Difference between revisions of "May 2016 Montreal WGM - Security"

Agenda: HL7 WGM MAY 2016 - Montreal Canada Security WG - May 09 - 13, 2016

Return to: Back to Security Work Group Main Page

Agenda: HL7 WGM MAY 2016 - Montreal Canada Security WG - May 09 - 13, 2016]

Return to: WGM Minutes > 2016 > May Montreal

Return to: Back to Security Work Group Main Page

Overall Attendees

• Alexander Mense alexander.mense@hl7.at
• Andrew Torres andrew.torres@cerner.com
• Duane DeCouteau ddecouteau@edmondsci.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Guillaume Rossignol guillaume.rossignol@almeris.com
• Mohammad Jafari mjafari@edmondsci.com
• Kathleen Connor kathleen.connor@comcast.net
• Pete Gilbert peter.gilbert@mhplan.com
• Pete Robinson pete@cedarbridge.com
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Beth Pumo beth.pumo@kp.org

Monday Q3 – Q4

CBCC Joint with Security See CBCC WGM Minutes CBCC Montreal WGM Minutes CBCC Joint with Security FHIR Project Meeting

Tuesday Q1 May 10

Attendees:

• Alexander Mense alexander.mense@hl7.at
• Duane DeCouteau ddecouteau@edmondsci.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Mohammad Jafari mjafari@edmondsci.com
• Kathleen Connor kathleen.connor@comcast.net
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Beth Pumo beth.pumo@kp.org

Opening Security WG Meeting Chair: Kathleen Connor

• Introductions by participants was minimal since the same people introduced themselves during the CBCC Opening Session.
• Approval of the agenda [http://wiki.hl7.org/index.php?title=May_2016_Montreal_WGM_-_Security_Agenda May 2016 Montreal WGM - Security Agenda after noting that several scheduled sessions are likely going to be cancelled or compressed.:
  • Participation is light because many Security and CBCC WG members were unable to attend
  • Suzanne will announce that the Security WG has finished its Vocabulary alignment effort with the EHR WG during Wed Q1 Joint, so the Wed Q3 session will likely be cancelled. FHIR-I has scheduled its Joint with Security on Thurs Q1

KC proposed to keep any open sessions on the agenda for work sessions on FHIR documentation, and others agreed. Updates:

• FHIR Cochair meeting: Kathleen discussed key FHIR STU3 timelines:
  • Due by June 1st - Resource Proposals on website with WG approval; Connectathon Proposals for September WGM; and Feedback on gforge tool
  • Sunday July 17 is Substantive content freeze for ballot
  • In order for Mohammad and Duane to be granted commit rights to the FHIR build, they must be providing FHIR facilitation for WGs. Given the current amount of work that needs to be put in the build, some of which John hasn’t been able to get done, Kathleen proposed that both CBCC and Security name them as additional FHIR Facilitators. Mohammad submitted the commit request information to Lloyd.
• Steering Division and Cochair Dinner:
  • Alex reported that the PASS Audit PSS was approved during FTSD Q6. He moved, and Grahame seconded.
  • Project Services advises that all WGs sponsoring a PSS keep any co-sponsors apprised of the approval progress especially when they are in different steering divisions.

Security WG items: Kathleen proposed that the WG recognize Hideyuki Miyohara as a cochair during the Montreal WGM because neither Trisha nor John were able to attend. WG agreed to Hide being a temporary cochair if needed.

International Report outs Alex Mense presented on a number of EU health information privacy and security developments:

• He presented slides and walked us through the regulation, describing the politics that took place with large data controllers and processors.
• dp-day-pn-presentation-reform_gr1_adopted.pdf
• European_directive_oj_en.pdf
• European_regulation_oj_en.pdf
• Radical changes to European data protection legislation.pdf

Code of Conduct on mHealth apps: The code is being developed by the industry for app developers in order to safeguard privacy of data collected by mHealth apps. App certification is being considered. The minutes, presentation slides and participant list are available here.

Alex referenced a related EU mHealth activity: https://ec.europa.eu/digital-single-market/en/news/meeting-privacy-code-conduct-mhealth-apps

Beth suggested sharing EU Directive material with mHealth WG

Liaison Reports: ISO, IHE, ONC (HEART)

• IHE Report – no representative available
• ISO Report – Hide summarized what he’d reported on in the CBCC Opening Session. He announced that he is now the ISO TC215 WG4 Convener. He updated the Security WG on the 25th meeting of ISO TC215 in Amsterdam NL, May 6, 2016 on Privacy, Security, and Safety, and provided us with the WG4 Closing Plenary Presentation.
• IDESG - Beth Discussed the IDESG new Glossary and that IDEF is focusing on Healthcare.
• HEART – Kathleen reported on their current standards and the ONC HEART challenge.
• UMA – Kathleen reported on recent activities including mitigating a risk in the current UMA profile, use case development, uptake of HL7 FHIR Contract concepts such as grantor, grantee, subject, contract and consent directives to describe the agreements among UMA actors, which are not currently addressed by UMA standards and OAUTH profile.

The input to this development come from the UMA Legal group, which is working with ABA and CommonAccord to develop standardized, modular, and compose-able contract provisions and core contract content such as recitals. In addition, there is some interest in developing OAuth Scopes using HL7 security labels and the HL7 ABAC to encode clearances.

This would be an alternative to the current HEART Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes use of pre-coordinated strings, such as the following, which are not scalable if additional attributes beyond simple CRUDE Operations/Object permissions are required for e.g., ABAC.

• Read and write access to a single patient's complete records.

patient/*.* Full access to a single patient's complete records.

• user/Patient.read - Read access to all authorized demographic information.
• user/Patient.write - Read and write access to all authorized demographic information.
• user/Patient.* - Full access to all authorized demographic information.
• user/MedicationOrder.read - Read access to all authorized orders for medications.
• user/MedicationOrder.write - Read and write access to all authorized orders for medications.
• user/MedicationOrder.* Full access to all authorized orders for medications.
• HL7 Project status and updates:
  • Privacy Impact Assessment and Privacy and Security by Design – Suzanne updated the WG about progress on the PIA, and deferral of the P&SbD.
• FHIR Security - AuditEvent, Provenance, Security Labels – Kathleen gave an update on recent work and the WG need to review the solution to the security label versioning issue that Lloyd proposed.
  • FHIR Consent Directive work (with CBCC) – Kathleen noted that the WGs have about 8 weeks to complete all the documentation and load the value sets and model spreadsheets into the build, have these QA’d etc.
  • Security/EHR Vocabulary Alignment – Suzanne gave a summary of recent changes in this project, and the decision to finalize the Vocabulary definitions and models developed by Mike and Diana to close out the project.
• Workgroup Health Update – Kathleen congratulated the much missed Princess Trish for getting the Security WG its first gold star. She the presented the statistics and discussed the need to clear out old projects from Project Insight and to send Dave Hamill an updated Security WG 3 year plan.
  • Kathleen to check with Trish about where that plan is and have the WG review for any needed updates during the interim.
  • She asked Dave Hamill to send Security WG cochairs the WG’s Project Insight logon and password.

Tuesday Q2

Trust Framework Work Session Attendees:

• Alexander Mense alexander.mense@hl7.at
• Andrew Torres andrew.torres@cerner.com
• Duane DeCouteau ddecouteau@edmondsci.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Guillaume Rossignol guillaume.rossignol@almeris.com
• Mohammad Jafari mjafari@edmondsci.com
• Kathleen Connor kathleen.connor@comcast.net
• Pete Gilbert peter.gilbert@mhplan.com
• Pete Robinson pete@cedarbridge.com
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Beth Pumo beth.pumo@kp.org

Cochair: Alex Mense Review of Current Trust Framework Efforts Kathleen referred WG to the Security Trust Library where she has uploaded material related to: • Trust Framework Governance initiatives discussed included: o DirectTrust and its accreditation program for Direct Trust Bundles o Nate and its accreditation program for PHRs o IDESG Trust Framework and Trust Marks, which are being developed by GTRI [Georgia Tech Research Institute] with support from NSTIC for self-assessment and establishing “Trust Federations” among stakeholder communities’ identity and service providers. Each Trust Federation licenses the Trust Marks developed by GTRI in accordance with IDESG privacy, security, trust, standards, and other requirements. • Trust Framework established and emerging standards discussed included description of how GTRI trust marks were developed and how they work. • Trust Framework requirements from various jurisdictions including the THEWS and Privacy Architecture for Ubiquitous Health work that Bernd Blobel has authored. Alexander provided more detail on this work and its uptake in EU. • Health applications for Block Chaining. Guillaume described some possible applications for health care financial transactions and how vendors are able to provide block chaining services at a low price to consumers and businesses, such as http://proofofexistence.com Kathleen discussed the how the HL7 Trust Labels can be used as Access Control Information in the HL7 Security Labeling Service, Trust model in the HL7 PASS Access Control Functional Model, and planned work on Trust Framework models in the Privacy and Security Architecture Framework [PSAF]. She also discussed initial work on a FHIR Trust Framework profile on Contract that could use the HL7 Trust Labels, possibly leverage the GTRI Trust Mark approach for developing FHIR Trust Marks, which could be referenced by a FHIR Trust Framework instance to stipulate the Trust Marks to which the parties agree to comply. See CBCC Montreal WGM Minutes

Tuesday Q3

CBCC Joint with Security FHIR Project Meeting

See CBCC WGM Minutes

Tuesday Q4

Security FHIR Project Meeting

Attendees:

• Alexander Mense alexander.mense@hl7.at
• Andrew Torres andrew.torres@cerner.com
• Duane DeCouteau ddecouteau@edmondsci.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Guillaume Rossignol guillaume.rossignol@almeris.com
• Mohammad Jafari mjafari@edmondsci.com
• Kathleen Connor kathleen.connor@comcast.net
• Pete Gilbert peter.gilbert@mhplan.com
• Pete Robinson pete@cedarbridge.com
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Beth Pumo beth.pumo@kp.org

Cochair: Kathleen Since there were no FHIR Security specific issues slated for discussion since most have been resolved, the WG decided to continue with FHIR CD work by discussing the experience of several consent directive implementers who were present.

• Andrew Torres presented on Cerner’s Patient Portal implementation of FHIR CD.

He said that Cerner attorneys were comfortable with the Contract construct, although as an implementer, he’d prefer not to see the Contract Resource structure or deal with a profile, but that he can live with it. Andrew stated that Cerner customers will be upgraded to STU3 after ballot. Andrew agreed that some type of Consent tracking capability would be useful.

• Pete Gilbert, Meridian Health Plan, described how implementers use the v.2 Consent segment and the tracking components in other messages, e.g. the Admission ADT message with an Access Restriction Value [ARV] segment, which carries metadata that could have been derived from a paper consent directive or from the CONS segment. Kathleen cited similar security label type metadata in the Financial Management and Orders and Observation messages.
• Pete Robinson, CedarBridge Group, described how the Michigan Health Information Network (MiHIN) plans to implement a statewide electronic Consent Management Service (eCMS), which will enable multiple state Exchanges to manage and track the status of behavioral health consent directives. With a federated approach that enables local Exchanges to decide on which (1) consent directive formats or standards to implement, e.g., v.2 TXA with CONS, CDA Consent Directives per SAMHSAConsent2Share, paper forms, of FHIR CDs, and (2) which register/retrieve paradigm they deem best, that all Exchanges can efficiently share a patient’s consent directive location, status, and other metadata required to comply with privacy laws using automated access control enforcement.
• Kathleen asked the presenters about whether their implementations also had a requirement for a Consent metadata tracking capability for managing consent directive workflows – e.g., did the patient get asked to consent? What access control requirements did the patient’s consent entail? How to track whether the consent is active, pended, overridden, revoked, terminated, renewed or replaced? Where is the consent directive located so that authorized requesters can retrieve it for sensitive details not contained in the consent tracking metadata? All agreed that some infrastructure like that needs to be in place.

Wednesday Q1 - May 11

Joint w/ EHR, CBCC, FHIR, SOA, Security

• FHIR Connectathon testing scenarios

Wednesday Q2

Joint w/ SOA Only SOA cochair Stefano Lotti was able to attend. He declined to discuss PASS work and focused his discussion on SOA’s project for Public/Private Cloud, including a survey, white paper, and guidance on transitioning to the cloud. Security participants spoke briefly about several active projects, including PSAF and Trust Framework. The SOA Joint adjourned early.

• Security WG participants decided to continue on FHIR CD discussions, and decided to convened the Q3 meeting early for the rest of Q2.

Attendees

• Alexander Mense alexander.mense@hl7.at
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Kathleen Connor kathleen.connor@comcast.net
• Beth Pumo beth.pumo@kp.org

Alex chaired.

• Beth led a project management discussion and suggested several ways in which we could increase participation.
• She suggested we ask CBCC to reschedule the Friday FHIR CD calls because she as Project Manager, several cochairs, key participants, and stakeholders have been unable to attend at that time. We decided to ask Suzanne to see if CBCC would be willing to let us move the FHIR CD work sessions to the last half of the regular CBCC WG calls on Tuesday during the STU3 ballot period. The CBCC main calls have been ending early because many of the projects were winding down or already in development.
• Beth and the WG also discussed strategies to get more “hands on deck”.
• Kathleen described the difference in her experience working with Paul on FHIR Contract and CD from the experience with John as facilitator. Paul regularly held work sessions and let others work on the model spreadsheets, vocabulary xml templates, and other templates directly, which was more empowering than trying to convey all changes through CPs and resolutions, and then waiting to see the resulting implementation.
• The WG made plans for engaging others to contribute directly to the FHIR CD IG wiki, loading material into gforge, the FHIR templates, and tutorials to show others how to set up local FHIR builds, where to find the FHIR artifacts, how to track important FHIR updates etc.
• Beth, Alex, and Suzanne had decided to set up a meeting so that Suzanne could show participants how to manage the CBCC wiki/gforge, and where to find relevant artifacts.
• After conferring with Alex about the Tuesday Q4 meeting with implementers and the discussions on email and in person about what FHIR implementers weren’t finding the FHIR CD suited for consent directive tracking purposes.
• She had reviewed the DocumentReference Resource, and found that it lacked the same constraints that had led to the creation of the DS4P Exchange/Direct IGs.
• Recognizing that the consent management capability should not be privacy leaking, Kathleen proposed asking CBCC to consider creating a FHIR Consent Resource based on the HL7 Data Segmentation for Privacy Exchange and Direct IGs. Beth seconded her proposal. The motion carried 3-0-0.
• Kathleen to prepare a draft FHIR Resource spreadsheet and introduction for consideration by CBCC. This proposal must be approved and submitted by June 1 for inclusion in the STU3 ballot.
• Most participants had other meetings to attend for Q3 and 4, so the WG adjourned until Thursday Q1 Joint with FHIR-I.
• No further Security WG meetings were scheduled for the remainder of the WGM.