Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download 

https://us02web.zoom.us/j/89559883576?pwd=ckd0N2V1L1FybXhhbHhVdElQekg2QT09

Meeting ID: 895 5988 3576

Passcode: 258923

Find your local number: https://zoom.us/u/abruqg5or

 One tap mobile

+12532158782,,89559883576# US (Tacoma)

+13462487799,,89559883576# US (Houston)

Zoom Tip Sheet

ATTENDEES - PLEASE TYPE YOUR NAME IN THE CHAT OR  IF YOU ARE ON THE CONFLUENCE SITE, PLEASE SCROLL DOWN TO THE BOTTOM AND CHECK YOURSELF IN TO BE COUNTED FOR ATTENDANCE - THANK YOU!

Agenda Topics

Agenda Overview

  • New Zoom link with embedded password to bypass waiting room
  • Minutes
  • FHIR Security
  • Privacy and Security Logical Model call
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Share with Protections White Paper Project
  • HL7 Policy Advisory Committee (PAC)
  • Infrastructure SD
  • Ballot Management
  • Chat notes

 Minutes Approval

Approve Meeting Minutes:

2020-10-06 Security WG Agenda/Minutes


Motion to Approve Meeting minutes as written

Moved/Second: Suzanne/Beth

Vote - Approve 8/Abstain 2 /Oppose 0

John and Beth abstained.

FHIR Security

Report out on 2020-10-05 FHIR-Security Meeting Agenda


John stated that the Argonaut Fine Grain Access updates to SMART project would be approaching Security WG to be a cosponsor.

Privacy & Security  Logical (information) Model

2020-08-26 Privacy and Security Logical Information Model - Mike

(NIB needs to completed before early November)

Next call tomorrow!  2020-10-7

2020-09-02 Privacy and Security Logical Information Model

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Jan Ballot NIB due Nov. 1

Mike's update:  Working on the text, and will cover changes during Wed. Privacy and Security Logical Model call.




FHIR DS4P IG

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Carmela A. Couderc block - continue review

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip


 Spreadsheet Spreadsheet Spreadsheet

 Spreadsheet

Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence

(https://confluence.hl7.org/display/FHIR/B+-+Content+Development+and+Submission)

Postponing to regular January Ballot.



Cross-Paradigm US Regulatory Security Labeling IG

New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material:https://github.com/HL7/us-security-label-regs 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

Postponing to regular January Ballot.

VOTE: Additional Codes for Security Label Vocabulary

Additional Codes For Security Label Vocabulary

Amendments: Delete the Security Law codes, and add US as a suffix to the Research consent type codes.

MOTION to move forward with additional codes for Security Label Vocabulary; with amendments as noted

VOTE: 0 abstain; 0 against; pass by consensus 10


Kathleen walked through the proposed codes.  John, Mike, and Chris raised concerns about including Security Law codes, so Kathleen will remove those from the proposal. 

Amendments: Delete the Security Law codes, and add US as a suffix to the Research consent type codes.

Kathleen - MOTION to move forward with additional codes for Security Label Vocabulary; with amendments as noted.  Mike Davis seconded.

VOTE: 0 abstain; 0 against; pass by consensus 10

Mohammad will upload approved codes into UTG.

Share with Protections White Paper Project

Started Ballot Reconciliation at WGM.

Spreadsheet

Document

Will continue during second half of the Wednesday Privacy and Security Logical Model calls.

Infrastructure SD

Ballot Management

Security Ballot Management Nov 1 - NIB Deadline - Privacy and Security Logical Model

Normative ANSI Standards approaching expiration

https://confluence.hl7.org/display/HL7/ANSI+Standards+approaching+expiration

HL7 Version 3 Standard: Healthcare (Security and Privacy) Access Control Catalog, Release 3

Need to review/validate Security Standards Grid


ONC



ONC FAST


OCR News

HL7 Policy Advisory Committee (PAC)


Draft Consumer Privacy Framework for Health Data

August 26, 2020 – The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) released A Draft Consumer Privacy Framework for Health Data. The Framework includes a description of the health data that warrant protection, as well as the standards and rules that should govern them. The Framework also includes a self-regulatory model that would hold companies accountable to these standards and rules. The work is the first output of a collaborative effort addressing gaps in legal protections for consumer health data outside of the Health Insurance Portability and Accountability Act’s (HIPAA) coverage. The collaboration was funded through a grant by the Robert Wood Johnson Foundation.

The public is invited to review the draft framework and offer constructive feedback by Friday, September 25, 2020 in the form below. 

Download Webinar Slides (PDF)

Draft Consumer Policy Framework (PDF)

Video (Link)

PDF

HL7 FHIR Consent and Security Labeling would be useful for implementing this framework.  Submitted to PAC for consideration.

CARIN Code of Conduct 2020 - Another Consumer Privacy Protection Framework




Notes from CHAT
Useful Links

Confluence and JIRA Tutorials

https://confluence.hl7.org/display/HDH#c4472ec9-1ffa-4734-835d-ea12286e013e-31686915


Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1303 Arizona time

Meeting recording: 

<link>

Attendees 

  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
ONC
  •  
HL7 Austria
  •  
Kaiser
  •  
Amol Vyas amol.vyas@cambiahealth.comCambia Health
  •  
Wave One
  •  
Aegis
  •  
Celine Lefebvre Celine.Lefebvre@ama-assn.org AMA
  •  
Clara Y. Ren clara.y.ren.ctr@mail.milFederal Electronic Health Records Modernization (FEHRM) Office
  •  

Chris Shawn, Co-Chair

VA
  •  

Craig.Newman@altarum.org

  •  
Dave SilverElectrosoft
  •  
 Ready Computing
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
Sequoia
  •  

  •  
Greg White
  •  
@Heather McComas heather.mccomas@ama-assn.org AMA 
  •  
EPIC
  •  
AEGIS for SSA
  •  

  •  
Jim KamperAltarum
  •  
Federal Electronic Health Records Modernization (FEHRM) Office
  •  
SRS
  •  

John Davis (Mike)

VA
  •  

John Moehrke Co-Chair

By-Light
  •  
Aegis
  •  
Julie Chan jchan@cwglobalconsult.comCWGlobal
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
Laura Bright laurabright4@gmail.com
  •  
Laura Hoffman laura.hoffman@ama-assn.orgAMA
  •  

  •  

  •  
EMR Direct
  •  

  •  
Sequoia
  •  
Matthew Reid matt.reid@ama-assn.orgAMA
  •  
VA (Book Zurman)
  •  
Patient Centric Solutions
  •  
 PJM Consulting
  •  
Phillips
  •  
Trustworthy EHR 
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  
Enablecare
  •  
Deloitte
  •  
Saul Kravitz saul@mitre.orgMITRE
  •  
Scott Fradkinsfradkin@flexion.us
  •  

Jopari

  •  
Serafina Versaggi
  •  
Stephen MacVicar smacvicar@mitre.orgMITRE
  •  
VA (Book Zurman)
  •  
 AHA
  •  

  •  
Tom Hicke
  •  
Flinders University
  •  
Vicki Giatzikis vig9034@nyp.orgNYP
  • No labels