July 24, 2018 CBCP Conference Call

From HL7Wiki
Jump to navigation Jump to search

Attendees

Member Name x Member Name x Member Name x Member Name
. Johnathan ColemanCBCP Co-Chair x Suzanne Gonzales-Webb CBCP Co-Chair x Jim Kretz CBCP Co-Chair x David Pyke CBCP Co-Chair
x Kathleen Connor Security Co-Chair x Mike Davis . John Moehrke Security Co-Chair . Diana Proud-Madruga
x Chris Shawn . Neelima Chennamaraja . Joe Lamy . Greg Linden
. Irina Connelly . Saurav Chowdhury . Dave Silver x Francisco Jauregui
. Mark Meadows . Amber Patel x Becky Angeles . Jennifer Brush
. Mohammad Jafari . Ali Khan . Ken Salyards . Michael Gu
. David Staggs . Bonnie Young . Ioana Singureanu x Beth Pumo
x Lawless . [mailto:] . [mailto:] x [mailto:]


Back to CBCP Main Page

Agenda

  1. Roll Call, Agenda Review
  2. Meeting Minutes approval: none to approve at this time
  3. eLTSS Update - Irina / Becky
  4. eLTSS NIB submitted before Sunday deadline
  5. PSS - CBCP Approval (Ken Lord)
  6. Privacy - Is privacy Obsolete update - Mike Davis
  7. FHIR Consent

Meeting Minutes DRAFT

Chair - Dave Pyke

eLTSS

  • Lynne - publishing folks - any other that we need to do
    • they frown upon ballotable material publicly; so items will not be posted on the CBCP wiki
    • no other specific instructions were given to get ready for ballot
  • uploading items to the wiki; need to delete some information
    • hesitating to upload spreadsheet; until
  • owed to CBCP a final version with executive summary; once ready Irina will provide once ready

FHIR Consent

CPs items to vote on

four have been dealt with one way or another;

  1. CP 15581 - Motion: Suzanne / Jim Vote on disposition as displayed
    • vote: abstentions: none; against: none; approval: 11
  2. CP 15641
    • followed up with Michelle with no response
    • wish to close as not persuasive Motion made: Jim / Suzanne
    • Abstention: none; Against: none; Approval: 11
  3. 17154 Search parameters
    • Securitylabel to security-label (must have dash) Motion: Jim/Suzanne
    • Vote: abstentions: none; against: none; Approval: 11
  4. CP 14181
    • items have been elimated - could not be mapped to v3 RIM (they are not found in v3 RIM
  5. CP 11069 (already resolved)
    • suggest to close as this is based on an older version

NEW DISCUSSION:

additional e-mail discussion:
David Pyke been asked to put forward this statement for voting as a motion to   the group clarifying our stance on consent in FHIR
<quote>
* The Consent resource is the correct (and best) way to store and exchange computable consent agreements in a FHIR environment
* Formal consent documents are contracts and you may use the Contract resource to capture that aspect of them for attachment to the Consent resource as a source document.
* While Consent information may sometimes be found in DocumentReference, Binary, Contract and other resources, Consent is the principle resource for representing consent-related information and is the endpoint where systems should expect to find this information
<endquote>

Above given to DAvid by Grahame and Lloyed on FHIR Resource - usage of various resources and their use in FHIR

CBCP - information to be sent out for review Cross-Paradigm Interopbility project

showing to transform security labels from FHIR to CDA... not a lot to do on FHIR consent contract or the CA consent; to a large extent is about security labels--there may be misunderstanding

  • to be proposed as a joint sponsorship; and confirm which WGs are involved--

wait until we get a better descrption if we do need to be involved (based on kathleen description... unsure of scope; involving cross paradign

Suzanne - to reach out to Ken Lord before sending information out for CBCP review


Is Priacy Obsolte - update

  • year / year and a half
  • no recent report outs; lots of concern of whether privacy was dead due to large nmber of breachers (large breaches) often without harm to lega regsitutuion to victims--as credit theft
  • in the meantime ; we have been engaged with worldwide review; AUS, China Eu India, Japan UK, US among others - specifically did not look at Russia.
  • most countries have new privacy laws in place
    • EU - GDPR in place
    • other countries are looking at GDPR as benchmark (Japan may incorporate GDPR version)
    • in US, initial feeling was fragmented state by state and largly with specific industry focus; it is a patchwork of state laws, that being said the US is considered to be strong in terms of privacy because of the FTC enforcement of federal trade commission act; also healthcare is one of the vertical as excellent privacy practice.
      • with the FTC the general concensus US privacy enforcement and laws in US are the strictest in the world
but doesn't address victims do not get credit in the courts--efforts are largly to correct breaches int he first place; in terms of technology, seeing lots of new technology in privacy i.e. zero-knowledge proofs UMA block chans, data beach responses - included in the GDPR; which has raised the bar
      • all 50 US states have breach notification law in place. we have consent management
      • data classification (we call it security labeling) enforcing/segmenting privacy information.
      • largely if looking at enfocement activities which fall more in what organzations do … we wuld say its a big plus that detracted by the fact that we do have breaches involving billions of dollars; there is reason to question security in facebook, google; knowing we go in at our own risk;
      • privacy is not dead - it has issues there are activities in law and technology in standards bodies to address the issues; may not be the final conclusion for today; goal: wrap up and bief out at the Security/ HL7 WGM meeting


Oliver: freeze your credit? recourse to protect yourself or is there other

  • breaches are not just getting into our account; ie. security clearance infroatmion collected was breached for millions of federal employes, homes they've lived, cards etch... were breaches including healthcare privacy not just credit card monitory involved in identy theft
  • there is no effective recourse to sufficiently lock up the information they carry; the GDPR is slapping down on companies on that. Therorizes that GDPR can protect toursts who travel outside Eu; there are no harsh penalites (in Canada) and make retributions... except through credit monitoring

Legal changes/technology changes / enforcement and we're talking about privacy across the board; not just identity theft... its more promising thatn what we toguht whenw e were just looking at victims not getting more than credit monitorying.

Motion made to adjorn: Jim Meeeting adjorned at 9:43 Pacific time --Suzannegw (talk) 12:44, 24 July 2018 (EDT)