This wiki has undergone a migration to Confluence found Here
Difference between revisions of "April 19, 2016 CBCC Conference Call"
Jump to navigation
Jump to search
| Line 15: | Line 15: | ||
|| .|| [mailto:Max.Walker@health.vic.gov.au Max Walker] | || .|| [mailto:Max.Walker@health.vic.gov.au Max Walker] | ||
| − | |||| | + | ||||x|| [mailto:mike.davis@va.gov Mike Davis] |
|||||| [mailto:jmoehrke@ge.med.com John Moehrke] Security Co-Chair | |||||| [mailto:jmoehrke@ge.med.com John Moehrke] Security Co-Chair | ||
|- | |- | ||
| Line 52: | Line 52: | ||
|||||| [mailto:bnewton@humecenter.org Brian Newton] | |||||| [mailto:bnewton@humecenter.org Brian Newton] | ||
|- | |- | ||
| − | || | + | ||x|| [mailto:bkinsley@nextgen.com William Kinsley] |
|||||| [mailto:lisa.nelson@lantanagroup.com Lisa Nelson] | |||||| [mailto:lisa.nelson@lantanagroup.com Lisa Nelson] | ||
||||.||[mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||||.||[mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||
| Line 116: | Line 116: | ||
| − | Diana is concerned with too the PIA being too | + | Diana is concerned with too the PIA being too cumbersome with HL7 developers which is what she believes is why the Security Risk Assessment Cookbook did not gain any traction. |
| − | * PIA cookbook ; are we going to | + | * PIA cookbook; are we going to Privacy Impact Assessment, when we are looking for privacy considerations in HL7 standards |
| − | ** Mike - | + | ** Mike - it’s a matter of resources and prioritizing activities. This is the simple man's PIA. We need this in place so that we don't want to be harassed in S&P, we want to give them a simple'' checklist. Not specifically FHIR related, we have a project plan, with a new scope statement with a trust framework which will be more Privacy by Design (PbD) --more in-depth type of thing. We are not trying to do both in one project--we want two separate PSS which address the specific items in each and can be properly scaled. |
| − | Conformance | + | Conformance criteria showed... ''Checklist'' |
| − | * Principle - | + | * Principle - Concept of choice |
| − | * PIA Cookbook - what the developer would go | + | * PIA Cookbook - what the developer would go through (questions), |
| − | The PbD are very high level; | + | The PbD are very high level; it’s a design principle to be considered when implementing a system. The S&P Framework is intended to be more of directed toward consideration that developers or system orders would need to think about in a policy perspective. We’ve had recent discussions when you change the labels on a resource and folks with the FHIR community think they can change labels when they want to. We don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, the correction--the data was labeled as sensitive but it’s not. (You’ll need to update the existing version) we could have a recommended best practice in order to deal with this. |
| + | |||
| + | Addition discussion, revisions made to the project scope | ||
| + | |||
| + | PASS Access Control | ||
| + | * waiting on an update from Alex regarding Bernd's comment (at security meeting) | ||
| + | |||
| + | Joint EHR Security Privacy Vocabulary Alignment | ||
| + | * No meeting this AM) | ||
| + | * Work completed last week for presentation at today's meeting. Continuing to review how to model the vocabulary and looking to bring in a terminologist to assist with best practices. | ||
| + | |||
| + | Meeting adjourned at 1154 AZT --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:08, 19 April 2016 (EDT) | ||
Revision as of 19:08, 19 April 2016
Contents
Community-Based Collaborative Care Working Group Meeting
Meeting Information
Attendees
| Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|
| Johnathan ColemanCBCC Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Jim Kretz CBCC Co-Chair | ||||
| . | Max Walker | x | Mike Davis | John Moehrke Security Co-Chair | ||||
| x | Kathleen Connor Security Co-Chair | Ken Salyards | Lori Simon CBCC Interim Co-Chair | |||||
| Diana Proud-Madruga SOA Co-Chair | x | Rick Grow | . | Harry Rhodes | ||||
| Serafina Versaggi | Ioana Singureanu | Glen Marshall | ||||||
| Steve Eichner | . | Steve Daviss | . | Mike Lardiere | ||||
| x | Neelima Chennamaraja | Lee Wise | . | [ | ||||
| Reed Gelzer | . | Marlowe Greenberg | Chris Clark, WV | |||||
| . | Paul Knapp | . | Matt Peeling | Brian Newton | ||||
| x | William Kinsley | Lisa Nelson | . | Amanda Nash | ||||
| Russell McDonell | Susan Litton | David Bergman | ||||||
| . | Linda Bailey-Woods | Debbie Bucci | Chirag Bhatt | |||||
| Oliver Lawless | Keith Boone | Lori McNeil Tolley | ||||||
| . | Mohammed Jafari | Rob Horn | Gary Dickinson | |||||
| Beth Pumo | M'Lynda Owens | [ |
Agenda
- (05 min) Roll Call, Approve Meeting Minutes from April 12, 2016 CBCC Conference Call
- (15 min) Ballot Reconciliation for Consent Directive
- (10 min) Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook update - Rick
- (01 min) Healthcare Security and Privacy Access Control Catalog - Update post ballot
- (05 min) PASS Access Control Services Conceptual Model - (Standing agenda item) update (Diana)
- (05 min) Joint EHR, Security, Privacy Vocabulary Alignment - (Standing agenda item) update (Diana/Mike)
Meeting Minutes (DRAFT)
Meeting minutes for April 05, 2016 CBCC Conference Call
Approved: 0 / Abstain: 0 / Objections: 0
Ballot Reconciliation - Consent Directive CDA R2 IG
- Ioana has sent out follow up e-mail to the remaining negative votes
- Austin Kreisler
- Vasil Peytchev and Nell Lapres (EPIC)
- Lisa Nelson
We are awaiting response to the proposed comments, suggestions
Ballot Reconciliation - Healthcare Access Control Catalog
- Suzanne has sent out follow up e-mails to the DoD remaining negative votes
- Ollie Gray
- Wei Guo
Diana is concerned with too the PIA being too cumbersome with HL7 developers which is what she believes is why the Security Risk Assessment Cookbook did not gain any traction.
- PIA cookbook; are we going to Privacy Impact Assessment, when we are looking for privacy considerations in HL7 standards
- Mike - it’s a matter of resources and prioritizing activities. This is the simple man's PIA. We need this in place so that we don't want to be harassed in S&P, we want to give them a simple checklist. Not specifically FHIR related, we have a project plan, with a new scope statement with a trust framework which will be more Privacy by Design (PbD) --more in-depth type of thing. We are not trying to do both in one project--we want two separate PSS which address the specific items in each and can be properly scaled.
Conformance criteria showed... Checklist
- Principle - Concept of choice
- PIA Cookbook - what the developer would go through (questions),
The PbD are very high level; it’s a design principle to be considered when implementing a system. The S&P Framework is intended to be more of directed toward consideration that developers or system orders would need to think about in a policy perspective. We’ve had recent discussions when you change the labels on a resource and folks with the FHIR community think they can change labels when they want to. We don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, the correction--the data was labeled as sensitive but it’s not. (You’ll need to update the existing version) we could have a recommended best practice in order to deal with this.
Addition discussion, revisions made to the project scope
PASS Access Control
- waiting on an update from Alex regarding Bernd's comment (at security meeting)
Joint EHR Security Privacy Vocabulary Alignment
- No meeting this AM)
- Work completed last week for presentation at today's meeting. Continuing to review how to model the vocabulary and looking to bring in a terminologist to assist with best practices.
Meeting adjourned at 1154 AZT --Suzannegw (talk) 15:08, 19 April 2016 (EDT)
