This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

December 02, 2014 Security WG Conference Call

From HL7Wiki
Jump to navigation Jump to search

Meeting Information

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name
. Mike DavisSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Don Jorgenson
. Trish WilliamsSecurity Co-chair . Gary Dickinson . Tim McKay
x Kathleen Connor . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Paul Knapp . [
x Diana Proud-Madruga . Reed Gelzer . [
x Rick Grow . Steve Hufnagel . [

Back to Security Main Page

Agenda DRAFT

  1. (05 min) Roll Call, November 23 Meeting Minutes
  1. (10 min) FHIM S&P Modeling Project Wiki and Call Logistics - Kathleen
  2. (10 min) Vocabulary Alignment Project - Diana/Reed
  3. (15 min) January WGM Agenda
    1. Note: items with ? have been rolled over from previous WGM Agenda
  4. (05 min) Other business, action items, and adjournment

Meeting Minutes

Approval of meeting minutes Meeting minutes for 23,_2014_Security_WG_Conference_Call November 23 were unanimously approved.

FHIM S&P Modeling Project

  • John Moehrke agreed to attend the FHIM meetings at the Security WG meeting. FHIM modeling group members continue to work with Galen on the FHIR DAM Documentation spreadsheet.

Vocabulary Alignment Project

  • Project participants reviewed the project scope statement and made sure to include context scenarios once Diana clarified that the project team hasn't been dealing with actual use cases, but rather scenarios. The team also discussed how an EHR Record Life Cycle Event frequently has two descriptor verbs. Reed Gelzer created a PowerPoint and an initial Vizio diagram to show the breakdown of a Life Cycle Event to allow for better distinction of verb definition.

FHIR Change Proposal

Update on development of FHIR Consent Directive Suite

We walked through the steps of the Consent Directive Profile and the FHIR Contract Resource spreadsheets, and the information that was covered was approved.

Kathleen walked us through the steps. This conversation is detailed below.


Kathleen: "Most of this builds off what John put down as a straw man. We walked through a contract and it has a header level, which says you’ll be my friend (this is a grantor, grantee type of thing). You have a witness, you have a notary…or you could have a contract saying Suzanne and Kathleen are going to be friends and there are terms to our friendship. The first one will be: we’ll remember each other’s birthdays. That would be contract term 1. We can have contract term 2: we will buy presents for each other on our birthdays, but we will not spend more than $5. And, we could also say this contract is only effective in the U.S. So, we can talk about the domain. We can say there’s an authority. We filed this in a court of law, so it has a binding authority. We could scan and sign it, or we could simply have a URI if you wanted to sign it someplace on the Web. We could have it in very friendly terms, where we could have flowers and have happy faces all over it, and that would be our friendly version. It could be something in a repository, or it could be something that could be pulled out from a FHIR server. We could also have a copy that we signed. We could have several friendly versions where Suzanne did it with flowers and I did it with butterflies. We could have several that were not signed, like this was version 1 and this was version 2. Or here is a template for having a friendship contract. And we could even create some kind of policy language to talk about whether Suzanne and I had in fact sent emails to report our compliance. You could have that in bold language.

So, all those components are in this contract at this point, and we have various signers. You can have a notary, you can have a witness, etc. One thing that we did run into – that I’d specifically like to address to John – is that we’re having to put in date/time for every one of our attachments, which is unfortunate."

John: "With the contract resource itself, it has the date/time, and all of the attachments would be the same. There’s the issued date and then there’s the period in which the terms are open. Why would you have different date/time per attachment?"

Kathleen: "There is an ongoing difference of opinion about whether attachments should have the date/time in it, versus forcing folks to put it in as an extra element, so that’s an outstanding methodology issue."

John: "I was expecting the three attachments – the friendly, legal and the rule – to be intentionally the same meaning per version of a particular instance of a contract."

Kathleen: "Let’s have a consent directive and it’s in Spanish and in English and patient friendly. Maybe there’s 6th grade level and 12th grade level versions. The content is meant to be the same, but they could look very different. Another thing I just wanted to point out is that we have it so you can put it in as an attachment and/or a document reference.

One more thing: we differentiated between a policy profile, a contract profile, and a consent directive profile. If you had a policy like a privacy law, it’s not a binding contract, so maybe you can say, “Here you can find it in the Federal Registry; here’s the date on which it was published…” That’s different from saying, “Suzanne and I signed a contract and it’s stamped by a notary.” That binding contract is separate and it’s zero-to-one."

John: "So, you’re keeping the legal at zero-to-one?"

Kathleen: "No. Legal can mean something that is not signed. So, we meant zero-to-many. If you wanted to talk about policy, and you wanted to say that there is a policy and that it is not binding policy, you can do that in legal. It’s use case specific, but it makes a differentiation because bunching them together causes issues with respect to being able to do policies that are not contracts or where you might want to have two versions of that one version."

John questioned the inclusion of both an Attachment and References to DocumentReference resourse Kathleen explained that Mike Davis determined that this choice is essential for ensuring that a Consent Directive CDA can be retrieved via an XDS Registry. She stated that although she thought Attachment would suffice for that purpose, that John should submit comments against this in the ballot to provide arguments about why it is unnecessary.

  • Bottom line: Work is ongoing on the FHIR contract. Kathleen and Paul Knapp have a few more definitions to add and get into the continuous build, profile and value sets. John Moehrke will lend his help in updating the consent proposal.

Meeting adjourned at 1258 PST

Retrieved from "https://wiki.hl7.org/w/index.php?title=December_02,_2014_Security_WG_Conference_Call&oldid=94067"