This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

June 20, 2017 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes June 13, 2017
  3. (45 min) July Harmonization Proposal Review
    • Additional Signature Type Codes
      • Proposal Summary - Resolution to FHIR CP 10343 - Three additional Signature.type codes need to be added to the ASTM E1762-95(2013) signature type value set for FHIR. http://hl7-fhir.github.io/datatypes.html#SignatureFHIR
      • Kathleen, we can't extend on ASTM oid. There is no reason that the new vocabulary need to be down the same OID as ASTM : 1.2.840.10065.1.12.1. They simply need to be OID. So they should be HL7 OID rooted. --- John
    • Add Competency ActReason Code Proposal Summary: Add a new code for consent overrides based on patient incompetency to the existing emergency, professional judgment, public safety, and third party safety override codes in the ActReason code system under the ActConsentInformationAccessOverrideReason node.
    • Add New Compartment Codes to Security Labels Proposal Summary: Add a five new Security Compartment Label to restrict access and use of an IT resource to members of a specific workflow.
    • Additional Research Purpose of Use codes Proposal Summary: Adds new research related purpose of use codes and revises parent codes.
  4. Reminder the SMART app specification (including their basic OAuth 2.0 profile) is available for review at https://github.com/smart-on-fhir/smart-on-fhir.github.io/tree/into-hl7
  5. (5 min) No FHIR Security call this week

Minutes


  • Chaired by Kathleen
  • Agenda Approval
  • Review and Approval of Security WG Call Minutes June 13, 2017 will be reviewed next week
  • July Harmonization Proposal Review

Additional Signature Type Codes Proposal Summary - Resolution to FHIR CP 10343 - Three additional Signature.type codes need to be added to the ASTM E1762-95(2013) signature type value set for FHIR. http://hl7-fhir.github.io/datatypes.html#SignatureFHIR Kathleen, we can't extend on ASTM oid. There is no reason that the new vocabulary need to be down the same OID as ASTM : 1.2.840.10065.1.12.1. They simply need to be OID. So they should be HL7 OID rooted.

  • John requests everyone to review
  • FHIR Security Meeting is cancelled today
  • Harmonization Proposal were uploaded to HL7 Wiki
  • Deadline for final proposal is July 7th
  • Three signature type codes were reviewed
  • (1) FHIR Change proposal: Adopt ASTM signature type code
  • Resolution: it will be added to Vocabulary
  • (2) Competency Consent override reason, to override consent Directive (explains why you are overriding)
    • eg: Emergency or safety override
  • (3) The Compartment Code, differentiating from Role
    • Definition from the Standard of what constitutes the compartment used in HCS
    • Defining the role access made to specific members to access patient records
    • The proposal are for care team and their advanced directives
    • Use case on Advance Directives goes over how the care team is assigned specific access
    • Health information in the U.S. will be using the v2 advanced discharge and will notify the legitimate relationship providers such as eg: Social Worker
    • This allows affiliated entities would be able to access patient record if the entities meet certian requirements (based on relationship with patient, and need to know basis)
    • eg: Members of financial Management staff may have some access controls on some need to know data relating to patient regarding billing (administration purposes such as patient discharge)
    • Various Standards on Need to know are included in Document presented to group (eg: purpose of use)
    • Q (1) Mike Davis: Are the codes U.S. Realm Specific
    • A (1) Kathleen: No they are not U.S. Realm specific, there is Spectrum and Genomic Health International and Global Alliance. However, not sure if they use the same modifiers
    • Within the VA and NIH Individual use identifiers are used
  • Healthcare Research includes clinical trials such as biomedical research, or healthcare ancestry (DNA)
    • Researcher can be allowed access to patient to determine if the patient can be used for health care research; however, they are parameters and restrictions on the researcher.
    • Information that is used (coverage) and purpose of use and the rights of the reviewers is typically greater
    • Question to consider (Kathleen) How does this compare to SSA? SSA has access to everything
    • We will review this next week and determine what we will refine, or not use
  • Call Adjourned