Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download 

https://zoom.us/j/6754075337

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet

ATTENDEES - PLEASE TYPE YOUR NAME IN THE CHAT OR  IF YOU ARE ON THE CONFLUENCE SITE, PLEASE SCROLL DOWN TO THE BOTTOM AND CHECK YOURSELF IN TO BE COUNTED FOR ATTENDANCE - THANK YOU!

Agenda Topics

Agenda Overview
  • Minutes
  • FHIR Security
  • Privacy and Security Logical Model call
  • Security WGM Prep
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Infrastructure SD
  • Share with Protections White Paper Project
  • CARIN Blue Button Report Out
  • HL7 Policy Advisory Committee (PAC)
  • Chat notes

 Minutes Approval

Approve Meeting Minutes: 2020-08-04 Security WG call minutes

2020-08-11 call canceled for the ONC Tech Forum

Motion to Approve Meeting minutes as written

Moved/Second:  Suzanne/Mike

Vote - Approve/Abstain/Oppose :   5 - 0 -0

FHIR Security
2020-08-17 FHIR Security call

Updates on FHIR Ballot


Privacy & Security  Logical (information) Model

2020-08-12 Privacy and Security Logical Model - Mike

  • Ioana presented at last week meeting, showing updates to models
  • Text did not fare well, but is being updated in Enterprise Architecture (EA)
  • Five sections
    • section 1 - cleaned up (figures numbered, format/text, etc.)
    • cited standards have been updated to include date model is being is using)
  • Mike would like to view content (continuing calls) before the WG meeting, 
  • Mike would like to propose using the name: "Privacy and Security Logical Information Model"

---

Bernd Blobel presented on 2020-08-05 Privacy and Security Logical Model call.

Calls are on Wednesdays 1 - 2 ET http://www.hl7.org/concalls/CallDetails.aspx?concall=50666

https://zoom.us/j/6754075337

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Mike's update:

The document has been more clearly marked into its 5 sections, Information Analysis, Security Use Case Analysis, Privacy Use Case Analysis, Security and Privacy Vocabulary Analysis, Examples:  Policies and Consent Directives.

Section I accounts for about 1/3 of the Logical Model.  It has been cleaned up and edited into a readable draft.  Duplicative sections have been consolidated.  Logical Model is defined.  Cited standards have been updated to the most current versions.  Styles have been applied to make editing and reading easier while we are updating.  Figures have been re-numbered and links will be applied using MS word References to permit easy moving/editing without requiring manual revision of links.

On Weds, we will do a walk-through.  The current headers are for organizational purposes and may change as other sections are incorporated.

Kathleen cancelled all interim calls based on decision on last call.  Are these to be reinstated?

Kathleen to reinstate calls through 9/15.


September WGM Prep

Planning is underway - See 2020-09 September Virtual Security WGM

JohnM will not be attending so deleted FHIR Security Session.

AlexM will make sessions as he is available 

  • International report out - Tuesday 9/22 4PM ET - International Security Topics (Alex will chair)

Still no confirmation from other cochairs about attendance.

Interim WG Health - See Infrastructure

Kathleen to add LHS WG on CBCP Joint 9/22 10AM ET

202009 September Virtual Security WGM


FHIR DS4P IG

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip


 Spreadsheet Spreadsheet

 Spreadsheet

Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence

(https://confluence.hl7.org/display/FHIR/B+-+Content+Development+and+Submission)




Cross-Paradigm US Regulatory Security Labeling IG

CUI Program Blog (https://isoo.blogs.archives.gov) NARA is promoting NIEM 5.0 Beta https://niem.github.io/niem-releases/ as the national healthcare standard for conveying CUI https://isoo.blogs.archives.gov/2020/07/02/cui-metadata/

CUI Metadata standard available for review

July 2, 2020July 2, 2020, posted in General updates, Marking & examples, News

The CUI Executive Agent has been working with the CUI Advisory Council and the National Information Exchange Model (NIEM) to develop a metadata standard for CUI categories and limited dissemination controls.  NIEM is a common vocabulary that enables efficient information exchange across diverse public and private organizations.

PDF PDF PDFog:

·        Draft SP 800-172 (formerly Draft NIST SP 800-171B) is out for Public Comment

·        CUI Metadata standard available for review

·        CUI Marking Class (Webex)

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material:https://github.com/HL7/us-security-label-regs 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

CUI Q4 Stakeholders Update!

CUI Q4 Stakeholders Update! Wednesday@1:00(ET)


August 17, 2020, posted in Events & reviews, General updates, Uncategorized

The conference is from 1:00 – 3:00 PM Eastern Time on August 19, 2020.
Step 1: Dial into the conference.
Dial-in: 888-251-2949 or 215-861-0694
Access Code: 2563977#
Step 2: Join the conference on your computer.
Entry Link: https://ems8.intellor.com/login/830824

Topics include:

  • CUI and Metadata (update)
  • CUI Federal Acquisition Regulation case (update)
  • Recent CUI Notices
  • An overview of some frequently asked questions
  • Live Question and Answer period

https://isoo.blogs.archives.gov/2020/08/17/cui-q4-stakeholders-update-wednesday100et/

Infrastructure SD

PSS for the January 2021 Reaffirmation Ballot of CTS2 - vote underway starting 8/13

The slide deck and the recording of the August Co-Chair Update Meeting

High expectations for WG cochair involvement and for members to generally be familiar with

  • Essential Requirements
  • GOM
  • JIRA for Standards Development and progression, Change Requests, Balloting
  • UTG - actively developing and refining HL7 terminology and participating in review/approval processes - this is no long a single vocab facilitator role.  WG health metrics on level of WG member participation
  • Governance Process Participation

Melva, Dave, and Anne will be monitoring WG meeting minutes for indications that we are actually involved in governance and using the tooling.

https://www.pathlms.com/hl7/courses/22889/slide_presentations/170895

Slide 23

File Storage S3 Connectors are added to Work Group and

Governance Group Confluence spaces – “S3 Storage”

- Will show up in your space over the next week

Easy to use
- Can create folders and sub-folders
- Encourage you to decide on a structure before you get started
▪ How to Documents
- https://confluence.hl7.org/display/HDH/How+to+use+S3+file+storage
▪ Default Permissions
- mirrors Confluence permissions
➢ View, Create, Rename, Delete – Co-chairs
➢ View, Create – Jira Users
➢ View – Anonymous
▪ Have questions?
- Contact webmaster@hl7.org
- FAQs will be added as questions come up

Security WG File Storage - S3 Connector

Other SD

Patient Corrections FHIR Implementation Guide Project

Virginia Lorenzi - Interested Parties and Co-Sponsors: These should be other work groups.  I think we should encourage cosponsors and interested parties.  I think Patient Care and Patient Administration would be good examples here.  Also, perhaps Emergency Care would like to be an interested party.  And perhaps CBCP or Security have an angle.

Project Scope currently says: Now that patients are able to retrieve their records via the FHIR API, there will be more focus on incorrect/missing data in the EHR. HIPAA gives the right to a patient to request amendments to their chart. The old way is via a paper request. We would like to provide a new electronic way using FHIR.


Share with Protections White Paper Project

Please sign up to vote on the Share with Protections White Paper

Motion to Approve SwP submission for Sept Ballot

2020-06-23 Minute

Submitted for Ballot

ONC News

Looking for input - will discuss during WGM 9/24 at 2 PM ET

ONC is now accepting submissions for the next version of the United States Core for Data Interoperability (USCDI) through the new ONC New Data Element and Class (ONDEC) submission system. The USCDI is a standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange. The next version of the USCDI will be drafted and finalized based on your data element submissions to the ONDEC system.

Read the Blog →

Submit Comments →


CARIN Blue Button Report Out

Nothing to report.

Security is a cosponsor of CARIN Blue Button IG. Calls http://www.hl7.org/concalls/CallDetails.aspx?concall=48592 Monday Mar 2, 2020 - 02:30 PM (Eastern Time, GMT -05) https://leavittpartners.zoom.us/j/461256971 or Dial: 1 646 876 9923 // Meeting ID: 461 256 971


HL7 Policy Advisory Committee (PAC)


USCDI Survey (see ONC news above) - need input from Security WG.  Will be on Security WGM agenda

Good article on health app policy issues:

Be Aware Before You Share: Vetting Third Party Apps Prior to Data Transfer

By Alaap Shah & Karen Mandelbaum on August 12, 2020

As the third-party application space continues to expand and data sharing becomes more prevalent, it is critical that such data sharing is done in a responsible manner and in accordance with applicable privacy and security standards. Yet, complying with applicable standards requires striking the right balance between rules promoting interoperability vis-à-vis prohibiting information blocking vs. ensuring patient privacy is protected. This is especially difficult when data is sent to third party applications that remain largely unregulated from a privacy and security perspective.


Notes from CHAT
Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1601 Arizona time

Meeting recording: 

<link>

Attendees

  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
ONC
  •  
HL7 Austria
  •  
Kaiser
  •  
Amol Vyas amol.vyas@cambiahealth.comCambia Health
  •  
Wave One
  •  
Aegis
  •  
Celine Lefebvre Celine.Lefebvre@ama-assn.org AMA
  •  
Clara Y. Ren clara.y.ren.ctr@mail.milFederal Electronic Health Records Modernization (FEHRM) Office
  •  

Chris Shawn, Co-Chair

VA
  •  

Craig.Newman@altarum.org

  •  
Dave SilverElectrosoft
  •  
 Ready Computing
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
Debra Simmons debrasimmons@
  •  
Sequoia
  •  

  •  
Heather McComas heather.mccomas@ama-assn.org AMA 
  •  
EPIC
  •  
Jeff HelmanAEGIS for SSA
  •  
Jerry Goodnough
  •  
Jim KamperAltarum
  •  
Federal Electronic Health Records Modernization (FEHRM) Office
  •  
SRS
  •  

John Davis (Mike)

VA
  •  

John Moehrke Co-Chair

By-Light
  •  
Aegis
  •  
Julie Chan jchan@cwglobalconsult.comCWGlobal
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
Laura Bright laurabright4@gmail.com
  •  
Laura Hoffman laura.hoffman@ama-assn.orgAMA
  •  
Lloyd McKenzie
  •  
Lorraine Constable
  •  
EMR Direct
  •  
Sequoia
  •  
Matthew Reid matt.reid@ama-assn.orgAMA
  •  
VA (Book Zurman)
  •  
Patient Centric Solutions
  •  
 PJM Consulting
  •  
Phillips
  •  
Trustworthy EHR 
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  

Robert Dieterle rdieterle@enablecare.us

Enablecare
  •  
Russ Ott rott@deloitte.comDeloitte
  •  
Saul Kravitz saul@mitre.orgMITRE
  •  
Scott Fradkinsfradkin@flexion.us
  •  

Jopari

  •  
Serafina Versaggi
  •  
Stephen MacVicar smacvicar@mitre.orgMITRE
  •  
VA (Book Zurman)
  •  
 AMA
  •  

  •  
Tom Hicke
  •  
Flinders University
  •  
Vicki Giatzikis vig9034@nyp.orgNYP







  • No labels