Difference between revisions of "April 19, 2016 CBCC Conference Call"
| Line 101: | Line 101: | ||
Approved: 0 / Abstain: 0 / Objections: 0 | Approved: 0 / Abstain: 0 / Objections: 0 | ||
| + | |||
| + | Ballot Reconciliation - Consent Directive CDA R2 IG | ||
| + | * Ioana has sent out follow up e-mail to the remaining negative votes | ||
| + | ** Austin Kreisler | ||
| + | ** Vasil Peytchev and Nell Lapres (EPIC) | ||
| + | ** Lisa Nelson | ||
| + | |||
| + | We are awaiting response to the proposed comments, suggestions | ||
| + | |||
| + | Ballot Reconciliation - Healthcare Access Control Catalog | ||
| + | * Suzanne has sent out follow up e-mails to the DoD remaining negative votes | ||
| + | ** Ollie Gray | ||
| + | ** Wei Guo | ||
| + | |||
| + | |||
| + | Diana is concerned with too the PIA being too cumberson with HL7 developers which is what she believes is why the Security Risk Assessment cookmenet did not gain any traction. | ||
| + | * PIA cookbook ; are we going to Pirvacy impact assesemnt, when we are looking for privacy considerations in Hl7 standards | ||
| + | ** Mike - its a mater of resources an dprioritizing activies. this is the simple man's PIA. we need this in place so that we don't want to be harrasees in S&P, we want to give them a simple'' checklist. Not specificially FHIR related, we have a project plan, with a new scope statement with a trust framework which will be more PbD (more indept) type of thing. we are not tyring to do both in one project--we want two separate PSS which address the specific items in each and can be propeorly scaled. | ||
| + | |||
| + | Conformance critera showed... ''checklist'' | ||
| + | * Principle - Concent of choice | ||
| + | * PIA Cookbook - what the developer would go thorugh (questions), | ||
| + | |||
| + | The PbD are very high level; its a design principle to be coning sidered when implementing a system. The S&P Framework is intended to be more of directed toward consideration that devlopers or system orders would need to think about in a policy perspective. we've had recent discussions when you change the labels on a resource and folks with the FHIR community think they can change labels when they want to. we don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, the correction--the data was labeled as sensitive but its not. (you'll need to update the exisiting version) we could have a recommended best practice in order to deal with this. if | ||
Revision as of 18:28, 19 April 2016
Contents
Community-Based Collaborative Care Working Group Meeting
Meeting Information
Attendees
| Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|
| Johnathan ColemanCBCC Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Jim Kretz CBCC Co-Chair | ||||
| . | Max Walker | . | Mike Davis | John Moehrke Security Co-Chair | ||||
| x | Kathleen Connor Security Co-Chair | Ken Salyards | Lori Simon CBCC Interim Co-Chair | |||||
| Diana Proud-Madruga SOA Co-Chair | x | Rick Grow | . | Harry Rhodes | ||||
| Serafina Versaggi | Ioana Singureanu | Glen Marshall | ||||||
| Steve Eichner | . | Steve Daviss | . | Mike Lardiere | ||||
| x | Neelima Chennamaraja | Lee Wise | . | [ | ||||
| Reed Gelzer | . | Marlowe Greenberg | Chris Clark, WV | |||||
| . | Paul Knapp | . | Matt Peeling | Brian Newton | ||||
| . | William Kinsley | Lisa Nelson | . | Amanda Nash | ||||
| Russell McDonell | Susan Litton | David Bergman | ||||||
| . | Linda Bailey-Woods | Debbie Bucci | Chirag Bhatt | |||||
| Oliver Lawless | Keith Boone | Lori McNeil Tolley | ||||||
| . | Mohammed Jafari | Rob Horn | Gary Dickinson | |||||
| Beth Pumo | M'Lynda Owens | [ |
Agenda
- (05 min) Roll Call, Approve Meeting Minutes from April 12, 2016 CBCC Conference Call
- (15 min) Ballot Reconciliation for Consent Directive
- (10 min) Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook update - Rick
- (01 min) Healthcare Security and Privacy Access Control Catalog - Update post ballot
- (05 min) PASS Access Control Services Conceptual Model - (Standing agenda item) update (Diana)
- (05 min) Joint EHR, Security, Privacy Vocabulary Alignment - (Standing agenda item) update (Diana/Mike)
Meeting Minutes (DRAFT)
Meeting minutes for April 05, 2016 CBCC Conference Call
Approved: 0 / Abstain: 0 / Objections: 0
Ballot Reconciliation - Consent Directive CDA R2 IG
- Ioana has sent out follow up e-mail to the remaining negative votes
- Austin Kreisler
- Vasil Peytchev and Nell Lapres (EPIC)
- Lisa Nelson
We are awaiting response to the proposed comments, suggestions
Ballot Reconciliation - Healthcare Access Control Catalog
- Suzanne has sent out follow up e-mails to the DoD remaining negative votes
- Ollie Gray
- Wei Guo
Diana is concerned with too the PIA being too cumberson with HL7 developers which is what she believes is why the Security Risk Assessment cookmenet did not gain any traction.
- PIA cookbook ; are we going to Pirvacy impact assesemnt, when we are looking for privacy considerations in Hl7 standards
- Mike - its a mater of resources an dprioritizing activies. this is the simple man's PIA. we need this in place so that we don't want to be harrasees in S&P, we want to give them a simple checklist. Not specificially FHIR related, we have a project plan, with a new scope statement with a trust framework which will be more PbD (more indept) type of thing. we are not tyring to do both in one project--we want two separate PSS which address the specific items in each and can be propeorly scaled.
Conformance critera showed... checklist
- Principle - Concent of choice
- PIA Cookbook - what the developer would go thorugh (questions),
The PbD are very high level; its a design principle to be coning sidered when implementing a system. The S&P Framework is intended to be more of directed toward consideration that devlopers or system orders would need to think about in a policy perspective. we've had recent discussions when you change the labels on a resource and folks with the FHIR community think they can change labels when they want to. we don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, the correction--the data was labeled as sensitive but its not. (you'll need to update the exisiting version) we could have a recommended best practice in order to deal with this. if
