Skip to end of metadata
Go to start of metadata

Chair: @Christopher Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download 

https://zoom.us/j/6754075337

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet

ATTENDEES - PLEASE TYPE YOUR NAME IN THE CHAT OR  IF YOU ARE ON THE CONFLUENCE SITE, PLEASE SCROLL DOWN TO THE BOTTOM AND CHECK YOURSELF IN TO BE COUNTED FOR ATTENDANCE - THANK YOU!

Agenda Topics

Agenda Overview

  • Minutes
  • FHIR Security
  • Harmonization
  • Conformance call - policy compliance 2020-10-20 Conformance Call
  • Privacy and Security Logical Model call
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Share with Protections White Paper Project
  • Fine Grain Access Control - cosponsorship
  • HL7 Policy Advisory Committee (PAC)
  • Infrastructure SD
  • Ballot Management
  • Chat notes

 Minutes Approval

Approve Meeting Minutes: 2020-10-20 Security WG Agenda/Minutes



Motion to Approve Meeting minutes as written

Moved/Second: Beth/Suzanne

Vote - Approve/Abstain/Oppose : 7/0/0 approved by consensus


FHIR Security

Report out on

2020-10-26 FHIR-Security Meeting Agenda


Harmonization

Additional Codes For Security Label Vocabulary approved 10/26 have been uploaded into UTG

https://jira.hl7.org/browse/UP-129

https://jira.hl7.org/browse/UP-128

https://jira.hl7.org/browse/UP-127

https://jira.hl7.org/browse/UP-121

Security WG members who want to vote on these UTG proposals need to sign up to vote.  See: Vocabulary Maintenance at HL7

UTG Consensus Review

Anyone wishing to participate in the Consensus Review of proposals in flight is welcome to participate. No tooling is required to participate - if you want to be a reviewer/voter on vocabulary change proposals and you are not one already, click this link below: 

Request Reviewer Permissions

Documentation and Education Materials 

Discussion: Note this will still need to go through the UTG process for approval; amendment; change from may be to will be. (UTG: Unified Terminology Governance); terminology.hl7.org 

Recommend that we all review

Unified Terminology Governance Project (UTG) Page

Curator Processing of Proposals

UTG Tooling and Proposal Documentation

Implementation of Consensus Review Voting

Jeff Helman offered to present a walk-through on UTG.

Privacy & Security  Logical (information) Model

Review and approve P&S Logical Model draft NIB due November 1.

Please review and send Mike comments on V3 Logical Model Draft 1

Meeting scheduled for document and model review

2020-08-26 Privacy and Security Logical Information Model - Mike

(NIB needs to completed before early November)—Motion made to approve NIB (Kathleen / Beth) Abstain 0, Object 0, Approved: 8

Next call tomorrow!  2020-10-21

2020-09-02 Privacy and Security Logical Information Model

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Jan Ballot NIB due Nov. 1

Mike's update on current draft Logical Model text for deep dive on Wednesday call - 2020-10-21 Privacy and Security Logical Information Model



DPROV CDA IG

CBCP WG sponsored the DPROV CDA IG, which expired as a DSTU 2 years ago. Security WG cosponsored it.  It is referenced by the Security WG sponsored Basic Provenance IG.  Provenance is in the USCDI.  CBCP Cochairs have expressed an interest in retiring it, although it is still active in the Standards Grid.  Security WG could request that sponsorship moves to Security with the notion of balloting it as normative in due course.

Kathleen feels this project is still useful–it does require a few bits of clean-up.
http://www.hl7.org/implement/standards/product_brief.cfm?product_id=420

Recommendation: Review standard and decide whether or not to allow it to remain expired or for Security to take over 


SOA Consent Management Service

This project is co-sponsored by Security and CBCP. 

Consent Management Service PSS

The project's model has progressed and is impressive.

See Consent Management Service Project

However, some of the underlying analysis of policy and consent differ to some extent with Security foundational standards. See PolicyVsConsent.docx

MIke reviewed and commented - see attached.

SOA invites Security to join 7 pm ET call Nov 5

Join Zoom Meeting
https://hl7-org.zoom.us/j/93128162118?pwd=dnZlSzNVOThpeWdpb2hWOHFMU29aQT09

Phone Number: +1 770-657-9270
Participant Passcode: 071582

FHIR DS4P IG

Moving comments from spreadsheet into JIRA Tickets - View comments at this link.

Previously approved NIB

Postponed early January ballot until regular January ballot cycle.

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Carmela A. Couderc block - continue review

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip


 Spreadsheet Spreadsheet Spreadsheet

 Spreadsheet

Upcoming deadlines:

  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence

(https://confluence.hl7.org/display/FHIR/B+-+Content+Development+and+Submission)




Cross-Paradigm US Regulatory Security Labeling IG

Postponed early January ballot until regular January ballot cycle.

Previously approved NIB already submitted.

JIRA tickets filed for acceptance of new UTG values/data; motion next week when we bring information forward on the value sets.

New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material:https://github.com/HL7/us-security-label-regs 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG


Share with Protections White Paper Project

Report out on 10/14 reconciliation work. Reconciliation will resume after ballot materials are complete for DS4P.

Started Ballot Reconciliation at WGM.

Spreadsheet

Document


Infrastructure SD

Ballot Management

Security Ballot Management Nov 1 - NIB Deadline - Privacy and Security Logical Model - in process

Normative ANSI Standards approaching expiration

https://confluence.hl7.org/display/HL7/ANSI+Standards+approaching+expiration

HL7 Version 3 Standard: Healthcare (Security and Privacy) Access Control Catalog, Release 3


ONC

USCDI Security Labeling proposal


ONC FAST
Last meeting report out.
OCR News

HL7 Policy Advisory Committee (PAC)


Draft Consumer Privacy Framework for Health Data

August 26, 2020 – The eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) released A Draft Consumer Privacy Framework for Health Data. The Framework includes a description of the health data that warrant protection, as well as the standards and rules that should govern them. The Framework also includes a self-regulatory model that would hold companies accountable to these standards and rules. The work is the first output of a collaborative effort addressing gaps in legal protections for consumer health data outside of the Health Insurance Portability and Accountability Act’s (HIPAA) coverage. The collaboration was funded through a grant by the Robert Wood Johnson Foundation.

The public is invited to review the draft framework and offer constructive feedback by Friday, September 25, 2020 in the form below. 


Notes from CHAT
Useful Links

Confluence and JIRA Tutorials

https://confluence.hl7.org/display/HDH#c4472ec9-1ffa-4734-835d-ea12286e013e-31686915


Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1300 Arizona time

Meeting recording: 

<link>


Attendees

  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
ONC
  •  
HL7 Austria
  •  
Kaiser
  •  
Amol Vyas amol.vyas@cambiahealth.comCambia Health
  •  
Wave One
  •  
Aegis
  •  
Celine Lefebvre Celine.Lefebvre@ama-assn.org AMA
  •  
Clara Y. Ren clara.y.ren.ctr@mail.milFederal Electronic Health Records Modernization (FEHRM) Office
  •  

Chris Shawn, Co-Chair

VA
  •  

Craig.Newman@altarum.org

  •  
Dave SilverElectrosoft
  •  
 Ready Computing
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
Sequoia
  •  

  •  
@Heather McComas heather.mccomas@ama-assn.org AMA 
  •  
EPIC
  •  
AEGIS for SSA
  •  

  •  
Jim KamperAltarum
  •  
Federal Electronic Health Records Modernization (FEHRM) Office
  •  
SRS
  •  

John Davis (Mike)

VA
  •  

John Moehrke Co-Chair

By-Light
  •  
Aegis
  •  
Julie Chan jchan@cwglobalconsult.comCWGlobal
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
Laura Bright laurabright4@gmail.com
  •  
Laura Hoffman laura.hoffman@ama-assn.orgAMA
  •  

  •  

  •  
EMR Direct
  •  

  •  
Sequoia
  •  
Matthew Reid matt.reid@ama-assn.orgAMA
  •  
VA (Book Zurman)
  •  
Patient Centric Solutions
  •  
 PJM Consulting
  •  
Phillips
  •  
Trustworthy EHR 
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  
Enablecare
  •  
Deloitte
  •  
Saul Kravitz saul@mitre.orgMITRE
  •  
Scott Fradkinsfradkin@flexion.us
  •  

Jopari

  •  
Serafina Versaggi
  •  
Stephen MacVicar smacvicar@mitre.orgMITRE
  •  
VA (Book Zurman)
  •  
 AMA
  •  

  •  
Tom Hicke
  •  
Flinders University
  •  
Vicki Giatzikis vig9034@nyp.orgNYP




  • No labels