This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

September 2008 WGM Agenda CBCC Monday Q4

From HL7Wiki
Jump to navigation Jump to search


  1. Stan Ratajczak
  2. Gyla Pyke
  3. David Staggs
  4. Manuel Metz
  5. Max Walker
  6. Laura Bright
  7. Suzanne Gonzales-Web Chair
  8. Bernd Blobel
  9. Paul Knapp
  10. Rob McClure
  11. Ioana Singureanu Scribe
  12. Patrick Pyette
  13. Mike Davis
  14. John Moehrke
  15. Marshall
  16. Kathleen Connor
  17. Heather Grain
  18. Neale Page
  19. Hideyuki Miyohara

Meeting notes

This quarter was focused on updates from various projects related to RBAC and Data Consent (aka Composite Privacy Consent Directive)

Internal project a month long to determine the direction of pan-Canadian Info Consent Standards and agree on the approach to support. The first step were the functional requirements but CHI does not have buy-in - by December the pan-Canadian consensus will be reached. CHI makes sure that the correct stakeholders have been consulted. Currently consent is not granted at the fine-grained control level of granularity that CBCC is envisioning but CHI wishes to make sure that they can support future legislation as well as current ones. If the policy in a jurisdiction prohibits the disclosure of a certain type of information, then the sending/collecting jurisdiction may not be able to provide it but indicate that additional information was masked. The collecting jurisdiction will observe local policies when exchanging personal health records with another jurisdiction. CHI will share their requirements with CBCC.

There is a need for a integration profile for HITSP Demonstrate the use of OASIS standards in TP20 for US-realm HITSP (Access Control) - security and privacy use cases are addressed. These use cases will demonstrated at HIMSS next year. The TC is looking for participation in the upcoming demonstration. A pod in the showcase will be used to demonstrate the use of TP20. SAML, XACML, and WS-trust are profiled. So far the TC has provide two interop demonstration of XACML using the RBAC and Data Consent terminology (RSA 2007, OASIS Open Standards Forum 2008).

  • France

Use cases have been provided a set of use cases to consider for use our domain analysis efforts.

NEHTA is currently evaluating the legislation to assess the effect on standards. As new requirements are developed they will be forwarded to

National eHealth Tansition Authority ]

  • Japan

Japan has conducted a project to exchange patient records and will provide us more detailed

  • Germany (Bernd Blobel)
    • ePrescription - bilateral policies will be negotiate between the jurisdictions (EU countries). The project uses smart cards and digital signature. Biometrics (fingerprint) will be used by clinician to sign document (for verification).
    • Emergency data set leverages the WHO-specified the
    • National eHealth Record Specification - very similar to UK and Canada

A signature allows a clinician to sign a set of documents ("staple") as a batch/group of documents.

Trasaction Package 20 (TP20) for Access Control was developed by HITSP and it will be approved by the Secretary of HHS by October (both TP20 and TP230 will be approved).

    • SAML
    • WS-TRUST
    • ASTM 9086 - Roles
    • ASMT PMI
    • HL7 Permission Catalog
    • ANSI RBAC standard

Back to Meetings