DRAFT 2017 May Working Group Meeting - Madrid, Spain - CBCC WORKING GROUP

• HL7 WGM EVENT Page Link
• On-Site Meeting Schedule
• BROCHURE Link

Community Based Collaborative Care (CBCC) WORKING GROUP SESSIONS

Back to CBCC Wiki: Meetings

Agenda and Meeting Minutes

Back to CBCC Wiki: Meetings

Q1=9:00 – 10:30 am; Q2=11:00 – 12:30 pm; Q3=1:45 – 3:00 pm; Q4=3:30 – 5:00 pm

Back to CBCC Wiki Meetings

Meeting Minutes Draft

Back to CBCC Wiki: Meetings

2017 – CBCC WGM CBCC Monday Q3 Attendees: David Pyke (david.pyke@readycomputing.com) Danielle Friend (dfriend@epic.com) Ardon Toonstra (a.Toonstra@furore.com Trish Williams (patricia.williams@flinders.edu.au) John Moehrke (johnmoehrke@gmail.com) Alexander Mense (mense@technikum-wien.at) Bernd Blobel (bernd.blobel@klinik.uni-regensburg.de)

Agenda: CBCC & Security Reports Out International Reports Out

CBCC Report Out

SPIA Continues to be stalled until Mike Davis or appointee can take over as editor

John Moehrke willing to be responsible for SPIA. Talk to Mike Davis to have it turned over or at least the most recent version submitted to the committee.

FHIR Consent

• Consent to share as stable as possible
• Advance Directive showing promise with several directives able to be covered without significant change
• Research stalled without input from BRR. DP to visit BRR to gain attendees
• Treatment in initial stages

• Workflow to be covered this week with FHIR-I including potential for a ConsentRequest resource for gaining consent where none currently exists

Security Report out

• Reconciliation of trust framework specification – taking place later – dynamically creating trust frameworks (possibly via policy)
• Only defined trust elements and framework
• Selection of policies

• FHIR Security

• Audit, Provenance, security labels Need test scenarios
• Some open issues
• Interest from use case regarding SUBSET regarding update
• Two mechanisms – security tags and Summary
  • How will server know if the push is the result of a subset, that missing are not to be removed – potential for profile/dynamic profile to manage
• How to request SUBSET (e.g., w/o gender or race)
  • If message with SUBSET, how would be dealt with
  • Redacted state for FHIR returned data
  • Purpose of use is potential use case
  • A profile that creates a subset is only one form of de-id, and that starts a bigger problem that may break profiles

• FHIR Data model is limiting and causing profiles to break the model
  • ICT ontology should be examined as an issue (Bernd)
  • SMART on FHIR and Oauth are moving into HL7.
  • FHIR-I is hosting, but Security is asking for comment
  • Smart should not be seen as the one way.
  • Some constraints are in there but the meet only a subset of FHIR use-cases
  • Digital signature vocabulary only has ASTM as a source
  • Use ASTM to add to vocab despite ASTM no longer meeting or use HL7 vocabulary
  • DSG [IHE] is final text

International report out

Some work concluded regarding specifications

• ISO25237 Health info psuedonymisation
  • Approved IS which has been published.
  • Accepted for use by EU parliament
  • Guidance on health information education

• ISO 21298 HI Functional and structural Roles
  • Organizational relationships
  • Functional relationships
  • Global overview how assignments are in various countries
  • Includes international coding

• PKI 17090 Part 5 using PKI creds – Launched by Japan
  • Completing the framework
  • Tooling underway

• TC215 WG4 extended scope to new technology
  • Cloud – usage, risk assessment, frameworks

• TS11633 Remote for medical devices (Japan)
  • Not ready for publication
  • Framework stated 2008, Published by TR.

• Audit trail 27789 changed relationship with DICOM and HL7
  • DICOM passed audit trail proposal with part 16 with vocabulary fixes
  • Part 15 added patient record or codes same implementation model
  • Supplement 95 incorporated
  • System review attempted start to discuss ADA

CBCC Monday Q4 Presentation by Bernd Blobel on Ontology based standards and effect on current Trust Framework work by Security (to be attached, Kathleen video/audio recorded)

Attendees: David Pyke Ed Hammond Hideyuki Miyohara David Booth Richard Esmark Trish Williams Alexander Mense Mark Shafarman Pat Van Dyke Steve Hofnagel Gora Datta Bernd Blobel Kathleen Connor Stan Huff Susan Matney Galen Mulrooney David Booth Claude Nanjo Lori Reed-Forquet Nancy Orvis Muhammad Asim

Coverage of the Trust Framework was minimal due to large numbers of questions on the base concept of Ontological-based system design. Examples and more detail to be added to the presentation deck

Tuesday Q2 – No Quorum

Tuesday Q3

Attendees: Hideyuki Miyohara William Jones Alexander Mense Reinherd Egelkraut Karl Wolzer(?) Matthew Graham John Moehrke Frank Ploeg Gora Datta

• Mobile Health – cMHAFF update (Presentation deck to be attached)
  • 200,00 Consumer Heath Apps, 90% in question, 12% potentially deadly
  • MH looking for assistance on what to add for privacy/security
  • Consensus on who cMHAFF was for is missing. Large amounts are US only. It was moved back to the reliability and safety of exchanged data.
  • Mheath subset of the EU eHealth requested that MH stops work and moved to mHealth. All publication stopped.
  • Guidelines were considered suggestions for app developers entering the space. Consumer decides if they want to use the app.
  • Moving to a conceptual framework. Has an aspirational aspect for app development
  • Would like guidance for concepts and terms for risk assessment for privacy and security. What are the layers for best/moderate/minimal adherence
  • Certification standards exist, created with Privacy by Design, risk based security
  • App devs, users may not care when recommending
  • Trust frameworks may be needed and calculated. Adds social and environment aspects

Tuesday Q4

CBCC FHIR Consent Issues

• • Creation possibilities for ConsentRequest resource and mapping to handle use care for gaining treatment or other consent where not existing, across organisations

Wednesday Q2 Attendees David Hay Ardon Toonstra Alexander Henket

• FHIR Consent Comment Resolution
• Reviewed comments: 12666, 13313, 13358, 13360, 13361
  • Discussed potential for source to link to physical location, awaiting use case to see if actually needed. Potential to have location added to document reference or attachment type

Wednesday Q3 - No quorum

Wednesday Q4 Attendees John Moehrke Marten Smits Ashley Duncan

FHIR Consent review Reviewed comments: 12666 (Add Consent V2 mappings) Test mappings added. Further review at the Weekly meetings 13313 (Add note / comment to Consent) Awaiting use case 13358 (Make Policy and PolicyRule a codeableconcept instead of URI) Implementers confused by the two example links, recommended to change Further review at Weekly meeting 13360 (Remove invariant “Either a Policy or PolicyRule”) Unlikely due to requirement for consent. Further review required. 13361 (Add option to allow for sepcifying wether a consent was verified by the patient or his/her family)) Voted to accept 13361 4-0-0