Difference between revisions of "July 24, 2018 CBCP Conference Call"

Latest revision as of 16:45, 24 July 2018

Attendees

	Member Name	x	Member Name	x	Member Name	x	Member Name
.	Johnathan ColemanCBCP Co-Chair	x	Suzanne Gonzales-Webb CBCP Co-Chair	x	Jim Kretz CBCP Co-Chair	x	David Pyke CBCP Co-Chair
x	Kathleen Connor Security Co-Chair	x	Mike Davis	.	John Moehrke Security Co-Chair	.	Diana Proud-Madruga
x	Chris Shawn	.	Neelima Chennamaraja	.	Joe Lamy	.	Greg Linden
.	Irina Connelly	.	Saurav Chowdhury	.	Dave Silver	x	Francisco Jauregui
.	Mark Meadows	.	Amber Patel	x	Becky Angeles	.	Jennifer Brush
.	Mohammad Jafari	.	Ali Khan	.	Ken Salyards	.	Michael Gu
.	David Staggs	.	Bonnie Young	.	Ioana Singureanu	x	Beth Pumo
x	Lawless	.	[mailto:]	.	[mailto:]	x	[mailto:]

Back to CBCP Main Page

Agenda

Roll Call, Agenda Review
Meeting Minutes approval: none to approve at this time
eLTSS Update - Irina / Becky
eLTSS NIB submitted before Sunday deadline
- eLTSS gForge folder: https://gforge.hl7.org/gf/project/cbcc/docman/eLTSS%20-%20%20ONC%20Electronic%20Long-Term%20Services%20and%20Supports
PSS - CBCP Approval (Ken Lord)
Privacy - Is privacy Obsolete update - Mike Davis
FHIR Consent
- FHIR CPs for review
- FHIR Consent CPs are located: link to ALL Consent Change requests

Meeting Minutes DRAFT

Chair - Dave Pyke

eLTSS

Lynne - publishing folks - any other that we need to do
- they frown upon ballotable material publicly; so items will not be posted on the CBCP wiki
- no other specific instructions were given to get ready for ballot

uploading items to the wiki; need to delete some information
- hesitating to upload spreadsheet; until
owed to CBCP a final version with executive summary; once ready Irina will provide once ready

FHIR Consent

CPs items to vote on

four have been dealt with one way or another;

CP 15581 - Motion: Suzanne / Jim Vote on disposition as displayed
- vote: abstentions: none; against: none; approval: 11
CP 15641
- followed up with Michelle with no response
- wish to close as not persuasive Motion made: Jim / Suzanne
- Abstention: none; Against: none; Approval: 11
17154 Search parameters
- Securitylabel to security-label (must have dash) Motion: Jim/Suzanne
- Vote: abstentions: none; against: none; Approval: 11
CP 14181
- items have been elimated - could not be mapped to v3 RIM (they are not found in v3 RIM
CP 11069 (already resolved)
- suggest to close as this is based on an older version

NEW DISCUSSION:

additional e-mail discussion:
David Pyke been asked to put forward this statement for voting as a motion to   the group clarifying our stance on consent in FHIR
<quote>
* The Consent resource is the correct (and best) way to store and exchange computable consent agreements in a FHIR environment
* Formal consent documents are contracts and you may use the Contract resource to capture that aspect of them for attachment to the Consent resource as a source document.
* While Consent information may sometimes be found in DocumentReference, Binary, Contract and other resources, Consent is the principle resource for representing consent-related information and is the endpoint where systems should expect to find this information
<endquote>

Above given to DAvid by Grahame and Lloyed on FHIR Resource - usage of various resources and their use in FHIR

CBCP - information to be sent out for review Cross-Paradigm Interopbility project

showing to transform security labels from FHIR to CDA... not a lot to do on FHIR consent contract or the CA consent; to a large extent is about security labels--there may be misunderstanding

to be proposed as a joint sponsorship; and confirm which WGs are involved--

wait until we get a better descrption if we do need to be involved (based on kathleen description... unsure of scope; involving cross paradign

Suzanne - to reach out to Ken Lord before sending information out for CBCP review

Is Priacy Obsolte - update

year / year and a half
no recent report outs; lots of concern of whether privacy was dead due to large nmber of breachers (large breaches) often without harm to lega regsitutuion to victims--as credit theft
in the meantime ; we have been engaged with worldwide review; AUS, China Eu India, Japan UK, US among others - specifically did not look at Russia.
most countries have new privacy laws in place
- EU - GDPR in place
- other countries are looking at GDPR as benchmark (Japan may incorporate GDPR version)
- in US, initial feeling was fragmented state by state and largly with specific industry focus; it is a patchwork of state laws, that being said the US is considered to be strong in terms of privacy because of the FTC enforcement of federal trade commission act; also healthcare is one of the vertical as excellent privacy practice.
  - with the FTC the general concensus US privacy enforcement and laws in US are the strictest in the world

but doesn't address victims do not get credit in the courts--efforts are largly to correct breaches int he first place; in terms of technology, seeing lots of new technology in privacy i.e. zero-knowledge proofs UMA block chans, data beach responses - included in the GDPR; which has raised the bar

- - all 50 US states have breach notification law in place. we have consent management
  - data classification (we call it security labeling) enforcing/segmenting privacy information.
  - largely if looking at enfocement activities which fall more in what organzations do … we wuld say its a big plus that detracted by the fact that we do have breaches involving billions of dollars; there is reason to question security in facebook, google; knowing we go in at our own risk;
  - privacy is not dead - it has issues there are activities in law and technology in standards bodies to address the issues; may not be the final conclusion for today; goal: wrap up and bief out at the Security/ HL7 WGM meeting

Oliver: freeze your credit? recourse to protect yourself or is there other

breaches are not just getting into our account; ie. security clearance infroatmion collected was breached for millions of federal employes, homes they've lived, cards etch... were breaches including healthcare privacy not just credit card monitory involved in identy theft
there is no effective recourse to sufficiently lock up the information they carry; the GDPR is slapping down on companies on that. Therorizes that GDPR can protect toursts who travel outside Eu; there are no harsh penalites (in Canada) and make retributions... except through credit monitoring

Legal changes/technology changes / enforcement and we're talking about privacy across the board; not just identity theft... its more promising thatn what we toguht whenw e were just looking at victims not getting more than credit monitorying.

Motion made to adjorn: Jim Meeeting adjorned at 9:43 Pacific time --Suzannegw (talk) 12:44, 24 July 2018 (EDT)

@@ Line 30: / Line 30: @@
 ||||x|| [mailto:fjauregui@electrosoft.com Francisco Jauregui]
 |-
-||  x|| [mailto:Mark.Meadows@dch.ga.gov Mark Meadows]
+||  .|| [mailto:Mark.Meadows@dch.ga.gov Mark Meadows]
 ||||.|| [mailto:ayp@securityrs.com Amber Patel]
 ||||x|| [mailto:becky.angeles@carradora.com Becky Angeles]
@@ Line 45: / Line 45: @@
 ||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
+|-
+||  x|| [mailto:Oliver Lawless]
+||||.|| [mailto:]
+||||.|| [mailto:]
+||||x|| [mailto:]
+|-
 |}
@@ Line 56: / Line 62: @@
 # eLTSS NIB submitted before Sunday deadline
 #* eLTSS gForge folder:  https://gforge.hl7.org/gf/project/cbcc/docman/eLTSS%20-%20%20ONC%20Electronic%20Long-Term%20Services%20and%20Supports
-#* Latest PSS posted to gForge [
 # PSS - CBCP Approval (Ken Lord)
 # Privacy - Is privacy Obsolete update - Mike Davis
@@ Line 64: / Line 69: @@
 ==Meeting Minutes DRAFT==
+Chair - Dave Pyke
+eLTSS
+* Lynne - publishing folks - any other that we need to do
+** they frown upon ballotable material publicly; so items will not be posted on the CBCP wiki
+** no other specific instructions were given to get ready for ballot
+* uploading items to the wiki; need to delete some information
+** hesitating to upload spreadsheet; until
+* owed to CBCP a final version with executive summary; once ready Irina will provide once ready
+FHIR Consent
+CPs items to vote on
+four have been dealt with one way or another;
+# CP 15581 - Motion: Suzanne / Jim Vote on disposition as displayed
+#* vote: abstentions: none; against: none; approval: 11
+# CP 15641
+#* followed up with Michelle with no response
+#* wish to close as not persuasive Motion made: Jim / Suzanne
+#* Abstention: none; Against: none; Approval: 11
+# 17154 Search parameters
+#* Securitylabel to security-label (must have dash) Motion: Jim/Suzanne
+#* Vote: abstentions: none; against: none; Approval: 11
+# CP 14181
+#* items have been elimated - could not be mapped to v3 RIM (they are not found in v3 RIM
+#*
+# CP 11069 (already resolved)
+#* suggest to close as this is based on an older version
+''' ''NEW DISCUSSION:'' '''
+ additional e-mail discussion:
+ David Pyke been asked to put forward this statement for voting as a motion to   the group clarifying our stance on consent in FHIR
+ <quote>
+ * The Consent resource is the correct (and best) way to store and exchange computable consent agreements in a FHIR environment
+ * Formal consent documents are contracts and you may use the Contract resource to capture that aspect of them for attachment to the Consent resource as a source document.
+ * While Consent information may sometimes be found in DocumentReference, Binary, Contract and other resources, Consent is the principle resource for representing consent-related information and is the endpoint where systems should expect to find this information
+ <endquote>
+Above given to DAvid by Grahame and Lloyed on FHIR Resource - usage of various resources and their use in FHIR
+CBCP - information to be sent out for review
+Cross-Paradigm Interopbility project
+showing to transform security labels from FHIR to CDA... not a lot to do on FHIR consent contract or the CA consent; to a large extent is about security labels--there may be misunderstanding
+* to be proposed as a joint sponsorship; and confirm which WGs are involved--
+wait until we get a better descrption if we do need to be involved (based on kathleen description... unsure of scope; involving cross paradign
+Suzanne - to reach out to Ken Lord before sending information out for CBCP review
+'''Is Priacy Obsolte''' - update
+* year / year and a half
+* no recent report outs; lots of concern of whether privacy was dead due to large nmber of breachers (large breaches) often without harm to lega regsitutuion to victims--as credit theft
+* in the meantime ; we have been engaged with worldwide review; AUS, China Eu India, Japan UK, US among others - specifically did not look at Russia.
+* most countries have new privacy laws in place
+** EU - GDPR in place
+** other countries are looking at GDPR as benchmark (Japan may incorporate GDPR version)
+** in US, initial feeling was fragmented state by state and largly with specific industry focus; it is a patchwork of state laws, that being said the US is considered to be strong in terms of privacy because of the FTC enforcement of federal trade commission act; also healthcare is one of the vertical as excellent privacy practice.
+***with the FTC the general concensus US privacy enforcement and laws in US are the strictest in the world
+; but doesn't address victims do not get credit in the courts--efforts are largly to correct breaches int he first place; in terms of technology, seeing lots of new technology in privacy i.e. zero-knowledge proofs UMA block chans, data beach responses - included in the GDPR; which has raised the bar
+*** all 50 US states have breach notification law in place. we have consent management
+*** data classification (we call it security labeling) enforcing/segmenting privacy information.
+*** largely if looking at enfocement activities which fall more in what organzations do … we wuld say its a big plus that detracted by the fact that we do have breaches involving billions of dollars; there is reason to question security in facebook, google; knowing we go in at our own risk;
+*** privacy is not dead - it has issues there are activities in law and technology in standards bodies to address the issues; may not be the final conclusion for today; goal: wrap up and bief out at the Security/ HL7 WGM meeting
+Oliver: freeze your credit? recourse to protect yourself or is there other
+* breaches are not just getting into our account; ie. security clearance infroatmion collected was breached for millions of federal employes, homes they've lived, cards etch... were breaches including healthcare privacy not just credit card monitory involved in identy theft
+* there is no effective recourse to sufficiently lock up the information they carry; the GDPR is slapping down on companies on that.  Therorizes that GDPR can protect toursts who travel outside Eu; there are no harsh penalites (in Canada) and make retributions... except through credit monitoring
+Legal changes/technology changes / enforcement and we're talking about privacy across the board; not just identity theft... its more promising thatn what we toguht whenw e were just looking at victims not getting more than credit monitorying.
-additional e-mail discussion:
+Motion made to adjorn: Jim
-David Pyke been asked to put forward this statement for voting as a motion to the group clarifying our stance on consent in FHIR
+Meeeting adjorned at 9:43 Pacific time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 12:44, 24 July 2018 (EDT)
-<quote>
-* The Consent resource is the correct (and best) way to store and exchange computable consent agreements in a FHIR environment
-* Formal consent documents are contracts and you may use the Contract resource to capture that aspect of them for attachment to the Consent resource as a source document.
-* While Consent information may sometimes be found in DocumentReference, Binary, Contract and other resources, Consent is the principle resource for representing consent-related information and is the endpoint where systems should expect to find this information
-<endquote>

Difference between revisions of "July 24, 2018 CBCP Conference Call"

Latest revision as of 16:45, 24 July 2018

Attendees

Agenda

Meeting Minutes DRAFT

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools