2019-08-06 CBCP Meeting Agenda/Minutes
VOTE: (motion to approve as written) : KenS/CraigN
Abstain: 0 / Opposed: 0/ Approve: 15
| Minutes Approval|| 2019-08-13 CBCP Meeting Agenda/Minutes|
VOTE: (motion to approve as written): GregW / Craig N (with correction)
Abstain: / Opposed: / Approve: 15
New 42 CFR 2 Proposal Announced
Par 2 - two new NPRMs
Secretary of HHS announced proposed changes to regulation
Please review, PAC is looking for comments.
- is there a time limit for returning comments? 90-days for publication - PAC needs earlier to compile and review before submitting.
Add to next week's agenda and also the WGM Agenda
- There are a number of hot buttons in the updates
- Seemed to be very closely held in the agency; neither Jim or Ken were a part of the process
- Jim has read through the first half - so far they strike him as limited in terms of understanding what the issues are i.e. there is a still a disclosed record must be with a written record---
- this item can be supported by FHIR - we can tell the system to display that
- reference to consent to share - this is something has never been balloted
- they need some updating ...on that section; concern is not that the labeling could nto deal with the various noties; but the autoris do not have an understanding of what needs to move where
- Jim does not remembering seeing (yet) that is terribly new or different; there issome peculiarities in a attempt to make things more cprovide clarity to HIPAA there is a discussion of prologue to the rules (check recording)
- they still carve out
- one example (surprising) was the election efforts for payment are implecitiy incuded for disclosure without consent - if someone has access to a methadone clincie, the credit reporting services will also have that information and the 'cat is out of the bag' found this bewildering (mental health clinic)
- believe this is a davinci issue - we want to be abe to push 'full disclosure' - they want to have eah various providers to become individual HIEs
- they do not licenses to practice medicine, but they want to spread the information around
- there are some vagaries that we do not understand—clipping much of privacy parts,
- PAC - Jim is on; does nto have a lot of freedom of action on that range
- asking trhe WG to take a look and disucss for next week - it still requires consent for a lot of activities, data segemenation but it opens up channels of substance abuse organizations;
|Share with Protections (Response to HITAC) - Mike Davis|
(no update) Meeting set-up TBD (Mike not on) Mike is starting the PSS for this project
"Share with Protections"
- there is a document that Mike is producing, available to review; its the basis for the PSS -
- Mike has not worked on the PSS
Review of attached document (latest version as of 8/27/2019)
- pgs 9-10 'the bad'
- Use Case 2: Share with Protections; intended to optimize sharing in the best interest of the patient and/or society. This requires tha tprotectiosn themselves are enduring...
- Table 2 - Share with Protections "Truth Table"
- Shareing by default with the lablels (patients know this)
Questions: This is intended to be a hwite paper that is disucfssion a specific US Use case in th eohopes that it covers some solution -
- focusued (Mike) on the notion that ONC has proposed the with TEFCA that informaton blocking in any form is a 'bad thing' . wthi that presumption, the idea here is to make the information liquid and accfessable. artner quote: "The tenuous balance bet protections, privacy, security, acces..... " which is where he is gong with this
- to note (JohnM) this is going ounter to x by design.
- mike - its an analysis
- john m need to firuge out the so what message is -
- similar to the GDPR where HL7 could act on the gaps; that could be soething that is actionable through HL7?
- mike 0 the intent is to say that patients can opt out but its not in their best interst with data sharing - because providers need the information. there are so many holes; with respect to 42CFR and DaVicni, the whole notion that we have privacy is dillusionals. the idea is to protect the information, and access it only if you have credentials to access it. To optimize the use of the information we share it, but we share it with protegtions - we are honoring the recipient ....
- we need to come up with an HL7 as a mechanish that can support HL7 in sharing with protections
- theer is osme agareemnt in place where the recipient will honor the lables. the possiblities of leverages the provenance... as described in PSAF spec and say perhaps tdisclosure woudl be recording as provenance in some discoverable store, that indicated whtere security labels had been changes. this way the recipeient can see if lables had been honored.... we nened to start thinking how our tools can be osmething patients can actually embrace
- mike is open to that -yhou're sayhing is …" we have the analysis now... what's the next step - ?
- kathlen 0 the part that is most valuable is that information can be shared with protecgtions; balancing the cost tracking consent, whethere they are honoring the lablels...
- mike - several objs to this approach - which is why we have SLS (external) we have standards in place to support. we need to draw on thaese to propose how this might work. not sure your provenances supports sharing
- kathleen - the provancne resource can record things like classification; if someone were to change lables and it was a mandatory req for changes made to the record....then its okay to upgrade classifications; but it is not okay to.... changes would be recorded somewhere that ... enforcemnt
recommendations: working session - separate from this meeting for people to review and comment on the document
- mike to set up a meeting to review/comment
- kathleen - we will be revisiting this on the security call;
- john is right... we need the 'so what'
| eLTSS FHIR IG Project - Becky, Johnathan|
Completing comments; reviewing for duplicates
- working on final updates to the IG/FHIR IG
- a few more milestones passed; approval from FMG for publication and has moved to TSC (eVote)
- weekly calls - Tuesday, 2PM ET; (prep for Connectathon)
--reconciliation is uploaded on the website,
link to IG: build.fhir.org/ig/HL7/eLTSS/index.html
| eLTSS Use Case - Craig (15-20 min)|
Discussion: Next steps for Connectathon track
- No changes in the use cases - three groups participating in connectathon
- Craig from Altarum and a group from LTCI are meeting weekly are working toward the Atlanta Connectathon supporting eLTSS IG, pulling in pieces from care track.
- A possible separate testing may be introduced so as not to interfere with the current use case
Nothing needed from WG at this time
| Provenance DAM - Mike Davis|
Approx 150 balloters signed up / no votes yet
Content due 8/4 (Sunday) , Normative ballot
PSAF Package, including Final Provenance Content submitted to HL7 office on Saturday 8/3 (PDF and word versions)
Out for ballot - this version is significantly improved from first version. encourage everyone to look at it and provide comment. this doc is intended to put the scientific viewpoint on Provenance. its not an implementation but based on work that is out there. its inteted to give structure to other HL7 work in this area
- Consensus pool for September ballot is out, please sign up to review and vote
- working on completing sections of the document
| DS4P FHIR IG - Kathleen Connor|
Approved. on agenda for 8/20Security WG meeting.
Resources, additional logistics in process.
How to answer questions from DaVinci - additional questions to be answered - due to kick off in January.
Update: Approved, start date is in January for September balloting. Low hanging fruit to start, staring with security labels to describe how to do data segmentation in FHIR
- add topic for joint session (Security/CBCP)
Update Approval from FMG and will go to e-vote from TSC - completed
PSS Approved 6/4/2019: FHIR Data Segmentation for Privacy (DS4P) Implementation Guide PSS (by Steering Division)
| September 2019 WGM|
Suzanne, Kathleen to collaborate on MON Q3/Q4 and other Security/CBCP joint sessions at a future date
No additional agenda items added to 2019 September WGM at this time.
|Additional Agenda Items|
If you are interested in becoming a FHIR IG Author - Dave will send you the link to attend (SEND HIM AN e-mail!)
- Cost to attend? It's FREE (ONC Sponsored)
- Course is a day and a half (Wednesday/Thursday)
- Curriculum is still being put together
Background intent is to have a pool of people to write FHIR IGs
LINK: Please e-mail David Pyke if you would like to register for this course (firstname.lastname@example.org)
| concern for additional participation from CBCP to discuss on how to have a united front on Security and privacy in regard to i.e. DaVinci|
Announcement : interoperability standards advisory (ISA)
Deadline for comment is September 23, 2019 1150 ET ISA Comments
- let them know DS4P FHIR IG project is underway
- is on Security Agenda; so that we can bring input to PAC comments
|<add links>> |
|Carin has published BlueButton FHIR IG 'self-attestation' to privacy and security requirements|
Carin has published a blue button IG;
- noted that they have federation project on their
- recommend invite author to CBCP/Security - discuss their privacy/security considerations
- Author: Amol Vyas email@example.com (Cambia Health)
Suggest that Security and CBCP WGs monitor Carin BlueButton FHIR IG "self-attestation" to privacy and security requirements, and seek collaboration on attestation criteria.
Note that "Consent Federation" is a project on their roadmap. Suggest that we invite Amol Vyas, Cambria Health, to Security/CBCP call.
Next Thursday at 2PM ET is next attempt for comment resolution
- some open topics; new examples uploaded
- met with patient care to talk about the use case for FHIR consent
have revised all the examples to fit the model
other changes to the documentation with minor changes; need to vet the changes before bringing forward to the WG
| Additional agenda Items?||None brought forward |
|Adjournment|| Meeting adjourned at 0958 Arizona Time||Temporary Meeting Recording: https://fccdl.in/U5iFwZaGt3|