Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet


Agenda Topics

Agenda Overview

  • Minutes
  • WGM Minutes
  • FHIR Security
  • Privacy and Security Logical Model call
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Share with Protections White Paper Project
  • HL7 Policy Advisory Committee (PAC)
  • Infrastructure SD
  • Ballot Management
  • Chat notes

 Minutes Approval

Approve Meeting Minutes: 2020-09-01 Security WG Agenda/Minutes

Motion to Approve Meeting minutes as written

Moved/Second: Suzanne/

Vote - Approve/Abstain/Oppose :  approved by consensus

Minutes ApprovalApprove WGM Minutes: 202009 September Virtual Security WGM

Motion to Approve Virtual WGM minutes as written

Moved/Second: Beth / Suzanne

Vote - 6-0-0 :  No objections or Abstains.  Minutes approved

Zoom Security

Dear Valued Customer, 

At Zoom customers are our number one priority, and we always strive to bring you the best, most secure video meeting experience in the industry. 

As we have previously communicated, starting September 27th, 2020, we will be requiring that all meetings have a Passcode or Waiting Room enabled. We have designed these security measures to give you control over your meeting security options while keeping the join experience as frictionless as possible.

  • For meetings that do not have either a Passcode or Waiting Room enabled by September 27th, Zoom will enable a Waiting Room for you.
  • You can customize the Waiting Room experience so individuals within your account, or on an approved list of domains, can bypass the Waiting Room and directly join the meeting.
  • You can find meetings that are scheduled without a Passcode or Waiting Rooms by pulling the following report
  • We have also improved our Waiting Room notifications so the meeting host can now receive a visual and auditory notification that an attendee has entered the Waiting Room.

For more details, including a comprehensive FAQ document, please visit our Support page. If you have additional questions, please reach out to your Customer Success Manager or our Support Team.

Team Zoom

Discussed new zoom policy.  Security Cochairs will regenerate the meeting link with an embedded password to avoid the waiting room.
Learning Health System

Report out on LHS WG joint with CBCP to discuss new Care Team DAM, consent, care team configurations, access control and security labeling.

LHS had some questions on Access Control/Role-based access control.  Suzanne Gonzales-Webbsent information to Claude Nanjo to assist.  LHS will be completing their use cases in order to determine the touchpoints between care team to both privacy and to security and report back.

FHIR Security

Report out on 2020-10-05 FHIR-Security Meeting Agenda

Review FAST Exchange Metadata Using RESTful Headers project proposal to determine whether Security WG should sponsor, co-sponsor, or be an interested party.

Bob Dieterle discussed the PDex decision to use Provenance.entity vs an extension on to convey the type of source entity based on outcome at the Connectathon.

Reviewed by attendees - no response to whether or not the Security WG would support as a sponsor/co-sponsor or interested party.

Privacy & Security  Logical (information) Model

Modelers not available at this time.  Plan to report out using Visio models.  


2020-08-26 Privacy and Security Logical Information Model - Mike

(NIB needs to completed before early November)

Next call tomorrow!  2020-10-7

2020-09-02 Privacy and Security Logical Information Model

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Jan Ballot NIB due Nov. 1

Mike's update:  Walked through updated model overview and the integrated 10191 diagrams. 


Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Carmela A. Couderc block - continue review

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

 Spreadsheet Spreadsheet Spreadsheet


Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence


Reconciliation of EPIC comments worked on during the WGM.

Cross-Paradigm US Regulatory Security Labeling IG

New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material: 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

Kathleen discussed possible interoperability implications of CUI Notice.

Share with Protections White Paper Project

Started Ballot Reconciliation at WGM.

Infrastructure SD

Ballot Management

Security Ballot Management Nov 1 - NIB Deadline - Privacy and Security Logical Model

Normative ANSI Standards approaching expiration

HL7 Version 3 Standard: Healthcare (Security and Privacy) Access Control Catalog, Release 3



OCR News

CARIN Blue Button Report Out

HL7 Policy Advisory Committee (PAC)

Draft Consumer Privacy Framework for Health Data

August 26, 2020 – The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) released A Draft Consumer Privacy Framework for Health Data. The Framework includes a description of the health data that warrant protection, as well as the standards and rules that should govern them. The Framework also includes a self-regulatory model that would hold companies accountable to these standards and rules. The work is the first output of a collaborative effort addressing gaps in legal protections for consumer health data outside of the Health Insurance Portability and Accountability Act’s (HIPAA) coverage. The collaboration was funded through a grant by the Robert Wood Johnson Foundation.

The public is invited to review the draft framework and offer constructive feedback by Friday, September 25, 2020 in the form below. 

Download Webinar Slides (PDF)

Draft Consumer Policy Framework (PDF)

Video (Link)


HL7 FHIR Consent and Security Labeling would be useful for implementing this framework.  Submitted to PAC for consideration.

CARIN Code of Conduct 2020 - Another Consumer Privacy Protection Framework

PAC meets Wednesday to discuss HL7 comments to the Privacy Framework.

Notes from CHAT
Useful Links

Confluence and JIRA Tutorials

Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1539 Arizona time

Meeting recording: 



@Adam Wong adam.wong@hhs.govHHS
HL7 Austria
Amol Vyas amol.vyas@cambiahealth.comCambia Health
Wave One
Celine Lefebvre AMA
Clara Y. Ren Electronic Health Records Modernization (FEHRM) Office

Chris Shawn, Co-Chair


Dave SilverElectrosoft
 Ready Computing
 @David Staggs drs@securityrs.comSRS 

@Heather McComas AMA 
Jeff HelmanAEGIS for SSA

Jim KamperAltarum
Federal Electronic Health Records Modernization (FEHRM) Office

John Davis (Mike)


John Moehrke Co-Chair

Julie Chan jchan@cwglobalconsult.comCWGlobal

Kathleen Connor  Co-Chair

VA (Book Zurman)
Laura Bright
Laura Hoffman laura.hoffman@ama-assn.orgAMA


EMR Direct

Matthew Reid matt.reid@ama-assn.orgAMA
VA (Book Zurman)
Patient Centric Solutions
 PJM Consulting
Trustworthy EHR 

@Ricky Sahu,  

1up Health
Russell Ott rott@deloitte.comDeloitte
Saul Kravitz saul@mitre.orgMITRE


Serafina Versaggi
Stephen MacVicar smacvicar@mitre.orgMITRE
VA (Book Zurman)

Tom Hicke
Flinders University
Vicki Giatzikis vig9034@nyp.orgNYP

  • No labels