January 23, 2018 Security Conference Call

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

1. (2 min) Roll Call, Agenda Approval
2. (3 min) Review and Approval of Jan 16, 2018 minutes
3. (10 min) TF4FA and Domain Modeling updateand Domain Model v.11- Mike Davis
4. (10 min) ONC Draft Trusted Exchange for Common Agreement released Please review and help the WG prepare PAC comments. - Focus on additional POUs and Minimum Necessary, XSPA, Consents - Mike and Kathleen
5. (10 min) CCDE Connectathon Track discussion - Bo Dagnall
6. (5 min) PSAF call report out - Chris Shawn
7. (5 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis
8. (5 min) Draft New Orleans Security WGM Agenda
9. (1 min) FHIR Security update - John Moehrke

Minutes

• Chris chaired.
• Roll, Agenda approved with addition of a presentation from DXC on CCDE Connectathon
• Jan 16th Meeting Minutes Kathleen moved; Beth seconded. Approved:12-0-0.
• Domain Modeling Update Mike reported on progress with the Domain Model so as to align with PONDERS and address the remaining negative comments on TF4FA May 2017 ballot from Bernd Blobel. As a result, PSAF project is currently taking a strategic pause on TF4FA Volume 1 revisions until the updates to the S&P DAM are completed because it is the foundational Conceptual Information Model for TF4FA. However, work has started on Volume 3: Audit/Provenance/Blockchain as well as small tweaks to Volume 2 TF4FA Behavioral Model) to keep the two documents in synch changes to TF4FA Volume 1 resulting from changes in underlying S&P DAM. Robert Crawford, a VA modeler, is stepping in to update the S&P DAM. After the WGM, both the Tuesday PSAF call and the Thursday S&P DAM calls will be dedicated to DAM revisions in order to meet May ballot cycle deadlines.

TEFCA

• focus has been on the implemcation of POU
  • there were several; we need to be cognizant of the relationshps for the POU to obtain
  • it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with another covered Entity that does not have a relationshp with the patient
    • there is proposed legeisation that would allow clearning outses to be a covered entity
  • Draft Trusted Exchange Framework Final document
    • B. Ensure providers and organizations participatin in exchange have confidence that theapproporaite consent or written authorization was captured, if and when it is needed,prior to the exchange of Electornic Health Iformaton.

XSPA - Mike has draft comments to share

• lots of discussion on S&P and trying to get everyone to a common level, real mechanisms are need to secury exchange.. including patient desire. restrictions still exit. the current appropoach. we need an approapch that is sharing WITH protections.

a

• in terms of 42CFR with protectons. concernts: that i a patient does nto sign consent, a clincialn may inadvertenly prescribe opiods for that patient

concern: even if they did away with the law, restrictions still exist.. patient could submit a restriction for tha provider

XSPA healthcare profile of SAML XSPA healthcare profile of XACML

OASIS has received comment from the public ballot--that should come across as scope of work for this-int eh orgianzaiton version everyting was hard coded in the vocabulary. in v2... it points to HL7vocabulary XSPA prifle for XACL they have a 3.0 version out now.

Connectathon - Bo Dagnall providing 3 three different components which can work together or separately

• we are bring a resource services; we ill have it corrected AllScirps Va and Cerner

Is Privacy Dead Group

• report out to occur at HL7
• Adrian Gropper gave us some insight on Privacy right for India
• Mike will add to the report

Meeting Materials

• TF4FA and Domain Modeling update
• Domain Model v.11