This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

September 2016 CBCC Working Group Meeting - Baltimore, Maryland

From HL7Wiki
Jump to navigation Jump to search

DRAFT 2016 September Working Group Meeting - Baltimore, Maryland - CBCC WORKING GROUP

Community Based Collaborative Care (CBCC) WORKING GROUP SESSIONS

Back to CBCC Wiki: Meetings

Agenda and Meeting Minutes

Day Date Qtr Time AGENDA ITEMS Session Leader Room
SUN MAY 08 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .
MON SEP 19 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3/ Q4 1:45 -3:00 / 3:30-5:00 Joint CBCC - Security
  • Welcome and Introductions
  • Agenda Review
  1. (15 min) eLTSS - Angelique Cortez (Accenture)
  2. (35-45 min) @1:45PM FHIR Connect-a-thon Report Out/Demo(Duane DeCouteau, Mohammad Jafari): FHIR server with the capability to enforce patient consent via a third-party authorization server (UMA) as well as enforcing overarching organizational Security Labeling Service (SLS)/Privacy Protective Service (PPS) services. The server modifies and labels the outgoing bundles on a dynamic per-request basis based on applicable patient consents as well as the overarching SLS and PPS rules (including the high-watermark label on the bundle).

[Link to demo]

  1. Joint Project report out
  2. International Report out
  3. New Joint Project review
  • Security and Privacy advancements since last WGM, informal/around the room

NEW discussion items; NEW projects

  • Purpose of Use Document/PPT - Mike Davis, Kathleen
  • Standards Privacy Impact Assessment Project (reconciliation update) - Suzanne
  • FHIR Consent Directive work, resolution and IG creation (report out)
  • Implementing FHIR based privacy consent using the Contract resource - Ioana
  • Care Quality /efforts in Sequoia and structure of policy,mechanisms / approach as a means for conveying consent (provider oriented) -
  • limitations or usefulness of OID in SAML assertions, of a patient consent on file... IF TIME Available

CBCC Constellation F
TUE SEP 20 Q1 9:00-10:30 No Meeting . .
Q2 11:00-12:30 Privacy Impact Assessment ballot reconciliation (tentative)
  • Please note: 12:00 PDMP/Health IT Integration Webinar (public); location TBD
CBCC Guest Room 503
Q3 1:45-3:00 joint w/Security
  • Behavioral Health Report Out
  • joint Security/CBCC prep-work for Thursday joint w/FHIR
  • New Projects?
  • Name change: Work Group proposal
CBCC Guest Room 503
Q4 3:30 - 5:00 Tentative: FHIR Discussion w/Graham

Discussion: Gap Analyss, BHS DAM vs C-CDA and FHI -Ioana Privacy Impact Assessment continued (tentative)

. *ROOM UPDATE* Colombia
Q5 5:15-6:15 Birds of a Feather: ? . Room TBD
Q5 5:15-6:15 Birds of a Feather: . Room TBD
. . . .
WED SEP 21 Q1 9:00-10:30 split-meeting Joint w/EHR, Security, CBCC, SOA, FHIR

See EHR Agenda for topics Electronic Health Records Hosting

FHIR Connect-a-thon - FHIR server with the capability to enforce patient consent via a third-party authorization server (UMA) as well as enforcing over-arching organizational Security Labeling Service (SLS)/Privacy Protective Service (PPS) services. The server modifies and labels the outgoing bundles on a dynamic per-request basis based on applicable patient consents as well as the overarching SLS and PPS rules (including the high-watermark label on the bundle).

EHR Hosting Constellation C
Q2 11:00-12:30
  • Co-chair administrative
  • next WGM agenda prep
CBCC Guest Room 503
Q3 1:45 -3:00
  • EHR/Vocab alignment sub-group (EHR Hosting)
EHR Hosting Room Constellation F
Q4 3:30 -5:00
  • Not Meeting
CBCC Guest Room 503
THU SEP 22 Q1 9:00-10:30 tentative FHIR Consent Profile - Discussion (CBCC-Security) see Wiki: HL7 FHIR Consent Directive Project Room Frederick
Q2 11:00-12:30 No Meeting .
Q3 1:45 - 3:00 No Meeting .
Q4 3:30 - 5:00 No Meeting .
FRI SEP 23 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .

Back to CBCC Wiki: Meetings

Q1=9:00 – 10:30 am; Q2=11:00 – 12:30 pm; Q3=1:45 – 3:00 pm; Q4=3:30 – 5:00 pm

Back to CBCC Wiki Meetings

Meeting Minutes Draft

Back to CBCC Wiki: Meetings

2016 – CBCC WGM

MONDAY Q3/Q4 – Joint Security-CBCC

Presentation: eLTSS S&I Framework;

  • <Add link / presentation and link to eLTSS project>

Patient Choice; FHIR Demonstration ‘Enforcing FHIR Consents using a third-party authorization server’

Welcome and Introduction [Attendees: Shawn, Hideo, Suzanne, Alex, Kathleen, Johnathan, Ken Salyards, Trish, Thomas Welch, Ali Khan Mohammed, Duane, Mike, Joe Lamy, Chris ]

International Report Out: Australia - Trish

  • Replaced NEHTA with another Australian Digi health organization
  • Difference is supposed to be a renewed view of what is suppose in control of PHI to my health record
    • Incentivize primary care (
    • People appear to be the same, some promise
    • Trish is the CEO; (digital health in title)
  • Otherwise still going as before just slower

Austria - Alex

  • New EU privacy regulation done, enforceable may 2018
  • Mandatory for all contents n EU
    • Some possibilities for some countries, but in general all the same
  • Enforcer stronger rules for privacy, with high fines for violation
  • ion
  • Beginning of this year
    • Network and information security; expect group started
      • Not much activity; group is expected to be active to define healthcare security and privacy
      • Alex is representative for hl7
    • QUESTION: Does this impact Brexit? No/None; more about economic; no impact for EU union (unknown for UK/Britain)

Japan - Hideo

  • Government started discussion on closed network of healthcare. Level 3; u
  • HealthCare only can use the closed network; made by VPN/ healthcare IX; DNS only registered healthcare organization and related parties
  • target attacks in advanced persistent attack in healthcare field; perfectly divide open network
  • this year / next year try to examine some organization using the closed network
  • 2018 start total closed network in japan
  • Have some carrier/servicer have IPV VPN network; these network do not have exchange system capability; government supports IX and some carrier to handle these network
    • Govt planning real time checking system—insurance greatest insurance status

United States/ONC - Johnathan ONC – S&I Framework

migration to ONC Tech lab where pilots of different projects are focusing on materials in related communities/ similar standards can benefit on the standards ; traditional S&I---to more rapid, technical base to recognize/work on gap or already out there standards to use.

Data Access Framework/Data Provenance

prescription drug monitoring (under final, closing project—coincide with opioid conference)/structured data capture clinical project

Patient choice

basic consent; granular re inconsistent; hope there is interaction with DAF. With the change of president will this change funding? Unknown.

United States/SAMHSA - Ken Salyards

  • NPRM is getting to the final; consent to share is still being worked on

Prince George’s county – consent to share (changed EHR and may be moving to v2 or v3 this year) may cut off implementing Medicaid funding for mental health; is SAMHSA involved with that?

  • CMS sent out a letter can use … for connecting EPs to non EPs. Could help facilitate interaction between primary and mental health?

United States/Department of Defense - ?(was this Nancy Orvis) DimSum is now genesis project… t new EHR… Does not know if bringing in all the missing date. Or if bringing in the JLV… unsure if it’ll be incorporated or access through JLV

United States/Department of Veteran Affairs - Chris Shawn Vista evolution – leadership included to go with COTS for the DoD/VA joint EHR; working on an interface to work on CPRS (interface with vista) JLV is on the initial screen

United States/Aegis - Joe Lamy Slides from ‘Patient choice Technical Project (Security WG agenda; slide link available) Facilitator and author of facility care guide; doing the same thing for patient authorization road; well dorization; technical side; member of policy/technical WG… speaking on policy side Care Quality; initiative from Sequoia project. Involved in eHealth exchange Elements: Common rules of the road 2, 3

  • Technical, and policy groups; focusing on different aspects of the challenge of communication patient authorization requirements and their fulfillment
  • Query-Based Document exchange Implementation Guide (Care Quality)

United States/Department of Veteran Affairs - Mike Davis status of the implementation of the SLS

Made service a part of the business need

  • Made authorizations for Release of Information; however VA system was not designed to handle this
  • Despite efforts, this is not working out well; eSignatures have not been working well—however credentials are authorized
    • Patients can be lazy; signing can be a nuisance
    • Opting in by default; it seems more sensible approach for healthcare—this way patient still has control but it’s more presenting with an option that works best for you
    • We get about 17,500 requests for information/daily. We respond to approx. 300

Sample SLS, Results we had no releases that were incorrectly gone (false positives received but no actual data incorrectly released

  • Moving forward with scheme for SLS; must integrate with the existing system; must be an enterprise service;
    • Direct is also sending out CCDA and have been integrated into the project
    • IAM system is a direct system; an RFI is out for the integrations
    • SLS RFI has not yet been released. Spe
  • Specifically looking to find people who work in the healthcare space who are capable of labeling—there are and they are being interview.
    • NLP processing, must pay for
  • Tools in place to make sure that C-CDA is read properly
  • Identification of HIV information and relay back… good quality of information
  • Must excitement from MDs/twice a week meeting

Notes from DESD Meeting to 2030

  • Meeting minutes due by October 7
  • PSS due (submitted to office) by October 9
  • (see DESD agenda for latest PSS version)
  • WGM meeting minutes needs to be published at least one month in advance… add links in appropriate areas

Graham Grieve/David Pyke/Johnathan Coleman (2030 to 2115) TRIAGE of FHIR comments, meeting request from Grahame

  • Decision made for response to additional comments made outside of Kathleen/Ioana
  • Grahame will switch meeting with structured docs and come to CBCC Tuesday Q4 for official TRIAGE discussion


Attendees: Suzanne Gonzales-Webb, Johnathan Coleman, [ Lori Simon ], [ Trish Williams], [ Leslie Kelly Hall]; [ Mera Choi]; Nadia Ramey]; [ Jamie Parker]

BALLOT RECONCILIATION: - Standards Privacy Risk Assessment (SPIA) In-person request.

Negative Comment, deemed Persuasive. Recommended change: feared event to privacy incident (Trish) (use privacy incident FIRST, if necessary use potential privacy event or privacy incident where appropriate) VOTE: Affirmative with MOD. MOTION: vote: 4/0/0

ROOM UPDATE CBCC attendees have agreed to move to Security room (Columbia) for Tuesday Q4 for the FHIR reconciliation discussion with Grahame Grieve. MOTION: vote: 4/0/0

CBCC WG Name Change - discussion Possible WG names proposed, discussion opened but no firm decisions made. Additional discussion required with HL7 office on difficulty to update name, if any. General support for name change.

Prescription Drug Monitoring and Health IT Integration Closing Ceremony 12NOON; ONC Presentation PDMP Initiative


CBCC Room 503

Future of Behavioral Health in CBCC – Lori Simon CBCC was the group that housed Behavioral Health/Behavioral Health projects

  • Behavioral Health Functional Profile
  • Behavioral Health DAM, etc

Over the years Behavioral Health has been slipping out of the group, but cannot be done without resources. There are other WGs working on Behavioral Health items (each specific Behavioral Health state; funded by FDA….)

  • We have a Behavioral Health DAM in CBCC
  • CDISC; Brom Kistler working on PTSD

Kathleen was working on contract w SAMHSA, in dealing with problems of 42CFR

  • There is no issue with other WGs working on individual Behavioral Health projects, but CBCC would like for the Behavioral Health projects to continued being centralized within CBCC
    • Also, opioid abuse
    • SAMHSA
  • This was the premise behind the DS4P project. Became part of the 2015 voluntary certification criteria.

There are lots of pieces being dealt with in the whole; since the Behavioral Health functional profile, MH or SUBSTANCE ABUSE have been represented correctly—except in CIC. SAMHSA recently has recognized that health professionals should be represented in Clinical focus needs to be better represented. Coordination for Behavioral Health Projects.

  • Good idea, having it not at CIC or other WGs; CBCC is the base for community health/notified by Behavioral Health projects.
    • Note to the steering division; to notify us of those; when Behavioral Health related projects come along; we should be notified/co-sponsor. Marketing within HL7 at DESD
    • Maybe having Behavioral Health stand up as their own WG?
  • MU has been a disaster for Behavioral Health…. Per Lori; position of ONC—privacy officer; previously Joy Pritts… new: Lucia… ending in January 2016; so anew privacy officer will be appointed at that time. (Position created in Hi-Tech) appointed for a term of service.

Behavioral Health Place in CBCC

Agreement is to keep Behavioral Health in CBCC; it makes sense… however, there are no current Behavioral Health projects

  • Goals
  • Needs
    • Comprehensive Behavioral Health DAM
    • Behavioral Health support within FHIR

 FHIR focused on majority …(which is not Behavioral Health)

    • Is Behavioral Health covered under the condition source

 Technical and business need

  • Looking at the Behavioral Health specifically… condition source; Behavioral Health conditions has co-morbidity with other conditions; we can start weaving a tail which works for international and national


Who needs/consumes the Behavioral Health DAM? (US, SAMHSA…)

Lori: taking point on developing the business case.

(Will send out to CBCC list serve list when ready for review)

New Architectures in EHRs

EPIC – architecture is very old

FHIR comments Open comments that need to be addressed Whether the current FHIR consent resource will it meet the needs for opt-in/opt-out and hand more complex consent…

  • Granular choice
  • 2
  • 3e

Per the demo with VA, it is; and also granular enough to handle variations

Kathleen would like to see consent as a contract

Understanding that both can work; they work in different way

  • Under common law; having a subordinate contract it might not work? Unknown
  • Under the same family of law…
    • Under what decision
    • Much of the consent stuff seen (research per glen) person is consenting to multiple things

 Disclosure of date developed to research  Release of data  Hopefully the research subject where they are not cognifvetly enabled  Given knowledgeable or informed consent…what are we talking about in regard to consent

    • For right now… we are talking about privacy consent (i.e.…not DNR and other directives)

 From a computable consent fort; the FHIR consent opting into this consent; for more granular.. I’m opting in for this portion of research, but not this other consent.  Disclosure consent works well with FHIR consent

  • Implementers say simpler is better; but we need something to handle more complex consents.
  • If consent resource for this ‘x’ policy… we can use
  • (50:00 9/20 Q3 TUESDAY) - note for Suzanne
    • Patient
    • What about doctor’s consent to allow the patient to see certain data (i.e. in Behavioral Health) I’m going to allow my patient to see x,x,x (digestible data), but not this (raw data)


Joint with Security, FHIR Ballot reconciliation w Grahame

Use case (in ISO explicit vs implicit consent

  • All opt in, default policy
  • Patient wishes to opt out


  • If you want to opt out of only PART…of policy

OPTIN/OPTOUT State passes law related to HIE, we are in opt out state, meaning all are opted in (no signing, or consent to be opted in) you have opportunity as patient to request to opt out. • Today you do not sign consent to opt out, it’s a flag in HIE (offline process); manually input of data. o All patients must sign a … o • Both must be supported Opt-in/opt-out aka consent or not to the policy’ Consensus; attribute to add an element for

3rd, implied consent; you did not sign up—i.e. not expressly signed out

In VA; only opted out if [Implied consent is consent without a signature]

For POU i.e. treatment—consent is implied;

Proposals (from Grahame) <need to add…from e-mail>

  1. Choice 1
  2. Choice 1a
  3. Choice 2

MOTION: Change the consent policy to 1..* ; we document that means that single agreement covers multiple policy. We leave the extension for relating an exception to a policy in place---so that it can be explored. (Grahame/David)


Comment: (this will not solve my problem) If we do not support making a consent that is definitive/computable. And leave to what is mapped to what the patient signed. We cannot at the resource level have a simple consent. (Mohammed)

Objection: 1 (Kathleen); Abstain: none; Approval: 16

WEDNSDAY Q1 – joint

FHIR Alignment – gather/archive artifacts

Security/CBCC Demo - Mike Davis

Behavioral Health Functional Model

  • Moving forward
  • Per Lori – consolidate requirements from different organizations,
    • Resources needed. (SAMHSA?)
    • Work would be completed in CBCC; EHR will support/co-sponsor

Vocabulary Alignment – gather/archive Artifacts and contributions

  • Safety Checklist

FHIR Implementer’s Safety Checklist

  • (7.1.1.)

FHIR Record Lifecycle Event Implementation Guide (RLE IG)

  AuditEvent Profile
  Provenance Profile

FHIR AuditEvent/Provenance, at Maturity Level 3 or FHIR R4?

FHIR W5 Report – Who, What, When, Where, Why

  • Looking at the resources and what they are calling WWWWW…? For STU 3/current
    • Who are they calling the author or the source, etc.
    • Very wide variation
    • Analysis has been a moving target

FHIR Connect-ta-thon – Infrastructure Track

  Executable Test Scripts – AuditEvent Provenance

Mohammed Demo (see Q3/Q4 Demo, presentation was shortened at this meeting)


MOTION: Approve DSTU publication of the HL7 IG for CDA R2: Behavioral Health Assessment, Release 1 - US Realm document (David/Jim) VOTE: abstain: 0; against: none; Approval: 4

WEDNESDAY Q3 – joint w/FHIR, Security (HOST)

(Suzanne stopped editing here...need to complete) FHIR Main Page – orientation >Security and Privacy

Privacy, Security Risk Assessment Attendees:

Suzanne Gonzales-Webb CBCC Co-Chair
Attendee affiliation
Johnathan ColemanCBCC Co-Chair ONC
Suzanne Gonzales-Webb CBCC Co-Chair Department of Veteran Affairs (Engility)
Jim Kretz CBCC Co-Chair SAMHSA
Ken Salyards SAMHSA
Josh Mandel Harvard
Dennise Patterson Cerner
Pyke, CBCC Co-Chair Ready Computing
Bryn Lewis IntelSoft
Kevin Shekleton Cerner
Simon Knee NHS
Mike Davis Department of Veteran Affairs
Nick Radov }} Optum
Hideyuki Miyohara Mitsubishi-Electric, HL7 Japan
Joe Lamy Aegis
[mailto: Mohammed Jafari Department of Veteran Affairs (ESC)
[mailto: Kathleen Connor] ]] Department of Veteran Affairs (ESC)
Chris Shawn Department of Veteran Affairs

PSAF Ballot Reconciliation

Vote: contingent on review of comments to confirm correct comments entered.

Against: none, Abstain: 1 (Dennis Patterson) Approve: 14


Attendees: Johnathan Coleman, David Pyke, Jim Kretz, (Suzanne @ Educational presentation w/Victoria Lorenzi)

  • Reviewed SWOT, Mission, Project Plan, and DMP.
  • Corrected broken link on wiki and notified TSC and DESD co-chairs.
  • Updated SWOT – pending review and approval from WG.


Smart on FHIR announcement feature


Specification planned to be published as an index, for use with HL7

FHIR I – will be handling the smile FHIR launch. Since it has security features FHIR will be consulting w security.

Then will reassess and see where that content is managed. FHIR is being used across the world, being used by Argonaut project. Stable. Demonstrations of smile on



Business Meeting
Technical Meeting
CBCC Attendee 1 MON Q3 2 MON Q4 3 Co-Chair 4 DESD SD 5 TUE Q1 6 TUE Q2 7 TUE Q3 8 TUE Q4 9 WED Q1 at EHR 10 WED Q2 11 WED Q3 12 WED Q4 13 THU Q1
Johnathan ColemanCBCC Co-Chair x x x x 5 6 7 8 9 10 11 12 13 .
Suzanne Gonzales-WebbCBCC Co-Chair x1 x2 x3 x4 @Sec 6 7 8 9 10 11 12 13 .
[mailto: Jim Kretz] CBCC Co-Chair x x x x 5 6 7 8 9 10 11 12 13 .
[mailto: Alexander Mense] 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Trish Williams] 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Hideyuki Miyohara] Mitsubishi, HL7 Japan x x - - 5 6 7 8 9 10 11 12 13 .
[mailto: Duane DeCouteau]Security Co-Chair 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Mohammed Jafari] 1 2 3 4 5 6 7 8 9 10 11 12 13 .
Mike Davis 1 2 3 4 5 6 7 8 9 10 11 12 13 .
Ken Rubin FHIR 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Kathleen Connor ], 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Ken Salyards] x x 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Leslie Sistla] Microsoft 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: Duane DeCouteau 1 2 3 4 5 6 7 8 9 10 11 12 13 .
Mohammad Jafari 1 2 3 4 5 6 7 8 9 10 11 12 13 -
CBCC Attendee 1 MON Q3 2 MON Q4 3 Co-Chair 4 DESD SD 5 TUE Q1 6 TUE Q2 7 TUE Q3 8 TUE Q4 9 WED Q1 at EHR 10 WED Q2 11 WED Q3 12 WED Q4 13 THU Q1
[mailto: 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto: 1 2 3 4 5 6 7 8 9 10 11 12 13 .
CBCC Attendee 1 MON Q3 2 MON Q4 3 Co-Chair 4 DESD SD 5 TUE Q1 6 TUE Q2 7 TUE Q3 8 TUE Q4 9 WED Q1 at EHR 10 WED Q2 11 WED Q3 12 WED Q4 13 THU Q1