August 12, 2014 Security WG Conference Call

Meeting Information

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

1. (05 min) Roll Call, August 5 Meeting Minutes
2. (10 min) Vocabulary Alignment PSS Deliverables - Diana
3. (10 min) PSS Patient Friendly Natural Language
4. (10 min) FHIR disposition - review/discussion, ongoing agenda item
5. (05 min) Other business, action items, and adjournment

Meeting Minutes

Unanimous approval of August 5, 2014 Meeting Minutes

PSS Vocabulary Alignment

• PSS was unanimously approved at the EHR Interoperability WG meeting today (8/12); EHR is the sponsor, and Security is the co-sponsor. Next step will be to take this to the EHR Steering Division.

PSS Patient Friendly Natural Language - presented by Suzanne and David

• One of the issues that came up was that patient friendly language is now standardized, so that’s something we’ll have to determine.
  • Using this consent directive will take the patient's answers, translate the consent directive using security and privacy terminology, and create a security readable consent directive.
  • Mike: "One of the things that’s going to be key to that is that the consent directive options that a patient has need to be generally acceptable to providers who are going to be using these. So, they need to be something that could be reasonably pre-approved by a provider so that when the patient selects these things, they have confidence that they’re going to be accepted by the provider, rather than things that would require them to drop out for manual review...."
  • Mike, continued: "....That means that the provider would receive it (the consent directive) and it would just be an electronic process to record the consent directive and makes sure the access control system was accordingly updated. So, if you put in things like free-form text in the questionnaire, that’s going to force it to drop out into a manual review."

• Mike: One thing that this consent directive has to do is enable creation of policies by purpose of use. If you look at that, then, there might be different reasonable options for what could be done in each of those types of scenarios.

• Mike suggested a couple of possible use cases: one that allows patients to restrict sharing of their PHI with organizations, and one that allows them to restrict sharing based on names of individuals (such as a patient's relatives).

• Kathleen suggested that we form a "Tiger Team" of members from the CBCC and Security WGs to collaborate on the use cases.
  • Kathleen: "There are a lot of use cases documented under CBCC for the initial work that led to this consent directive. It’s filling out the logic for that. We should have a call to walk through the background of the SLS document."
  • Kathleen suggested to set up a Doodle poll to discuss this; she will start pulling together background information.

• Mike added: "Another aspect to keep in mind is that, in standards work, we’re interested in interoperability and not so much on providing guidelines. So, the focus would be not so much on what organizations do internally, but this FHIR questionnaire is intended to be a resource for interoperability purposes."

FHIR dispositions

• Kathleen has posted a slide deck of the dispositions and wants to have it added to next week’s agenda as a discussion item.

Duane's recent FHIR work

• He has done an early release of the library for the HCS standard, and has got a little GUI that he built to manage clinical facts.
  • Kathleen wants Duane to give a walkthrough of his GUI at next week's meeting.

Placing items on WGM agenda

• Kathleen wants us to go through the agenda for the WGM that would include the items we need to make sure get on the table (i.e., Privacy Consent Directives).

Meeting adjourned at 1503 PDT

Minutes added by --Rgrow (talk) 20:06, 14 August 2014 (UTC)