This wiki has undergone a migration to Confluence found Here
Difference between revisions of "April 19, 2016 CBCC Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| (6 intermediate revisions by one other user not shown) | |||
| Line 9: | Line 9: | ||
! ||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! | ! ||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! | ||
|- | |- | ||
| − | || | + | || || [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair |
||||x|| [mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb ] CBCC Co-Chair | ||||x|| [mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb ] CBCC Co-Chair | ||
||||x|| [mailto:jim.kretz@samhsa.hhs.gov Jim Kretz] CBCC Co-Chair | ||||x|| [mailto:jim.kretz@samhsa.hhs.gov Jim Kretz] CBCC Co-Chair | ||
| Line 15: | Line 15: | ||
|| .|| [mailto:Max.Walker@health.vic.gov.au Max Walker] | || .|| [mailto:Max.Walker@health.vic.gov.au Max Walker] | ||
| − | |||| | + | ||||x|| [mailto:mike.davis@va.gov Mike Davis] |
|||||| [mailto:jmoehrke@ge.med.com John Moehrke] Security Co-Chair | |||||| [mailto:jmoehrke@ge.med.com John Moehrke] Security Co-Chair | ||
|- | |- | ||
|| x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | || x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | ||
| − | |||| | + | |||||| [mailto:kenneth.salyards@samhsa.hhs.gov Ken Salyards] |
|||||| [mailto:LoriR.Simon@gmail Lori Simon] CBCC Interim Co-Chair | |||||| [mailto:LoriR.Simon@gmail Lori Simon] CBCC Interim Co-Chair | ||
|- | |- | ||
| − | || | + | || || [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] SOA Co-Chair |
||||x|| [mailto:rgrow@technatomy.com Rick Grow] | ||||x|| [mailto:rgrow@technatomy.com Rick Grow] | ||
||||.|| [mailto:Harry.Rhodes@AHIMA.org Harry Rhodes] | ||||.|| [mailto:Harry.Rhodes@AHIMA.org Harry Rhodes] | ||
|- | |- | ||
| − | || | + | || || [mailto:serafina.versaggi@gmail.com Serafina Versaggi] |
| − | |||| | + | |||||| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] |
| − | |||| | + | |||||| [mailto:gfm@securityrs.com Glen Marshall] |
|- | |- | ||
| − | || | + | || || [mailto:Steve.Eichner@dshs.state.tx.us Steve Eichner] |
||||.|| [mailto:drdaviss@gmail.com Steve Daviss] | ||||.|| [mailto:drdaviss@gmail.com Steve Daviss] | ||
| − | ||||.|| [ | + | ||||.|| [mailto:Mlardieri@NSHS.edu Mike Lardiere] |
|- | |- | ||
|| x|| [mailto:neelimaj70@gmail.com Neelima Chennamaraja] | || x|| [mailto:neelimaj70@gmail.com Neelima Chennamaraja] | ||
||||| [mailto:lwise@summitmedicalcentercasper.com Lee Wise] | ||||| [mailto:lwise@summitmedicalcentercasper.com Lee Wise] | ||
| − | ||||.|| [ | + | ||||.|| [ |
|- | |- | ||
| Line 52: | Line 52: | ||
|||||| [mailto:bnewton@humecenter.org Brian Newton] | |||||| [mailto:bnewton@humecenter.org Brian Newton] | ||
|- | |- | ||
| − | || | + | ||x|| [mailto:bkinsley@nextgen.com William Kinsley] |
|||||| [mailto:lisa.nelson@lantanagroup.com Lisa Nelson] | |||||| [mailto:lisa.nelson@lantanagroup.com Lisa Nelson] | ||
||||.||[mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||||.||[mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||
| Line 91: | Line 91: | ||
#* [http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9487 Privacy Impact Assessment Cookbook DRAFT] | #* [http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9487 Privacy Impact Assessment Cookbook DRAFT] | ||
#* [http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9488 PbD Principles and Conformance Criteria DRAFT] | #* [http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9488 PbD Principles and Conformance Criteria DRAFT] | ||
| − | #* http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9490 Privacy Impact Assessment Cookbook Project Scope Statement] | + | #* [http://gforge.hl7.org/gf/project/cbcc/docman/?file_id=9490 Privacy Impact Assessment Cookbook Project Scope Statement] |
# ''(01 min)'' '''Healthcare Security and Privacy Access Control Catalog''' - Update post ballot | # ''(01 min)'' '''Healthcare Security and Privacy Access Control Catalog''' - Update post ballot | ||
# ''(05 min)'' '''PASS Access Control Services Conceptual Model''' - (Standing agenda item) update (Diana) | # ''(05 min)'' '''PASS Access Control Services Conceptual Model''' - (Standing agenda item) update (Diana) | ||
| Line 98: | Line 98: | ||
==Meeting Minutes (DRAFT)== | ==Meeting Minutes (DRAFT)== | ||
| − | Meeting minutes for [http://wiki.hl7.org/index.php?title=April_05,_2016_CBCC_Conference_Call April 05, 2016 CBCC Conference Call] | + | Agenda Approved |
| + | |||
| + | '''Meeting minutes for''' [http://wiki.hl7.org/index.php?title=April_05,_2016_CBCC_Conference_Call April 05, 2016 CBCC Conference Call] | ||
Approved: 0 / Abstain: 0 / Objections: 0 | Approved: 0 / Abstain: 0 / Objections: 0 | ||
| + | |||
| + | '''Ballot Reconciliation - Consent Directive CDA R2 IG''' | ||
| + | Ioana has sent out follow up e-mail for the remaining negative votes, awaiting responses from | ||
| + | * Austin Kreisler | ||
| + | * Vasil Peytchev and Nell Lapres (EPIC) | ||
| + | * Lisa Nelson | ||
| + | |||
| + | We are awaiting responses to the proposed dispositions | ||
| + | |||
| + | '''Ballot Reconciliation - Healthcare Access Control Catalog''' | ||
| + | |||
| + | * Suzanne has sent out follow up e-mails to the remaining DoD negative voters | ||
| + | ** Ollie Gray | ||
| + | ** Wei Guo | ||
| + | |||
| + | '''Privacy & Security by Design/''NOW Privacy Impact Assessment Cookbook'' ''' | ||
| + | * Diana expressed concern with the PIA being too cumbersome with HL7 developers which is why she believes the Security Risk Assessment Cookbook did not gain any traction. | ||
| + | * PIA cookbook; are we going to Privacy Impact Assessment, when we are looking for privacy considerations in HL7 standards? | ||
| + | * Mike - it’s a matter of resources and prioritizing activities. This is the simple man's PIA. We need this in place so that we don't want to be harassed in S&P, we want to give them a simple 'checklist.' Not specifically FHIR related, we have a project plan, with a new project scope statement with a trust framework which will be more Privacy by Design (PbD) - a more in-depth type of thing. We are not trying to do both in one project--we want two separate PSS's which address the specific items in each and can be properly scaled. | ||
| + | |||
| + | * Conformance criteria showed... ''Checklist'' | ||
| + | * Principle - Concept of choice | ||
| + | ** PIA Cookbook - what the developer would go through (questions, checklist) | ||
| + | |||
| + | The PbD principles are very high level; they're design principles to be considered when implementing a system. The S&P Framework is intended to be more directed toward consideration that developers or system owners would need to think about from a policy perspective. We’ve had recent discussions when you change the labels on a resource and folks within the FHIR community think they can change labels when they want to. We don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, with the correction, the data was labeled as sensitive but it’s not. (You’ll need to update the existing version) we could have a recommended best practice in order to deal with this. | ||
| + | |||
| + | Additional discussion, minor revisions made to the project scope | ||
| + | |||
| + | '''PASS Access Control''' | ||
| + | * waiting on an update from Alex regarding Bernd's comment (at Security meeting) | ||
| + | |||
| + | '''Joint EHR Security Privacy Vocabulary Alignment''' | ||
| + | |||
| + | * This morning's meeting was cancelled. Work was completed last week for presentation at today's meeting. Continuing to review how to model the vocabulary and are looking to bring in a terminologist to assist with best practices. | ||
| + | |||
| + | Meeting adjourned at 1154 AZT --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:08, 19 April 2016 (EDT) | ||
Latest revision as of 16:56, 26 April 2016
Contents
Community-Based Collaborative Care Working Group Meeting
Meeting Information
Attendees
| Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|
| Johnathan ColemanCBCC Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Jim Kretz CBCC Co-Chair | ||||
| . | Max Walker | x | Mike Davis | John Moehrke Security Co-Chair | ||||
| x | Kathleen Connor Security Co-Chair | Ken Salyards | Lori Simon CBCC Interim Co-Chair | |||||
| Diana Proud-Madruga SOA Co-Chair | x | Rick Grow | . | Harry Rhodes | ||||
| Serafina Versaggi | Ioana Singureanu | Glen Marshall | ||||||
| Steve Eichner | . | Steve Daviss | . | Mike Lardiere | ||||
| x | Neelima Chennamaraja | Lee Wise | . | [ | ||||
| Reed Gelzer | . | Marlowe Greenberg | Chris Clark, WV | |||||
| . | Paul Knapp | . | Matt Peeling | Brian Newton | ||||
| x | William Kinsley | Lisa Nelson | . | Amanda Nash | ||||
| Russell McDonell | Susan Litton | David Bergman | ||||||
| . | Linda Bailey-Woods | Debbie Bucci | Chirag Bhatt | |||||
| Oliver Lawless | Keith Boone | Lori McNeil Tolley | ||||||
| . | Mohammed Jafari | Rob Horn | Gary Dickinson | |||||
| Beth Pumo | M'Lynda Owens | [ |
Agenda
- (05 min) Roll Call, Approve Meeting Minutes from April 12, 2016 CBCC Conference Call
- (15 min) Ballot Reconciliation for Consent Directive
- (10 min) Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook update - Rick
- (01 min) Healthcare Security and Privacy Access Control Catalog - Update post ballot
- (05 min) PASS Access Control Services Conceptual Model - (Standing agenda item) update (Diana)
- (05 min) Joint EHR, Security, Privacy Vocabulary Alignment - (Standing agenda item) update (Diana/Mike)
Meeting Minutes (DRAFT)
Agenda Approved
Meeting minutes for April 05, 2016 CBCC Conference Call
Approved: 0 / Abstain: 0 / Objections: 0
Ballot Reconciliation - Consent Directive CDA R2 IG Ioana has sent out follow up e-mail for the remaining negative votes, awaiting responses from
- Austin Kreisler
- Vasil Peytchev and Nell Lapres (EPIC)
- Lisa Nelson
We are awaiting responses to the proposed dispositions
Ballot Reconciliation - Healthcare Access Control Catalog
- Suzanne has sent out follow up e-mails to the remaining DoD negative voters
- Ollie Gray
- Wei Guo
Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook
- Diana expressed concern with the PIA being too cumbersome with HL7 developers which is why she believes the Security Risk Assessment Cookbook did not gain any traction.
- PIA cookbook; are we going to Privacy Impact Assessment, when we are looking for privacy considerations in HL7 standards?
- Mike - it’s a matter of resources and prioritizing activities. This is the simple man's PIA. We need this in place so that we don't want to be harassed in S&P, we want to give them a simple 'checklist.' Not specifically FHIR related, we have a project plan, with a new project scope statement with a trust framework which will be more Privacy by Design (PbD) - a more in-depth type of thing. We are not trying to do both in one project--we want two separate PSS's which address the specific items in each and can be properly scaled.
- Conformance criteria showed... Checklist
- Principle - Concept of choice
- PIA Cookbook - what the developer would go through (questions, checklist)
The PbD principles are very high level; they're design principles to be considered when implementing a system. The S&P Framework is intended to be more directed toward consideration that developers or system owners would need to think about from a policy perspective. We’ve had recent discussions when you change the labels on a resource and folks within the FHIR community think they can change labels when they want to. We don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, with the correction, the data was labeled as sensitive but it’s not. (You’ll need to update the existing version) we could have a recommended best practice in order to deal with this.
Additional discussion, minor revisions made to the project scope
PASS Access Control
- waiting on an update from Alex regarding Bernd's comment (at Security meeting)
Joint EHR Security Privacy Vocabulary Alignment
- This morning's meeting was cancelled. Work was completed last week for presentation at today's meeting. Continuing to review how to model the vocabulary and are looking to bring in a terminologist to assist with best practices.
Meeting adjourned at 1154 AZT --Suzannegw (talk) 15:08, 19 April 2016 (EDT)
