Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

Zoom Client Download 

https://us02web.zoom.us/j/89559883576?pwd=ckd0N2V1L1FybXhhbHhVdElQekg2QT09

Meeting ID: 895 5988 3576

Passcode: 258923

Find your local number: https://us02web.zoom.us/u/kc8xHnbexU


Zoom Tip Sheet

ATTENDEES - PLEASE TYPE YOUR NAME IN THE CHAT OR  IF YOU ARE ON THE CONFLUENCE SITE, PLEASE SCROLL DOWN TO THE BOTTOM AND CHECK YOURSELF IN TO BE COUNTED FOR ATTENDANCE - THANK YOU!

Agenda Topics

Agenda Overview

  • Minutes
  • FHIR Security
  • Harmonization - UTG Voting Process presentation by Jeff Hellman
  • Privacy and Security Logical Data Model update
  • FHIR DS4P IG - Ballot Reconciliation
  • Cross Paradigm US Security Labeling IG
  • Security Labeling 202101 Connectathon Track
  • Share with Protections White Paper Project
  • Infrastructure SD - Reaffirmation of Access Control Catalog
  • Ballot Management
  • ONC Announcements
  • Chat notes

 Minutes Approval

Approve Meeting Minutes:

2020-11-17 Security WG Agenda/Minutes



Motion to Approve Meeting minutes as written

Moved/Second: Suzanne / Jeff H

Vote - Approve/Abstain/Oppose :  (0-0-2) approved by consensus

FHIR Security

No meeting this week.


PSAF Provenance Errata

Update: Waiting on a Response from CTO.  Kathleen re-sent request last week.

Review and approve Errata Letter for CTO Consideration

QA of final ANSI publication submittal missed that Volume 3 Provenance DAM did not include the Contributor Table.

We are requesting an errata version.  May not be possible because ANSI has already approved it.

Mike's alternative: wants to claim an author name on HL7 formal letterhead (not to add as an ANSI change)

Document



Harmonization

Jeff and Kathleen added as UTG Reviewers.  We still don't know how the approval process works.

Jeff Helman to present on UTG voting process so that we can vote on proposed security labeling codes.

Additional Codes For Security Label Vocabulary approved 10/26 have been uploaded into UTG

https://jira.hl7.org/browse/UP-129

https://jira.hl7.org/browse/UP-128

https://jira.hl7.org/browse/UP-127

https://jira.hl7.org/browse/UP-121

Security WG members who want to vote on these UTG proposals need to sign up to vote.  See: Vocabulary Maintenance at HL7

UTG Consensus Review

Anyone wishing to participate in the Consensus Review of proposals in flight is welcome to participate. No tooling is required to participate - if you want to be a reviewer/voter on vocabulary change proposals and you are not one already, click this link below: 

Request Reviewer Permissions

Documentation and Education Materials 

Unified Terminology Governance Project (UTG) Page

Curator Processing of Proposals

UTG Tooling and Proposal Documentation

Implementation of Consensus Review Voting

11/10 Mohammad already rebased this, and pushed new commit to Bitbucket repo. Should be a timely way to do this - needs to be reviewed and approved by harmonization process so that we don't have to continually redo.  Also, Security members who have asked to be reviewers have not been responded to.  We will ask that someone from UTG join Security to help us progress our proposals.

11/24 Jeff and Kathleen added as UTG Reviewers.  We still don't know how the approval process works.

Privacy & Security  Logical Data  Model

No meeting this week.  Will resume final ballot preparation on 12/2 call.

Review and approve P&S Logical Model draft NIB submitted without suffix "Cross-Paradigm" after TSC review.

2020-11-11 Privacy and Security Logical Data Model meeting did not meet quorum.

Please review and send Mike comments on V3 Logical Model Draft 1116.docx

  • models have updated per comments, including ABAC (new material)
  • working on one more model- showing relationship between class model and 
  • The majority of the changes are in the ABAC section.
  • Mike will walk though the changes at tomorrow's meeting

Meeting scheduled for document and model review

HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

ISD PPS approved 7/7

TSC PSS approval before August 23, 2020

Defer request to approve submission to 202101 Ballot until 12/8.

Dec 13: Final content deadline

CANCELLED

2020-11-25 Privacy and Security Logical Data Model


DPROV CDA IG
Update on CBCP transitioning sponsorship to Security. (intent is to ballot as Normative in future)
Next steps:  STU extension request listing emerging use cases, and possible sponsors for preparing DPROV CDA IG http://www.hl7.org/implement/standards/product_brief.cfm?product_id=420 for normative ballot

Need to create Confluence page to track DPROV CDA use cases, ballot history, and next steps. KC to do.

SOA Consent Management Service

This SOA project is co-sponsored by Security and CBCP. 

2021-01 Consent Management and Enforcement Services Track

Consent Management Service PSS

The project's model has progressed and is impressive.

See Consent Management Service Project

SOA invites Security to join 7 pm ET call Nov 5

Join Zoom Meeting
https://hl7-org.zoom.us/j/93128162118?pwd=dnZlSzNVOThpeWdpb2hWOHFMU29aQT09

Phone Number: +1 770-657-9270
Participant Passcode: 071582


FHIR DS4P IG

Finished Ballot Reconciliation on 2020-11-20 Security WG FHIR DS4P IG Ballot Reconciliation Call

Final ballotcomments_FHIR_IG_DS4P_R1_D1_2020MAY.xls Uploaded to Ballot Desktop.

DS4P Use Cases - work in progress.  Being incorporated in the FHIR DS4P IG.

Moving comments from spreadsheet into JIRA Tickets - View comments at this link.

Previously approved NIB

Postponed early January ballot until regular January ballot cycle.

Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.

Carmela A. Couderc block - continue review

Review Reconciliation Spreadsheets and JIRA Ballot Recon

Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip


 Spreadsheet Spreadsheet Spreadsheet

Spreadsheet

Upcoming deadlines:

  • FHIR IG must be substantively complete - ???, 2020
  • FHIR IG must be complete and handed over to sponsoring WG for QA review - ???
  • QA review cycle - ???
  • Content QA Change application - ???
  • Final content to Lynn for inclusion in Oct Out-of-cycle ballot ???
  • Submit Ballot Readiness Checklist - before ???

If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence

(https://confluence.hl7.org/display/FHIR/B+-+Content+Development+and+Submission)

Next steps - load ballot spreadsheet dispositions into JIRA ballot comments.

KC and MJ To Do: Check off on FHIR IG Specification Check Off and add revisions to new IG URL.

Check on progress of UTG requests and update value sets.

Cross-Paradigm US Regulatory Security Labeling IG

Postponed early January ballot until regular January ballot cycle.

Previously approved NIB already submitted.

JIRA tickets filed for acceptance of new UTG values/data; motion next week when we bring information forward on the value sets.

New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.

FHIR US Regulatory Security Labels Continuous Build - No update in the build

GitHub repo for the source material:https://github.com/HL7/us-security-label-regs 

John and Mohammad are committers.

US Regulatory Security Label Example Sandbox

Security Labeling Parking Lot

US Regulatory Security Label examples were included in the FHIR DS4P IG.  These will be the starter set for the FHIR US Regulatory Security Label IG

Still on hold.

KC to do - CARES Part 2 Security Label update for CBCP

Security Labeling Connectathon Track

Security Labeling 202101 Connectathon Track - update

Can we link  a use case to 2021-01 Consent Management and Enforcement Services Track?


Share with Protections White Paper Project

Connectathon in place (bare-bones, but in on time!)

Worked on ballot recon with Beth for KP comments.  Ready for review.

amalgamated_ballotcomments_HL7_WP_SWP_R1_I1_2020SEP neg sort 360 post BP.xls

Share with Protections White Paper Release 1 202009 Ballot v2 KC 360 post BP.docx

Infrastructure SD

Progress on ISD approval of Project for Reaffirmation of Normative Healthcare (Security and Privacy) Access Control Catalog, Release 3

Kathleen moved for Security.  Need a second, 3 days of discussion, and then the vote.

Reaffirm HL7 Version 3 Standard: Healthcare (Security and Privacy) Access Control Catalog, Release 3

ANSI Standards approaching expiration

3 WGs voted to affirm.  Checking with ISD chairs about what's needed to finalize.
Ballot Management

With the move of the WGM schedule dates to start virtually on January 25, the ballot cycle and content deadline dates have also changed.

Nov 8: Next Sunday is the Notification of Intent to Ballot (NIB) deadline – Now November 8th (Ballot minus 6 weeks)

Nov 17: FHIR Connectathon proposals due– (The Connectathon dates did NOT change)

Nov 29: Reconciliation deadline for ballot items having previously balloted – (Ballot -3 weeks)

Dec 13: Final content deadline

Dec 18: Ballot opens

Dec 27: Deadline for TSC approval of PSS for 2021MAY cycle

The on-line Notification of Intent to Ballot form (off of the TSC Utilities page) is available at: http://www.hl7.org/special/committees/tsc/ballotmanagement/index.cfm.

All Calendars for this cycle are available on the new Confluence Calendars page at:

https://confluence.hl7.org/display/HL7/HL7+Calendars


ONC

 NEW VIRTUAL EVENT:

Accelerating APIs in Healthcare:

A Year in Review and Momentum for 2021

Tuesday December 1, 2020 | 1:00 PM – 4:45 PM ET

 Join us on December 1, 2020, as we spotlight how application programming interface (API)-forward policies and industry actions are accelerating interoperability of health data. This event will include updates from federal agencies as well as presentations and demos from industry partners, highlighting work currently underway is advancing innovation and competition in the health IT ecosystem. The event will end with a panel discussion featuring industry experts.

Register Now →

Experiences from Sync for Science Pilot Project Participants 

ONC published a brief describing experiences of participants from the Sync for Science (S4S) pilot project. The pilot project supported health IT developers and provider organizations in developing and implementing capabilities to enable patient-directed data sharing through APIs. The S4S pilot project demonstrated how individuals can share health data with researchers through APIs and how volunteers can submit health data to the NIH All of Us Research Program.

Read the brief →

 NEW VIRTUAL EVENT:

Accelerating APIs in Healthcare:

A Year in Review and Momentum for 2021

Tuesday December 1, 2020 | 1:00 PM – 4:45 PM ET

 Join us on December 1, 2020, as we spotlight how application programming interface (API)-forward policies and industry actions are accelerating interoperability of health data. This event will include updates from federal agencies as well as presentations and demos from industry partners, highlighting work currently underway is advancing innovation and competition in the health IT ecosystem. The event will end with a panel discussion featuring industry experts.

Register Now →

 Participate in the eCR Now Covid-19 Challenge

The eCR Now initiative and the Association of Public Health Laboratories (APHL) are calling healthcare organizations to implement electronic case reporting (eCR) for COVID-19 and other diseases. Hospitals, healthcare systems, ambulatory practices, and their partners can increase the use of eCR by taking part in the eCR Now COVID-19 Challenge. The challenge will increase the number of electronic health records with eCR capabilities by use of the eCR Now FHIR® App and the HL7 FHIR® standard. Interested parties should email eCR-Info@aimsplatform.org to express intent in participating by January 15, 2021.

 View the Eligibility Criteria and More →

 New RFP: Learning and Action in Policy and Partnerships (LAPP)

Data Across Sectors for Health (DASH) and Center for Health Care Strategies (CHCS), with support from the Robert Wood Johnson Foundation (RWJF), are pleased to announce that the Learning and Action in Policy and Partnerships (LAPP) RFP is now LIVE. The purpose is to offer awardees targeted funds and direct technical assistance to build the capacity of their community’s data ecosystem to initiate, strengthen, and leverage relationships with state government to improve health, well-being, and equity outcomes. The objective of LAPP is to facilitate aligned efforts among community and state partners that will build a foundation for sustainable policy and systems change.

Application Due Date: December 16th, 2020 at 3:30 PM EST.

 Applications must be submitted via the RWJF online system.

Visit the LAPP homepage for more information → 

 NIH Issues New Policy for Data Management and Sharing

NIH has released the Final NIH Policy for Data Management and Sharing which requires NIH funded researchers to prospectively submit a plan outlining how scientific data will be managed and shared. The Policy reinforces NIH’s continued commitment to make biomedical research findings broadly available, and reflects the Agency’s view that responsible data management and sharing advances science and benefits the public. This will replace the 2003 NIH Data Sharing Policy.  

NIH will continue to engage the community to support the change and implementation of this new Policy, which will take effect January 25, 2023.


ONC FAST
Nothing to report.
OCR News

Annual Report Workgroup Meeting

Thu, 11/19/2020, 3:00 PM

To learn more, visit our calendar

Annual Report Workgroup Meeting

Thu, 12/17/2020, 3:00 PM

To learn more, visit our calendar

Notes from CHAT

Sub-resource labeling https://chat.fhir.org/#narrow/stream/179166-implementers/topic/FHIR.20Security.20Partial.20Display.20of.20Instance


Useful Links

Confluence and JIRA Tutorials

https://confluence.hl7.org/display/HDH#c4472ec9-1ffa-4734-835d-ea12286e013e-31686915


Meeting Adjournment

No additional agenda items brought forward

Meeting adjourned at 1350 Arizona time

Meeting recording: 

<link>


Attendees

  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
ONC
  •  
HL7 Austria
  •  
Kaiser
  •  
Amol Vyas amol.vyas@cambiahealth.comCambia Health
  •  
Wave One
  •  
Aegis
  •  
Celine Lefebvre Celine.Lefebvre@ama-assn.org AMA
  •  
Clara Y. Ren clara.y.ren.ctr@mail.milFederal Electronic Health Records Modernization (FEHRM) Office
  •  

Chris Shawn, Co-Chair

VA
  •  

Craig.Newman@altarum.org

  •  
Dave SilverElectrosoft
  •  
 Ready Computing
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
Sequoia
  •  

  •  
@Heather McComas heather.mccomas@ama-assn.org AMA 
  •  
EPIC
  •  
AEGIS for SSA
  •  

  •  
Jim KamperAltarum
  •  
Federal Electronic Health Records Modernization (FEHRM) Office
  •  
SRS
  •  

John Davis (Mike)

VA
  •  

John Moehrke Co-Chair

By-Light
  •  
Aegis
  •  
Julie Chan jchan@cwglobalconsult.comCWGlobal
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
Laura Bright laurabright4@gmail.com
  •  
Laura Hoffman laura.hoffman@ama-assn.orgAMA
  •  

  •  

  •  
EMR Direct
  •  

  •  
Sequoia
  •  
Matthew Reid matt.reid@ama-assn.orgAMA
  •  
VA (Book Zurman)
  •  
Patient Centric Solutions
  •  
 PJM Consulting
  •  
Phillips
  •  
Trustworthy EHR 
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  

Rob McClure

rmcclure@mdpartners.com
  •  
Enablecare
  •  
Deloitte
  •  
Saul Kravitz saul@mitre.orgMITRE
  •  
Scott Fradkinsfradkin@flexion.us
  •  

Jopari

  •  
Serafina Versaggi
  •  
Stephen MacVicar smacvicar@mitre.orgMITRE
  •  
VA (Book Zurman)
  •  
 AMA
  •  

  •  
Tom Hicke
  •  
Flinders University
  •  
Vicki Giatzikis vig9034@nyp.orgNYP
  • No labels