Difference between revisions of "HL7 January 2018 - New Orleans US MINUTES"

MINUTES WGM New Orleans 29th January to 2nd February 2018

Monday Q3

Joint CBCP - Security

See CBCC Minutes

Monday Q4

Joint CBCC - Security

See CBCC Minutes

Tuesday Q1

Opening Security WG Meeting

Attendees:

• Trish Williams trish.williams@flinders.edu.au
• John Moehrke John.Moehrke@gmail.com
• Alexander Mense alexander.mense@hl7.at
• Kathleen Connor Kathleen.connor@comcast.net
• Mike Davis mike.davis@va.gov
• Chris Shawn christopher.shawn@va.gov
• David Pyke david.pyke@readycomputing.com
• Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
• Suzanne Webb suzanne.webb@bookzurman.com
• Elysa Jones elysajones@yahoo.com
• Michael Donnelly michael.donnelly@epic.com
• Ron Ross ron_ross@clinicalarchitecture.com
• Dennis Patterson dennis.patterson@cerner.com
• Kevin Olbrich kevin.olbrich@mckesson.com

Chaired by Trish

• Introductions
• Approval of agenda
• International Report outs
  • Japan:
  • EU:
  • Australia:

• Liaison Reports: ISO, IHE, ONC
  • ISO (Hide)
  • IHE (John)
  • OASIS (Mike)

Agenda items deferred to Q4

• FHIR Security Report out - John Moehrke
• HL7 Project status and updates:
  • Is Privacy Obsolete Study Group - Mike Davis
  • Trust Framework & S&P DAM - Next Steps - Mike Davis and Chris Shawn

Tuesday Q2

Joint with CBCP - FHIR CCDE Connectathon Report Out/TEFCA Comments

Attendees:

• Trish Williams trish.williams@flinders.edu.au
• John Moehrke John.Moehrke@gmail.com
• Alexander Mense alexander.mense@hl7.at
• Kathleen Connor Kathleen.connor@comcast.net
• Mike Davis mike.davis@va.gov
• Chris Shawn christopher.shawn@va.gov
• David Pyke david.pyke@readycomputing.com
• Suzanne Webb suzanne.webb@bookzurman.com
• Elysa Jones elysajones@yahoo.com
• Michael Donnelly michael.donnelly@epic.com
• Ron Ross ron_ross@clinicalarchitecture.com
• Dennis Patterson dennis.patterson@cerner.com
• Kevin Olbrich kevin.olbrich@mckesson.com

USA TEFCA Trust Exchange Framework and Common Agreement

Discussion to be centred on sharing with Protections - TEFCA Minimum Necessary given expanded Purposes of Use - Provisioning with ABAC Clearances & Security Labels

• Description:
  • Goals for authenticating and developing common set of rules and org policies and process for adjudicating and filing non-compliance.
  • It defines how to exchange between all participants would be obligated to meet. Also, it sets up a new entity (3rd party) for deciding health information for the nation exchange- and there will be one organisation for the central management of exchange.
  • Document link:
  • It uses 6 principles – one includes sec safety and patient safety
  • Use case: Emergence access is not one of the purposes of use.
    • Failure recently with VA as asking for information during the fires was not possible. Software hardcoded so couldn’t ask for info.
    • HL7 standard provides for the sharing of info and overrides any other rules on sec – patient safety wins. Purpose of use needs an emergency code/disaster. Operation and provision of services
      • Emergency tracking of patient whatever the origin – is already created in OASIS
      • Distribution Element (DE) is a method that can be used for patient data routing but needs input on how to transport and how to secure from SECWG.
      • Consider FHIR-I project transfer and other methods. Direct Project is not suitable but other options are available.
      • Need to consider actors in exchange (FHIR over HTTP for instance)
  • Document includes minimum requirements for security (section 6.2). It includes reference to various standards for each requirement.
• HL7 comments in relation to use of HL7 standards
  • HL7 interest is the SLS.
  • WG discussion on the potential amendment and additions to document. Jonathon Coleman captured for the HL7 comments.

Findings from CCDE Connectathon

Tuesday Q3

Joint CBCP, Hosting Security

• CBCP is also Joint with Attachments for eLTSS presentation - should send Reps
• ONC Research Patient Choice presentation by REACHnet Kyle Bradford
• WG Recruitment Strategies

Tuesday Q4

Security PSAF Work Session

• New FHIM P&S Station - Jay Lyle &/or Galen Mulrooney to present
• Review Proposed May TF4FA & S&P DAM Ballot Material
• Security should send rep to joint Attachment with FM for eLTSS Security

Wednesday Q1

Joint with EHR, CBCP, FHIR, SOA, Security(EHR hosting)

See EHR Minutes

To include in-depth discussion about:

• Is Privacy Obsolete? Study Group Findings - Mike Davis
• TF4FA and S&P DAM updates - Mike Davis and Chris Shawn

Wednesday Q2

No meeting

Wednesday Q3

Security hosting FHIR-I - Security WG deep FHIR topics

• Privacy Preserving Authorization Service as potential HL7 Standard
• FHIR version of Kantara Consent Receipt

Wednesday Q4

Security WG Project Meeting

Thursday Q1

Security hosting CBCP, FHIR-I Joint

• FHIR Security simplification

Thursday Q2

Security WG Project Meeting

• Workgroup Health Update
• Decision Making Practices:

Instead of asking each Work Group to post its DMPs on its webpage, work groups will post only their Addendum (should they have one) to their webpage. If no addendum is found, an interested party doesn’t need to read through an entire set of DMPs to realize that the Work Group has simply adopted the default set. If there is an Addendum on a Work Group’s page, interested parties can quickly see the few areas that differ from the default DMPs without having to read through several pages. If your committee does NOT wish to make any modifications to Sections 5, 7 or 8 your work is done. Simply send an email to your Steering Division Co-chairs notifying them of that decision. If your Work Group does wish to modify Sections 5, 7 and/or 8, you will have until the May 2018 Working Group Meeting to complete and send the Addendum Template with your Work Group’s changes to your Steering Division Co-chairs.

Decide on whether to adopt:

• • Default
  • Make Addendum