Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet


Agenda Topics

Agenda Overview

  • Minutes
  • FHIR Security
  • Harmonization
  • Conformance call - policy compliance 2020-10-20 Conformance Call
  • Privacy and Security Logical Model call
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Share with Protections White Paper Project
  • Fine Grain Access Control - cosponsorship
  • HL7 Policy Advisory Committee (PAC)
  • Infrastructure SD
  • Ballot Management
  • Chat notes

 Minutes Approval

Approve Meeting Minutes:

2020-10-13 Security WG Agenda/Minutes

Motion to Approve Meeting minutes as written

Moved/Second: Suzanne / Beth

Vote - Approve/Abstain/Oppose :  4-0-0 approved by consensus

FHIR Security

Report out on 2020-10-19 FHIR-Security Call


Additional Codes For Security Label Vocabulary  To address the use case discussed in FHIR Security, proposing a new sensitivity code "IDS" (identifier information sensitivity).  If approved this will go into the UTG.

Definition: Policy for handling information related to an identifier of an information subject, which may be afforded heightened confidentiality.

Usage Note: Such policies may govern the sensitivity of information related to an identifier of an act, such as the identifier of a contract; a role, such as a citizen, a patient, a practitioner, or an organization; or an entity such as a medical device due to potential impact on the privacy, well-being, safety or integrity of an information subject. For example, protection against identity fraud or counterfeit.

Discussion: Note this will still need to go through the UTG process for approval; amendment; change from may be to will be. (UTG: Unified Terminology Governance); 

Motion to Approve (moved/second): Suzanne / Beth

Vote - Approve/Abstain/Oppose : 4-0-0

Privacy & Security  Logical (information) Model

NIB due November 1 / Next call tomorrow 2020-10-21!

  • Review and comments are encouraged and appreciated!

Meeting scheduled for document and model review

2020-08-26 Privacy and Security Logical Information Model - Mike

(NIB needs to completed before early November)

Next call tomorrow!  2020-10-21

2020-09-02 Privacy and Security Logical Information Model

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Jan Ballot NIB due Nov. 1

Mike's update on current draft Logical Model text for deep dive on Wednesday call - 2020-10-21 Privacy and Security Logical Information Model

Please review and send him comments.

V3 Logical Model Draft 10


Moving comments from spreadsheet into JIRA (60-70% completed.  // small scare from Melva, JohnM - using wrong filters

Postponed early January ballot until regular January ballot cycle.

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Carmela A. Couderc block - continue review

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

 Spreadsheet Spreadsheet Spreadsheet


Upcoming deadlines:

  • NIB Deadline for submission - ???, 2020
  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence


Cross-Paradigm US Regulatory Security Labeling IG

Postponed early January ballot until regular January ballot cycle.

JIRA tickets filed for acceptance of new UTG values/data; motion next week when we bring information forward on the value sets.

New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material: 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

Share with Protections White Paper Project

Report out on 10/14 reconciliation work. Reconcilation will resume after ballot materials are complete for DS4P.

Started Ballot Reconciliation at WGM.



Infrastructure SD

Ballot Management

Security Ballot Management Nov 1 - NIB Deadline - Privacy and Security Logical Model

Normative ANSI Standards approaching expiration

HL7 Version 3 Standard: Healthcare (Security and Privacy) Access Control Catalog, Release 3


Advancing Interoperability: Social Determinants of Health Workshop

Monday, September 21, 2020; 10:00 AM – 03:00 PM

Location: Zoom

Registration and More

The Office of the National Coordinator for Health Information Technology (ONC) is hosting the Advancing Interoperability: Social Determinants of Health Workshop, a one day virtual workshop on Monday, September 21, 2020. As part of ONC’s collaborative approach for Social Determinants of Health (SDOH), the objective of this workshop is to gather health care and human services providers from various professional societies to understand their approaches to integrating SDOH data into value-base care and to discuss tools to accomplish these goals and the challenges to reaching them. This workshop will also provide stakeholders information and tools needed for the development of the social determinants of health data management in clinical practice guidelines and maintenance of certification activities.

In the fall of 2019, four new Interoperability Needs were added to Section I: Social, Psychological, and Behavioral Data representing drug use, food insecurity, housing insecurity, and transportation insecurity of the Interoperability Standards Advisory (ISA). Many of the standards or specifications are at production for the implementation maturity level and are still requesting feedback. Incorporating social determinants of health such as those included in the ISA in health care models is of increased interest when it comes to value-based payments. More payers are developing novel ways to address SDOH issues, however providers still struggle with the collection of SDOH data and how to use and share the data in an interoperable and beneficial way that is not burdensome. This workshop will provide attendees the opportunity to share any advancements in standards that are being used which may or may not include standards included in the ISA.

View Slides [PDF - 9.6 MB]

workshop recording

Agenda – Download PD

Speaker Biographies – Download PDF Document

Kathleen - special emphasis on tagging of sensitive SDoH information, which can be used for unethical blacklining and discrimination.

OCR News

HL7 Policy Advisory Committee (PAC)

Draft Consumer Privacy Framework for Health Data

August 26, 2020 – The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) released A Draft Consumer Privacy Framework for Health Data. The Framework includes a description of the health data that warrant protection, as well as the standards and rules that should govern them. The Framework also includes a self-regulatory model that would hold companies accountable to these standards and rules. The work is the first output of a collaborative effort addressing gaps in legal protections for consumer health data outside of the Health Insurance Portability and Accountability Act’s (HIPAA) coverage. The collaboration was funded through a grant by the Robert Wood Johnson Foundation.

The public is invited to review the draft framework and offer constructive feedback by Friday, September 25, 2020 in the form below. 

Download Webinar Slides (PDF)

Draft Consumer Policy Framework (PDF)

Video (Link)


HL7 FHIR Consent and Security Labeling would be useful for implementing this framework.  Submitted to PAC for consideration.

CARIN Code of Conduct 2020 - Another Consumer Privacy Protection Framework

Notes from CHAT
Useful Links

Confluence and JIRA Tutorials

Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1230 Arizona time

Meeting recording: 



@Adam Wong adam.wong@hhs.govHHS
HL7 Austria
Amol Vyas amol.vyas@cambiahealth.comCambia Health
Wave One
Celine Lefebvre AMA
Clara Y. Ren Electronic Health Records Modernization (FEHRM) Office

Chris Shawn, Co-Chair


Dave SilverElectrosoft
 Ready Computing
 @David Staggs drs@securityrs.comSRS 

@Heather McComas AMA 

Jim KamperAltarum
Federal Electronic Health Records Modernization (FEHRM) Office

John Davis (Mike)


John Moehrke Co-Chair

Julie Chan jchan@cwglobalconsult.comCWGlobal

Kathleen Connor  Co-Chair

VA (Book Zurman)
Laura Bright
Laura Hoffman laura.hoffman@ama-assn.orgAMA


EMR Direct

Matthew Reid matt.reid@ama-assn.orgAMA
VA (Book Zurman)
Patient Centric Solutions
 PJM Consulting
Trustworthy EHR 

@Ricky Sahu,  

1up Health
Saul Kravitz saul@mitre.orgMITRE


Serafina Versaggi
Stephen MacVicar smacvicar@mitre.orgMITRE
VA (Book Zurman)

Tom Hicke
Flinders University
Vicki Giatzikis vig9034@nyp.orgNYP
  • No labels