Skip to end of metadata
Go to start of metadata

Chair: @Chris Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download 

https://zoom.us/j/6754075337

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet

ATTENDEES - PLEASE TYPE YOUR NAME IN THE CHAT OR  IF YOU ARE ON THE CONFLUENCE SITE, PLEASE SCROLL DOWN TO THE BOTTOM AND CHECK YOURSELF IN TO BE COUNTED FOR ATTENDANCE - THANK YOU!

Agenda Topics

Agenda Overview
  • Minutes
  • FHIR Security
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • HL7 Privacy and Security Information Model PSS
  • Infrastructure SD
  • Share with Protections White Paper Project
  • CARIN Blue Button Report Out
  • HL7 Policy Advisory Committee (PAC)
  • Chat notes

 Minutes Approval

Approve Meeting Minutes: 

2020-07-21 Security WG Agenda/Minutes

Motion to Approve  7/21/2020 WG call

Moved/Second: Beth / Suzanne

Vote - Approve/Abstain/Oppose :   6-0-1


FHIR Security

2020-07-27 FHIR-Security Meeting - Discussed the addition of timestamp to the FHIR DS4P IG Structure definition for the extension-sec-label-classifier extension and support for a Security Labeling Service Contributor Type for tracking system timestamps.

FHIR DS4P IG - discussed various topics:

  • Adding a timestamp to the contributor extension so that it is clear WHEN the tag was added
  • Using that timestamp to indicate when the SLS last updated the tags
    • Recognizing that the SLS would only apply some tags, so this would be only on them
    • Recognizing that the SLS would then be indicated as a type of contributor
  • still not clear why Provenance couldn't be used
  • Discussed how to handle sub-resource tagging or policies
    • Note that FHIR-I has accepted but not yet applied  FHIR-21284 - Define extensions to reference specific elements in the target Resolved - change required  to define how to reference elements within a target Resource. This could be used for policies beyond Consent and Provenance.


September WGM Prep

Planning is underway - See 202009 September WGM Prep

We need to decide how many sessions and time slots.

September Connectathon planning is also underway.

Instead of the usual request for meeting room space, this email is asking Co-Chairs to submit the days/times that they’ll meet based on 2-hour time slots via a Doodle Poll (https://www.doodle.com/poll/crgmir8dzh8x7f44).  The deadline to submit this information is Friday, August 7th.

Planning on hosting a Joint session? 
Joint meetings require a bit more planning. 

First, we want to be able to communicate the focus of joint meetings, so we’d like you to add the discussion topic to your Doodle entry as explained below.  Also, if possible, schedule them at 10am or 4pm ET.

The HOSTING Work Group Co-Chair(s) own the task of requesting the time in the Doodle poll.  Hence, the Co-Chairs of the HOST Work Group should reach out to the Co-Chairs of joining Work Group(s) and determine when they’ll all meet.  Once that’s determined, the Co-Chairs of the HOST Work Group will add a separate entry into the Doodle Poll FOR EACH UNIQUE JOINT MEETING that they’ll host, indicated the Work Groups that are joining and the focus of the joint meeting.

Example:

Vocab HOSTING: FHIR-I, MnM Topic: FHIR in the V3 World

Vocab HOSTING: SD WG Topic: UTG

Proposed 2 hour Sessions:

Opening Session - PM for international participation

Joint with CBCP Opening Session

FHIR Security Work Session

FHIR DS4P and Cross Paradigm US Regulatory Security Labeling IGs Review Session in preparation for early January Ballot

Share with Protection Ballot Outcome and Reconciliation Session

Privacy & Security Logical Model Work Session in preparation for January Ballot

Housekeeping Session





FHIR DS4P IG

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip


 Spreadsheet Spreadsheet

 Spreadsheet

Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence

(https://confluence.hl7.org/display/FHIR/B+-+Content+Development+and+Submission)




Cross-Paradigm US Regulatory Security Labeling IG

Kathleen - NARA is promoting NIEM 5.0 Beta https://niem.github.io/niem-releases/ as the national healthcare standard for conveying CUI https://isoo.blogs.archives.gov/2020/07/02/cui-metadata/

CUI Metadata standard available for review

July 2, 2020July 2, 2020, posted in General updates, Marking & examples, News

The CUI Executive Agent has been working with the CUI Advisory Council and the National Information Exchange Model (NIEM) to develop a metadata standard for CUI categories and limited dissemination controls.  NIEM is a common vocabulary that enables efficient information exchange across diverse public and private organizations.


FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material:https://github.com/HL7/us-security-label-regs 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

TSC approved 2020-07-20 TSC Agenda/Minutes

Cross Paradigm US Regulatory Security Labeling IG Out-of-cycle ballot request and FHIR US Regulatory Security Labeling IG Out-of-cycle ballot request



Privacy & Security  Logical Model (S&P DAM REFRESH) 

2020-07-08 Privacy and Security Model Report out - Mike Davis

Communication with Ioana - she has converted the information model into EA, but still needs some time to complete the initial stage of work—we will postpone this week's meeting to allow modeler to complete.  (Kathleen will follow up and cancel tomorrow's meeting)

---

Starting weekly calls 7/8 dedicated to development of the HL7 Privacy and Security Information Model

Wednesdays 1 - 2 ET http://www.hl7.org/concalls/CallDetails.aspx?concall=50666

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

TSC approved PSS by e-vote last week




Infrastructure SD

Voted affirmatively on the Consent Management Service PSS


Share with Protections White Paper Project

Walk through of Share with Protections White Paper; Please note new section added toward the end of the document. 

 NIB approved and submitted.   Document submitted post updates to misspells on figures.

Note: error in ballot listing was 'sharing with protections' but has now been corrected to read 'share with protections'

Motion to Approve SwP submission for Sept Ballot

2020-06-23 Minutes

Document
Presentation

Submitted for Ballot

CARIN Blue Button Report Out

Nothing to report.

Security is a cosponsor of CARIN Blue Button IG. Calls http://www.hl7.org/concalls/CallDetails.aspx?concall=48592 Monday Mar 2, 2020 - 02:30 PM (Eastern Time, GMT -05) https://leavittpartners.zoom.us/j/461256971 or Dial: 1 646 876 9923 // Meeting ID: 461 256 971


HL7 Policy Advisory Committee (PAC)


7/20 Meeting - Call for WG input to the ANSI AI Survey, which includes privacy, security, integrity and provenance/lifecycle questions.

ANSI Opens Survey: Standardization Empowering AI-enabled Systems in Health Care

The American National Standards Institute (ANSI) has released a survey on standardization empowering artificial intelligence (AI)-enabled systems in health care. ANSI seeks feedback from interested stakeholders on related standardization issues, solutions, efforts, and the role of standardization in the governance and regulation. Survey responses are requested by July 31, 2020 , and the ...

www.ansi.org


Notes from CHAT

Requesting review provide comment / recommend participants review the information (links below)

High Water Mark on Bundle - https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Meaning.20of.20Security.20Labels.20on.20Bundles

Consent - https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Consent.20IG.3F

Scopes for data access - https://chat.fhir.org/login/#narrow/stream/179175-argonaut/topic/Scopes.20for.20data.20access

DS4P IG - https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/DS4P.20IG

Fine-grained Security Policies

Consent Provisions

 OCR ruling related to Cost for Right of Access

Grahame Provenance agent.type vs agent.role value sets and element semantics


Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1230 Arizona time

Meeting recording: 

<link>

Attendees

  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
ONC
  •  
HL7 Austria
  •  
Kaiser
  •  
Amol Vyas amol.vyas@cambiahealth.comCambia Health
  •  
Wave One
  •  
Aegis
  •  
Celine Lefebvre Celine.Lefebvre@ama-assn.org AMA
  •  
Clara Y. Ren clara.y.ren.ctr@mail.milFederal Electronic Health Records Modernization (FEHRM) Office
  •  

Chris Shawn, Co-Chair

VA
  •  

Craig.Newman@altarum.org

  •  
Dave SilverElectrosoft
  •  
 Ready Computing
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
Debra Simmons debrasimmons@
  •  
Sequoia
  •  

  •  
Heather McComas heather.mccomas@ama-assn.org AMA 
  •  
EPIC
  •  
Jeff Helman
  •  
Jerry Goodnough
  •  
Jim KamperAltarum
  •  
Federal Electronic Health Records Modernization (FEHRM) Office
  •  
SRS
  •  

John Davis (Mike)

VA
  •  

John Moehrke Co-Chair

By-Light
  •  
Aegis
  •  
Julie Chan jchan@cwglobalconsult.comCWGlobal
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
Laura Bright laurabright4@gmail.com
  •  
Laura Hoffman laura.hoffman@ama-assn.orgAMA
  •  
Lloyd McKenzie
  •  
Lorraine Constable
  •  
EMR Direct
  •  
Sequoia
  •  
Matthew Reid matt.reid@ama-assn.orgAMA
  •  
VA (Book Zurman)
  •  
Patient Centric Solutions
  •  
 PJM Consulting
  •  
Phillips
  •  
Trustworthy EHR 
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  

Robert Dieterle rdieterle@enablecare.us

Enablecare
  •  
Russ Ott rott@deloitte.comDeloitte
  •  
Saul Kravitz saul@mitre.orgMITRE
  •  
Scott Fradkinsfradkin@flexion.us
  •  

Jopari

  •  
Stephen MacVicar smacvicar@mitre.orgMITRE
  •  
VA (Book Zurman)
  •  
 AMA
  •  

  •  
Tom Hicke
  •  
Flinders University
  •  
Vicki Giatzikis vig9034@nyp.orgNYP
  • No labels