Chair:  @Chris Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

FreeConferenceCall Online Meeting Link https://www.freeconferencecall.com/join/security36

Dial-in Number (United States): (515) 604-9567 Access Code: 880898#

Agenda Topics 


 Minutes Approval

Review 2019-06-11 Security WG Agenda/Minutes 

Motion to Approve 6/11 Minutes : Suzanne / Mike  Moved/ Second

Objections: none  ; Abstentions: none ; Approve: 9

Montreal WGM Minutes

SEC WGM Minutes (7th May 2019 Wed)

SEC WGM Minutes (8th May 2019 Wed)

SEC WGM Minutes (9th May 2019 Thurs)


Meeting Minutes reviewed with attendees.


Motion to Approve May Montreal Security WGM

Minutes :  Kathleen/JohnM Moved/ Second

Objections:none ; Abstentions: none; Approved: 9

ONC/CMS NPRMs

Final TEFCA 2 - HL7 Comments 

 <<link to final approved comments submitted>>


 Sharing with Protections - Mike

Mike to present on Sharing with Protections paper update

Review came out from the TEFCA; 

  • notion is how we might influence ONCE or support ONC efforts in this area.
    • HITEC had dropped support for DS4P which is a blow to our efforts - this does not address the HITAC decision directly, it does provide support Sharing for Protections
  • Slide 3 - 
  • Slide 4 - Result of Not-Sharing; a patient safety issue
  • Slide 5 - Share with Protections
    • HIPAA does not specifically protect the data; creating a liability rather than property model
  • Slide
  • Slide
  • Slide 9 - Result
  • Slide 9 - Requirements: 
    • We don't make policy in HL7, but ONC does.

The paper has more detail; please send comments when convenient and we can drill down more

I see this is as a change in healthcare, what HL7 has put in place.  The chaos... and we can advance this.

comment: (Kathleen) This is concnsue on how you share new policies cross dimensional;   Vendors could have a nightmare on their hands with different policies, declassification happening.  They may have to put in different security requirements for different customers -that to me is chaos.  This way customers and vendors can come up with a joint policy/vocabulary to relieve that.

--this is the same as DoD policy, wherein we give different access secret, etc.; we .  Sharing w protections provides a way to persist these protections where everyone can understand and deal with the information.

Comment: maybe you can add a snippet of this information to your paper, using the update of TEFCA. 

Sharing with Protections 

Sharing with Protections presentation

 July Harmonization

Initial Harmonization Proposal Submissions - Kathleen


Harmonization Proposals
PSAF Provenance

 Update from Mike Davis - (no updates this week)

  • Major updates
  • Plan is to ballot Provenance as Informative; if this ballot goes well we will move on to balloting as a Normative DAM

FHIR Security

FHIR Security Call updates.

Note that John Moehrke will be OOF next week.


FHIR DS4P

Need PSS approval for FHIR DS4P and DS4P CDA IG update

FHIR DS4P IG PSS (Kathleen) - Review of updated draft per 2019-05-28 FHIR-Security Meeting Minutes comments below.

Outreach to current and prospective implementers and potential Connectathon testing concluded.  VA, Perspecta, MiHIN, PatientLink added for both categories.

Report out of discussion with CBCP WG at 6/4 meeting.

Check that the DRAFT PSS comments have been adequately addressed: 

  • add incremental development goal schedule (due to resource shortage); in January WGM we can begin to parse out the details
  • fix V3 Data types (to 'NO')
  • add to Content Already Developed 'CDA'
  • clarify work is scope x and
  • deliverable: how to parse the project to resource availability (low hanging fruit first)
  • per Mike: suggests removing word 'policy wherever it occurs' (suggestion under further discussion)

Mike is proposing a sub-working group, to deliver information to send out for support

LINK to Security/CBCP FHIR DS4P IG PSS

Motion:  Kathleen/ Suzanne

Abstention: 1 (Mike, Julie Maas, JohnM); Objections: None; Approved: 6;

Action Item: Develop DS4P CDA IG revision PSS - Kathleen to do

Basic Provenance

Next call is June 17th - Good progress made. Refined Brett's Provenance Author Participation template for C-CDA. Decision made to include it in the Summer out of cycle C-CDA Companion Guide to get community feedback. 

Plan from Monday's call is that Brett is to meet with FHIR Security to check whether the data elements in the proposed C-CDA Provenance Author Participation template is fully supported by FHIR Provenance. Brett is working on Argonaut/US Core Basic Provenance profile. The Basic Provenance IG will point to the C-CDA Provenance Author Participation template and to the FHIR Basic Provenance profile with discussion on the use cases and how these decisions were arrived at.

WG needs to review and approve Basic Provenance NIB for September.


NIB screen shown; Review of NIB

  • original changed to Basic Provenance for C-Cda and HIR to be consistent with how we've been call the project all along.
  • informative ballot
  • security as sponsoring WG, additiona co-sponsors also checked


  • we need to comply with the CDA schema; with an action item to check in with FHIR Security so that it supports FHIR Provenance resource so that if Argonaut/basic provenance profile will still work
  • COMMENT: previously approved by FHIR management group.  WE can ask them to attend our fhir security call to make sure its mapped correctly (as a check mark) 

Kathleen moves to have approvated / Brett second

VOTE: Abstentions: none; OBjectsions: none; Approved: 9 


Kathleen will submit; Brett sending information to Kathleen.

Basic Provenance Project

Basic Provenance 2019-06-03

HL7 CDA R2 Data Provenance

https://fccdl.in/4GHbLcGG5u



 Different bet Provenance and Lineage

Provenance is 'like what we're doing w basic provenance' pure creation...

anything after that is lineage—whatever happens to that initial thing after provenance.


what healthcare people think of provenance is 'both'  the difference would be whether you chain them

MIke would like to view basic provenance is our 'painting' and once sold, the tracking, etc is 'lineage'

JohnM in healthcare - doesn't believe there is any distinction of purely provenance or lineage. It's just a form distinction. basic provenace is spoke of very early on.  'where did I get this information from...?' which ay not be the original painter but the museum... JohM believes in trying to fit them in the hybrids definitions --doenst really fit; I don't disagree with it–just in medical records it seems that way... they just want to know 'why I should trust this information... fromt he author or whomever...why should I trust that informatin/data...'


MikeD - thank you - just want to establish some foundational defitnions.


AdjournmentMeeting adjourned  Arizona time 1259 (Kathleen moved, John seconded)

Temporary Meeting link: https://fccdl.in/qCAq79d5VY


Attendees


x

John Moehrke Co-Chair

By-Light


HL7 Austria
x

Kathleen Connor  Co-Chair

VA (Book Zurman)

@Trish Williams Co-ChairFlinders University
x@Christopher Shawn, Co-ChairVA
x

John Davis (Mike)

VA
x@David StaggsSRS

VA (Electrosoft)

SRS

@Francisco Jauregui  fjauregui@electrosoft-inc.com VA (Electrosoft)
xAegis



@Matt BlackmonSequoia

Julie Chan jchan@cwglobalconsult.comHL7 FHIR

@Dave SilverVA (Electrosoft)
xKaiser

VA (Book Zurman)
xONC

@Peter VanLiesdonkPhillips

@Adam Wong adam.wong@hhs.govHHS

@Mohammad Jafari Mohammad.jafari@bookzurman.comVA (Book Zurman)

@Ricky Sahu, @1up.health  

1up Health

Versaggi Consulting

Wave One

EMR Direct

EnableCare

Sequoia

Ready Computing

 PJM Consulting

Jopari 

 Laura Bright laurabright4@gmail.com


 Jim Kamper Altarum