This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 May 2018 WGM MINUTES - Cologne, Germany

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page

Security WGM General Session Deck

Monday Q3

Back to Security Home Page

Joint CBCP - Security

See CBCC Minutes

Monday Q4

Joint CBCP - Security

See CBCC Minutes

Tuesday Q1

Opening Security WG Meeting

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • David Pyke david.pyke@readycomputing.com

Chaired by Alex

1. Introductions

2. Approval of agenda

  • Discussion on content in relation to Blockchain and its potential impact. This will be included in the agenda and discussion of the potential use cases.

Proposed - Kathleen Seconded - John Approved: 5:0:0

3. International Report outs (given at meeting with CBCP Monday Q3)

  • Japan: In 2020, Japan will have a full patient national ID.
  • EU: * EU NIS (cybersecurity) directive deadline for national transposition into law was last week. Many countries (Austria) have missed the deadline. There for in Austria only critical infrastructure is applicable.
  • Australia: Privacy breaches reporting has begun in Australia, 25% were healthcare providers
  • Canada has begun requiring statistics collection of Privacy breaches, the privacy commissioner will report out nationally
  • In the US, ransomware is a breach
  • Switzerland: Launched a working model for a national HIE based on an upcoming new restricted national ID and IHE profiles. Double opt-in (clinicians and patients may) should be live by 2022. Privacy restrictions will be patient based. Documentation will be sent to the CBCP list

4. Liaison Reports: ISO, IHE, ONC

  • ISO (Hide): ISO: Audit trail discussions (27789 Audit Trail for EHR) Change proposal to keep conformance with ATNA, etc. Some vocabulary, such as purpose of use, is not harmonized among SDOs. ISO will harmonize/constrain/map these vocabularies as part of their process. Presentation on recent ISO Meeting in Brazil. Presentation on SEC WG Homepage (Documents and Presentations).
  • OASIS : No report
  • IHE: AS4 Security has been mandated and IHE is setting up a new Document Sharing set of options based on AS4 requirements.

5. FHIR Security Report out - John Moehrke

6. HL7 Project status and updates:

  • Trust Framework for Federated Authorization (TF4FA) Ballot outcomes and reconciliation plans - Kathleen for Mike Davis and Chris Shawn
    • 4 Ballots submitted, 161 comments, 3 negative comments from Patricia Craig, Joint Commission.
  • TF4FA Volume 3 for Audit, Provenance, and Blockchain Development Plans - Kathleen for Mike Davis and Chris Shawn
    • Focus will be on integrating current foundational Audit and Provenance standards in terms of aspects included in trust contracts. Plan is to ballot in January 2019. Digital ledger technology topic will not be pursued at this time.
  • Is Privacy Obsolete Study Group - Kathleen for Mike Davis. New material continues to be added. GDPR material migrated in part to new GDPR Wiki page
  • DAM Needs to progress to publication, was not completed from last meeting as new information in form was required. Alex and Trish to progress.
  • Status of PASS Audit
    • At the request of SOA, the status of PASS Audit has been requested as this is still sitting at reconciliation for the normative publication. SEC WG will request Mike to clarify what content for PSAF is in relation to PASS Audit.
      • All PASS projects need to be with SEC not SOA. This was historical but it now makes more sense for the PASS work to sit with SEC. Trish and Alex to talk to Dave Hamill and SOA about making this happen.

Tuesday Q2

Joint with CBCP - FHIR Connectathon Report Out/July Harmonization

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • David Pyke david.pyke@readycomputing.com

1.FHIR support of GDPR - See GDPR SEC special wiki page http://wiki.hl7.org/index.php?title=201805_GDPR

2. July Harmonization Focus

  • Sharing with Protections - TEFCA Minimum Necessary given expanded Purposes of Use and need to establish Legitimate Relationships. E.g., Care Team, fiduciary, treating provider, and payer of record as possible Legitimate Relationship Compartments to indicate that the resource is available to requester under purpose of use regulation such as HIPAA TPO, and possibly used as flag to discloser about which minimum necessary policy to apply to the amount and kind of information disclosed, e.g., only payment information related to a patient's current or past payer.
    • Provisioning with ABAC Clearances & Security Labels. e.g., Access control scheme code definitions as children of AccessControlScheme policy, e.g., ACL, RBAC, ABAC
  • Possible GDPR Security Label vocabulary. Kathleen mapping from the draft codes developed by Rene Spronk to current HL7 purpose of use codes and privacy laws.

2. Findings from Cologne GDPR and Blockchain Connectathon Tracks.

  • Blockchain track did not get traction.
  • GDPR "Chat-a-thon" was well attended by international members from EU.
  • Kathleen set up a wiki page for GDPR where material developed for Connectathon can be found as well as background material

3. EU Security Items - Discussion about EU Cybersecurity activities.

Tuesday Q3

Joint CBCP, Hosting Security

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • David Pyke david.pyke@readycomputing.com

Chaired by Trish

    • Brian Postlethwaite regarding new PSS - Proposal for new VerficationResult resource: http://wiki.hl7.org/index.php?title=VerificationResult_FHIR_Resource_Proposal
      • The VerificationResult resource records the details and results of a resource that needs to be, or has been verified by multiple parties. It does not represent the workflows or tasks related, but does cover the who did what when, why, and when it needs to be done again.
      • This is in contrast to the AuditEvent which could record that a resource was received from someone, and the Provenance that records who it came from.
      • It was considered to be implemented as a profile on Provenance, however this seems to be different in scope in that its includes details of the verification.

Discussion about whether this is too similar to Provenance as to make this inappropriate. This would stretch the meaning of Provenance resource. The outcomes was that Provenance is not a suitable substitute or resource for the intent of the use for VerificationResult.

This new resource is about metadata of the process not exactly the same content as for Provenance - which omits how, when and why future verification is done. The question is that if there is confusion over the resource, because of similarity, this would need to be made clear so it was not misused in place of Provenance.

Where the scope, content and boundaries require, the Provence resource will point to the VerificationResult resource, and the Security webpages will be updated to reflect this. There was consensus in the Sec WG that this is an appropriate resource.

    • Report out on FHIR Privacy and Security ballot outcomes - Dave and John
      • Discussion on consent versus general purpose data access rules resource.
      • There were no comments on Consent for the ballot. (Dave).
      • Security has only one comment from Louis(John) was about an out-of-date link regarding HTTP and this will be corrected.
      • Assessment is that we will be able to meet the reconciliation deadline!
  • Moved up Q4 agenda.
    • Security TF4FA Ballot Reconciliation Work Session
      • Kathleen is working through the ballot reconciliation.
      • The major comments discussed that needed further decision were:
        • Meta and composite data discussion not removed from document before balloting and some comments related to the section and these are then accepted for correction (bulk of negatives refer to this).
        • Trust contract information model (Illustration 13): The comments suggest that this model needs refinement to be clearer. This was accepted and will be revised.
        • Many comments are editorial in nature.
      • Reconciliation and subsequent discussion will be during weekly calls.

Tuesday Q4

Security TF4FA Ballot Reconciliation Work Session

See Q3.

Wednesday Q1

Joint with EHR, CBCP, FHIR, SOA, Security(EHR hosting)

See EHR Minutes

Includes discussion about:

  • Standards support for key GDPR Policies - Rene Spronk
  • TF4FA Ballot Outcome and Next Steps - Kathleen for Mike Davis and Chris Shawn

Wednesday Q2

No meeting

Wednesday Q3

Security WG deep FHIR topics

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • Kevin Shekleton kshekleton@cerner.com
  • Josh Mandel joshua.mandel@childrens.harvard.edu
  • Isaac Vetter isaac@epic.com
  • Rick Geimer rickgeimer@lantanagroup.com
  • Yukinori Konishi koni@kis-inc.jp
  • Sadama Tabanaka stabanaka@gmail.com
  • Masaaki Hirai masaaki_hirai@mifty.com
  • Daniel Pletea daniel.pletea@philips.com
  • Michael Donnelly michael.donnelly@epic.com


Chaired by Trish

1.Reviewed with FHIR-I group the FHIR track on Privacy (John & Alex) and relation to GDPR.

  • See GDPR SEC special wiki page http://wiki.hl7.org/index.php?title=201805_GDPR
  • John explained the potential changes under GDPR - and additional functionality within an operation rather than through business logic. The relevant 'rights' are:
    • Right of access
    • Right of erasure
    • Right of correction
  • Discussion on what an operation definition for a data ACCESS request look like, and one for an ERASURE request.
    • Whilst for most health records there is other legislation about record retention that override GDPR. However, at the expire of the retention period, an erasure request may be raised.
    • The working definitions developed (for discussion) can be found on the GDPR wiki page.

Wednesday Q4

Security WG European Privacy and Security Issues Meeting Attendees:

Chaired by Alex Mense

  • Discussions on creation of a FHIR GDPR Implementation Guide

KC was ins support of creating a PSS that would develop and show how that FHIR resources would be used.

  • Motion: CBCP and Security Work Group approve the development of  a PSS of a FHIR GDPR Implementation Guide.  Final deliverables and Use cases would be developed and would reach out to the International Affiliate initiators and other interested SDOs and other interested parties for input and use the FHIR Security call, as appropriate, to be the initial project contact point.  Moved Kathleen Connor/Dave Pyke: Passed Unanimously 5-0-0
  • Some gaps illuminated with FHIR-I include operations for:

1. Portability request: Getting all data out and using AuditEvent query to do that 2. Deletion/erasure requests

  • Portability: Article 15,  includes what data, why, use, storage length.  So not all information provided. 
  • Deletion Request: Use cases of where the GDPR might apply, including App to EHR or EHR to EHR  An EHR or HIE would need to cascade a request for deletion.
  • We need to discuss best practices, Security Labels, Kantara's Consent Receipt

Return, with partial success and X not deleted due to Reason X.  Does this need machine readable?  -- Use Consent Resource with Consent Decision = Notice of Privacy Practice    *Portability: We need before/during/after including user management/access control as part of any operation description pre-requisites.  Possibility of higher LoA requirements for deletion due to the inability to undo.  Discussed previous quarter but not necessarily needed in the document.  GDPR requirements have high level user authentication for rights but erasure may need higher level including possibly  a link to government ID, etc.  

  • Purpose of use: HL7 codes are available and can be mapped and national affiliates can be polled to ask members for purpose of use..  Will need to be clear as to level to find out about codes to ensure private codes for purpose of use are minimized.  And processing organization needs to have purpose of use codes.

 

  • In Japan there is no exchange of data with EU.  The Government has decided to maintain conformity with GDPR  and have started process to create rights for Japanese nearly equivalent to GDPR.
  • Meeting Material

Thursday Q1

Security hosting CBCP, FHIR-I Joint

Attendees:

Chaired by

1. FHIR Security Agenda TBD


Thursday Q1

Security WG Admin Meeting

Attendees:

Chaired by

  • Workgroup Health Update - Cochairs
  • See PBS Metrics 2018May Interim Report Need to publish S&P DAM May 2014 Informative Ballot
  • S&P DAM May 2014 - still needs publication request to complete this missing WG Health Item
  • Governance Documents - Cochairs
  • 3 Year Plan Refresh - Cochairs
  • WGM Minutes Drafting - Cochairs
  • Conference Call Scheduling - Cochairs