This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

January 2018 CBCP Working Group Meeting - New Orleans, Louisiana, USA

From HL7Wiki
Jump to navigation Jump to search

Community-Based Care and Privacy (CBCP)

formerly Community Based Collaborative Care (CBCC)

DRAFT 2018 January Working Group Meeting - New Orleans, Louisiana, USA - CBCP WORKING GROUP

Community-Based Care and Privacy (CBCP) WORKING GROUP SESSIONS

Q1 = 9:00 – 10:30 am / Q2 = 11:00 – 12:30 pm / Q3 = 1:45 – 3:00 pm / Q4 = 3:30 – 5:00 pm

Back to CBCP Wiki: Meetings

Agenda and Meeting Minutes

Day Date Qtr Time AGENDA ITEMS Session Leader Room
SUN JAN 28 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .
MON JAN 29 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 and Q4 1:45 -3:00 /


Joint CBCP , Hosting Security
  • Welcome and Introductions
  • Agenda Review
  1. FHIR Consumer Centered Data Exchange Connectathon Track report out and demonstration - Kathleen Connor, Debi Willis, Bo Dagnall DCX (Plus Demo)
  2. eLTSS - if available
  3. ISO PPT - David Staggs
  4. TEFCA Discussion - (Link to all material)
  5. Is Privacy Obsolete PPT - Mike Davis
  6. Security and Privacy DAM Update progress
  7. Joint Project report out
  8. US and International Report out
  9. Joint Project review
  • Security and Privacy advancements since last WGM, informal/around the room

NEW discussion items; NEW projects; NEW PSS, etc. - note: 10 min timestamp

CBCP Room 3rd Floor - PARISH
TUE JAN 30 Q1 9:00-10:30 No Meeting . .
Q2 11:00-12:30
  • CBCP at Security for TEFCA discussion
. Room Royal
Q3 1:45-3:00 Joint CBCP, Hosting Security

Proposed Topics: HL7 Project status and updates:

  1. eLTSS Service Plan (confirm room: possibly joint with Attachments, and FM)
  2. ONC Research Patient Choice presentation
  3. Security and Privacy Outreach for member recruitment (discussion)
Q4 3:30 - 5:00
  • NOTE: FHIR-I moved to THURSDAY Q1
  • ONC Patient Choice Pilot(s) - Johnathan
  • Security, CBCP topics discussion if time avaialble
Q5 5:15-6:15 Birds of a Feather (1): Enterprise Architecture Users . Room Prince of Whales – 2nd Floor
Q5 5:15-6:15 Birds of a Feather (2): FHIR Registry . Room St. James – 3rd Floor
Q5 5:15-6:15 Birds of a Feather (2): HL7 Payer's User Group . Room Jackson – 3rd Floor
WED JAN 31 Q1 9:00-10:30 split-meeting Joint w/EHR Hosting: Security, CBCP, SOA, FHIR

See EHR Agenda for topics Electronic Health Records Hosting

EHR Hosting Room 3rd Floor - Jeffereson Ballroom
Q2 11:00-12:30 CBCP
  • Planning, Administrative
  • eLTSS (confirm PC or CBCP)
CBCP Room Leeward – Riverside Bldg
Q3 1:45 -3:00
  • Co-chair administrative
  • next WGM agenda prep
CBCP Room Leeward – Riverside Bldg
Q4 3:30 -5:00 JOINT with Behavioral Health Interest Group (Piper Ranello)
  • Review of Behavioral Health Dam - Ioana Singureanu (tentative)
THU FEB 01 Q1 9:00-10:30 Joint Security hosting CBCP, FHIR-I CBCP Room Kabacoff – Riverside Bldg
Q2 11:00-12:30 CBCP Windward – Riverside Bldg
Q3 1:45 - 3:00
. Room TBD

(please check HL7 Mobile App)

Q4 3:30 - 5:00

(please check HL7 Mobile App)|-

FRI FEB 02 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .

Back to CBCP Wiki: Meetings

Back to CBCP Wiki Meetings

Meeting Minutes Draft

Back to CBCP Wiki: Meetings



Joint CBCP , Hosting Security

  • Welcome and Introductions ( 21 )
  • Introductions -
  • Agenda Review
  1. FHIR Consumer Centered Data Exchange Connect-a-thon track report out and demonstration - Kathleen Connor, Debi Willis, Bo Dagnall DCX (Plus Demo)
    • a. MiHIN contributing ACS mi
    • b. Bo will speak with DXC technologies
    • c. Aaron working with some of the developers
    • d. Terminology (Walter /
    • e. David Hayes - research app

Live demo link from Ali Khan Add mp4, link / materials loaded

DXC, CCDE Solution Components from Bo Dagnall PPT, slide

DXC Solution Components (pre-connect-a-thon; where VA MHS might have in their technology space to pull the pieces together, aggregate and standardize the data, CDS hooks and FHIR standards • SLS in the CCDE track in prep - architecture shown (pre-connection § FHIR resources pulling data from this including □ Synthetic mesa (MITRE □ VistA □ Allscripts sandbox □ Fitbit □ Cerner § DXC SLS pulling from Wk HU / sensitivity data set □ Pulling what out of the data set is sensitive; we were able to tab the data and add the tags back to the resources back into resource data DXC CHS § A consent manager was added "consent source' □ opt in from East clinic; □ opt out but want to allow STD information for a researcher doing research □ OIOO , POU, shared rules § Record views - sends in the clinician's data-- what role are you playing as well as asking POU • At the connectathon we were able to show interoperability; as a consent source to the DXC CHS they were able to send • Exceptions - demo from Bo Dagnall DHP Patient Viewer HenryFodWyandotte - company • Different combinations which can have fine-grained level of choices • DISCUSSION; note that demo was based off of FHIR STU3; • User role, POU, Security Label - these items are the heart of the exception. • Four organizations working together ; 3 sending data in and 3 filtering out • Is there an executive summary ; 15 minutes overview. (Bo/Kathleen to draft one?) 1. eLTSS - if available a. PPT; to be covered by Evelyn Gallegos b. Funded by CMES, led by ONC c. Developing a standard for electronic long-term services; supported by CBCC through ONC d. Use case; Medicaid waiver. - very disables, medically disabled, children issues; supports very which are non-clinical i. Waiver waves the part of these patients being in an institution - done through Medicaid (and sometimes not covered by MU;) this work is how to bring their community into standards. ii. eLTSS Core Dataset - stemming from a service plan; what are the services that the provides will provided for these services and who are providing them Most are fairly standards - some touch into consent, including signatures; Patient centered vs person centered what distinguishes them p vs p this is the same entity defined (patient, person, client, iii. What of this data is being shared; 1) Currently trying to map the standards into the data being shared 2) Starting with Care Plan (service plan, contextually the same) a) Care Plan - references to needs identified during assessment b) Outlines goals for the plan c) Specifies actions that will occur to address needs and achieve goals 3) "Procedures" (is this medical procedure… or is it services--not necessarily medical) Timeline - effort and time; through October 2018

1. ISO PPT - David Staggs a. ISO TC 215 - PPT << add link >> 2. TEFCA Discussion - (Link to all material) a. EU commission has mandated that transaction go cross border must be using the AS4 of secure communications - there isn't necessarily an alternative i. AS4 has not found any uptake other than this scenario. b. Comment: VA DOD is doing a set of comments … that Mike feels c. DS4P: that this standard should be in place -provides a mechanism for doing trust and allow information to flow more freely i. By 2020 80% of enterprises will have adopted ABAC d. Chris Shawn - noticed inconsistencies of NMLP,, soap…in the TEFCA i. Questions on the cryptography data; comments to correct the information ii. Added on idea of having healthcare information categorized FISMA moderate vs FISMA high… at least in the exchange of information vs the delivery of care--two different ways of looking at it. iii. Identity proofing - leveraging … didn't go into a lot of detail, tried to expand identity and authentication ways to get to level 2--but not very detailed. e. Johnathan - using standardized security labels--if requiring through the DURSA… and enforcing through the DURSA 3. Is Privacy Obsolete PPT - Mike Davis PPT Link; PPT Report Link : a. Approach - look at trends in law (what kinds of laws exist) b. Policy breaches, how many, how are they being handles c. Types of standards

○ Focuses currently on Big Data, AI - which appears to be the biggest threat § 29100 ○ Why do we care, what do we stand to lose? § Why do we care - we cannot take too myopic a view on Privacy □ There is leakage in the golden lockbox of privacy □ Should we change, continue what we're doing? § Mike's task was to do the research; not to decide what to do… □ Is there a takeaway? □ Privacy is not homogenous across the world. □ GDPR compliance? □ We are creating privacy enhancing standards (FHIR consent, SLS, etc.); we should promote the standards we have. □ We can use the information that Mike has reported on to leverage a promotion of the standards that we have created. § Challenge to take concept and HOW does it affect what we do 'here' in HL7

1. Security and Privacy DAM Update progress

2. Joint Project report out a. VENN Diagram i. Document against the .. 1) As part of the PSAF reconciliation - looking at the previous DAM; Bernd pointed out of what composite meant in the DAM (composite policy) - addition of definition of terms d(done for the trust framework) meta-, composite-policy… coming from Ponder report; which Mike wasn't aware of. These definitions are what we are going from. 2) Based on the misconception - we need to revise the DAM accordingly. 3) The trust framework need to 4) <<Mike needs << LINK to document>> 5) Do a modification of the dam to get to the correct class in the correct - best way 6) May ballot 2018 goal. >> intent to generate comments. 3. US and International Report out a. Hideki - 14 purpose code, classification term Description (informative) i. POU is 27789 audit record, ii. We should make change proposal to DICOM and added this table iii. TC215 WG2, held in NOLA discuss about DICOM; made by author of 136060 (Deepak c) 1) Health information classification of purposes ISO 14625. POU tables defined--have to refer to this table 'required' 2) All of our standards are extensible that this table is already recognized--next meeting in Brazil--will do systematic review to revise this standards and review/revise of this 14 codes; note that these codes are already published ISO/TS 14265 in 2011. iv. ISO is creating a vocabulary for a an ISO vocabulary…resulting in two POU vocab. v. Why is ISO duplicating HL7 vocabulary? In HL7 POU vocabulary Rosetree there is a mapping of the ISO vocabulary 14265 Matching 27789 and patientRecord even message of DICOM; • We should revise both 27789 and DICOM • We should propose from ISO to DICOM SC as CP; there are no PurposeOfUse and ParticipantObjectPolicySet in DICOM PS 3.15. vi. DICOM PS 3.16 Add code of POU to Content mapping resource Hideki - 4. Joint Project review • Security and Privacy advancements since last WGM, informal/around the room NEW discussion items; NEW projects; NEW PSS, etc. - note: 10 min timestamp

From <,_Louisiana,_USA>

Back to CBCP Wiki: Meetings


Q1 - with Security

International report: Australia - coming in 2/22, DARPA breach legislations, similar to US GDPR, parameters are 30-31 days for reporting, if any of the organization also fall under GDPR, they must also comply (7 days) Intelligence agencies are exempt from DARPA breach legislation MyHealthRecord - trials on OIOO, OO would be there in legislations but delayed; now pathology and audiology will automatically be uploaded, public will not have knowledge that medical professionals (all) have access to that information

AUS all have individually identifier - if you OI - then you get government identifier, your general practitioner can upload summary record, so outside--can also upload information. Government decided to OO - everybody has a record that can be used, if you don't want to use, then you don't have to use (you must 'opt out)



TEFCA - Helping develop comments in the respective channels - high level questions • What is TEFCA - what does it mean? • Chris Hills IAO - sits between VA and DoD - tagged from director to coordinate DoD/VA on the TEFCA and the US CDI document that goes with that as well; • 21st century CURES act, directed ONC - trusted exchange network and framework ○ Authenticating health information network participants at a comment level ○ Organizational policies of this exchange this occur ○ Adjudicating non-compliance • There is a difference in the identifying different in how federal agency conduct identity proofing between federal/non-federal partner • TEFCA • Emergency access is missing from TEFCA as part of the POU • Look at requirements for AL2 ○ Per John Moehrke it's not for HL7 to create policy standards, ○ Johnathan Coleman for TEFCA, they are requiring AL2 ○ KConnor - we can put this as a questions - in how are we accounting for the change in LOA (level of assurance) ○ Johnathan Coleman - we are comment on the security requirements


eLTSS Initiative

Refresher on eLTSS - Evelyn Gallegos, Piper Ranallo , US realm PPT: on gForge LINK: • Why we're here, why you should care. 1. Identifying standardized components or data elements 2. X Most of the work start within their home environment, individual (patient/ "patient entered t person centered planning and information exchange 56 dataset core eLTSS,

Would like to advance the dataset, test/pilots will test eLTSS HL7 artifacts as they are developed (AGILE development; SPRINT testing) • Aiming for June FHIR connectathon test [DevDays]

Irina, Mark, Jack Activities in an LTSS Service • Long term services and supports • Natural supports • Beneficiary steps or actions

Long term services include: case management, homemaker, home health aide, personal care

Episode of care - eLTSS is focused is coordinated care, focus has been on the 56 data elements , looking at the bigger pictures.

How to represent LTSS Services in FHR

What does depiction mean? A finessed definitions developed from a group of person; "something that requests from me…"

Kyle - ONC Patient Choice technical project / REACHnet LINK to PPT: Efforts for arcface 3 - Informed consent Research. • MiHIN - presentation (in future telecon) ONC Patient Choice Pilot: HiOH Kids

- Louisiana, Texas (5 million patient) - making data more accessible for research methods PTAS Apps, Modes & Functions

Patient Choice Pilot: Core elements • Use FHIR standards for pediatric consent; designed for distributed implementation

Understand the rationale behind the process on why this particular procedure was used versus another. • Research subject; • Lessons learned: will take back to WG to take under consideration

• Construction reference resource - as to what you've done on your text. • Additional work will be done to which where • Next steps MiHIN demonstration; as a capstone if we want to generalize… see how this can bundled up with our lessons learned to eventually proposed as a work item to be used for future work. • If this come as an IG - requirement is test scripts and guide • ONC pilot - usually ends as a specific FULL production - yes plan… for pediatric registry for completion of this year, adult

Q4 - CBCC Administrative

3-year plan reviewed, revised Meeting Planning completed for May 2018 Cologne, invite sent (

Back to CBCP Wiki: Meetings


Q1 - joint with EHR CBCP Security FHIR(?) (EHR hosting) • Reed Gelzer - Accuracy/Authenticity Assurance (PPT) <<add link or PPT>> • Mike Presentation - Is Privacy Obsolete PPT


Attendee: Dave Pyke, Johnathan Coleman, Jim Kretz, Suzanne Gonzales-Webb Decision Making Process • Update CBCC to CBCP and associated language, update to current WGM Jan 2018

Motion to update DMP as discussed above (Johnathan/Jim) Vote to approve 3, no abstentions, no objections

MISSION Statement • Update CBCC to CBCP, as in DMP • Remove CIC as formal relationship • Add language… after Health and Human Services… change to 'such as…Health and Human Services and Canada Infoway. • Add provenance as an additional bullet point under work products

(eLTSS - long term care) as an additional bullet point

Motion to update as discussed Vote to approve 3, no abstentions, no objections

SWOT Update joint projects - • Remove CIC, Mobile Health • Add ONC to Strengths

Q3 Attendee: Dave Pyke, Jim Kretz, Suzanne Gonzales-Webb Administrative time Completed updates to Governance documents

Q4 Attendee: Dave Pyke, Ken Salyards, Jim Kretz, Suzanne Gonzales-Webb Piper Ranallo presentation - no show

Back to CBCP Wiki: Meetings


Q1 - CBCP Hosting FHIR-I and Security

FHIR Path by Example (Josh Mandel) • Language being used a few placed to pull out/compare different resource • An outgrouth of xpath • Writing an xpath expression; FHIRpath knows what types of expressions 'recognizes'

FHIRPath - ppc-1 Eith a policy or PolicyRule (expression….0

CP 14335 motion to accept John M/ Trish 1 abstention; 0 objections; 16 approve

CP15102 (similar to above) 'duplicate'

Q2 - CBCP Hosting

  1. 15113 added new CP Change as

Motion: John Moehrke/Suzanne Webb Abstentions: none; opposed none; 5 approve

Change Patient to 0..1 and change scope to extensible binding with invariants on exisiting scopes forcing patient to 1..1

Back to CBCP Wiki: Meetings