Office

Chris Shawn, Co-Chair


Dave SilverElectrosoft
 Ready Computing
 @David Staggs drs@securityrs.comSRS 
Debra Simmons debrasimmons@

Heather McComas AMA 
Jeff Helman
Jerry Goodnough
Jim KamperAltarum
Federal Electronic Health Records Modernization (FEHRM) Office

John Davis (Mike)


John Moehrke Co-Chair

Julie Chan jchan@cwglobalconsult.comCWGlobal

Kathleen Connor  Co-Chair

VA (Book Zurman)
Laura Bright
Laura Hoffman laura.hoffman@ama-assn.orgAMA
Lloyd McKenzie
Lorraine Constable
EMR Direct
Matthew Reid matt.reid@ama-assn.orgAMA
VA (Book Zurman)
Patient Centric Solutions
 PJM Consulting
Trustworthy EHR 

@Ricky Sahu,  

1up Health

Robert Dieterle

Russ Ott rott@deloitte.comDeloitte
Saul Kravitz saul@mitre.orgMITRE


Stephen MacVicar smacvicar@mitre.orgMITRE
VA (Book Zurman)

Tom Hicke
Flinders University
Vicki Giatzikis vig9034@nyp.orgNYP
  • No labels