This wiki has undergone a migration to Confluence found Here
March 6, 2018 Security Conference Call
Jump to navigation
Jump to search
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| . | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | x | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| . | Oliver Lawless | . | Joyce] | . | David Tao | . | Nathan Botts | |||
| x | Francisco Jauregui | . | Bo Dagnall | . | [1] | . | Theresa Connor |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of Feb.27, 2018 minutes
- (15 min) Discuss potential updates to the HL7 FHIR 4 Security Best Practices portion of the FHIR 4 spec, based on relevant portions of the ONC published report “Key Privacy and Security Considerations for Healthcare Application Programming Interfaces (APIs)” See Links in Materials below. Johnathan Coleman
- (10 min) TF4FA Ballot Update from PSAF Call - Mike Davis and Chris Shawn
- (25 min) Initial Harmonization Proposal Discussion See Materials for relevant links - Kathleen
- (1 min) FHIR Security call cancelled John Moehrke @ HIMSS
- (1 min) Action Items, Next call, Adjourn.
Minutes
- Chris chaired.
- Agenda was approved.
- Feb 27 Minutes approved. Mike Davis moved. Kathleen seconded. Beth abstained because she was not present. 7-1-0. (Dave Staggs joined after this vote.)
- Johnathan introduced opportunity for Security wG to update FHIR Security Informative Content with the results of the ONC published report “Key Privacy and Security Considerations for Healthcare Application Programming Interfaces (APIs)” Johnathan gave an overview of the information in the meeting materials.
- After a walk though for the WG, Johnathan recommended that the Security WG consider creating a "mini-project" within the FHIR Security project to develop an approach for incorporating this material, which may be related to other federal health initiatives, such as MyHealthEData. (See below in Meeting Materials and HIMSS announcements by Seema Verma CMS related to current Whitehouse, CMS, and ONC).
- Beth asked where this discussion would take place.
- Proposal is to move discussion of ONC FHIR API recommendations to FHIR Security Calls to meet May ballot deadlines for inclusion.
- Johnathan made a motion to this effect, which Beth seconded.
- Chris solicited further discussion, and none was offered.
- Motion approved 9-0-0.
- Mike review latest modeling updates and decision to use PASS ACS as template to make TF4FA a specialization. TF4FA Ballot Update from PSAF Call. Beth asked for the models to be posted so that she can review prior to the calls. Mike agreed to do so after vetting on the PSAF call earlier in the day.
- Kathleen walked through the March Harmonization proposals post refinement during Technical Review. Initial proposal approach on how to deprecate ETH similarly to how retirement of CEL to VIP got pushed back by Ted who noted that this is very challenging to implement in v3 especially because the mastermind, Woody Beeler, is not able to join us :(. One solution to consider is just to leave as be and let it expire as legacy in due course.
- Kathleen also showed diagrams that illustrate the relationship of coordination of care specific to treatment delivery vs the non-treatment activity permitted under HIPAA operations also called care coordination and case management to show the differences in what patients would expect vs unexpected uses of their treatment information.
- No input or discussion on the initial proposals. Plan is to review final proposals and vote to approve submission March 13.
- Meeting adjourned at top of the hour.
Meeting Materials
- KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)
- ONC Role in Precision Medicine Initiative (PMI)
- Health IT Privacy and Security Resources for Providers
- Harmonization
- [tbd Initial Harmonization Overview]
- Confidentiality Codes for V2
- Sensitivity Codes for V2 with Additions and Revisions for V3 ETH Issue
- POU Obligation and Refrain Handling Instructions for V2 with Additions and Revisions for V3
- Authorization and Delegation Policy
- Press Release: https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2018-Press-releases-items/2018-03-06.html
- Fact Sheet: https://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2018-Fact-sheets-items/2018-03-06.html
- Speech: https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2018-Press-releases-items/2018-03-06-2.html
