This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "September 11, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 80: Line 80:
 
*Describe other useful security and privacy features or functions that a certified health IT product may offer beyond those required by HIPAA and the ONC Health IT Certification Program, such as functions related to requirements under [https://www.law.cornell.edu/cfr/text/42/part-2 42 CFR part 2].
 
*Describe other useful security and privacy features or functions that a certified health IT product may offer beyond those required by HIPAA and the ONC Health IT Certification Program, such as functions related to requirements under [https://www.law.cornell.edu/cfr/text/42/part-2 42 CFR part 2].
 
*What information about a certified health IT product's security and privacy capabilities and performance have acquisition decision makers used to inform decisions about acquisitions, upgrades, or use to best support end users' needs? How has that information helped inform decision-making? What other information would be useful in comparing certified health IT products on security and privacy (e.g., compatibility with newer security technologies such as biometrics)?
 
*What information about a certified health IT product's security and privacy capabilities and performance have acquisition decision makers used to inform decisions about acquisitions, upgrades, or use to best support end users' needs? How has that information helped inform decision-making? What other information would be useful in comparing certified health IT products on security and privacy (e.g., compatibility with newer security technologies such as biometrics)?
 +
**Proposed Input Topics:
 +
***Support adoption of [https://www.youtube.com/watch?v=fqLJlxt0MSo&list=PLBXgZMI_zqfRUXUZv9oEnIzWXHeW6slbq&index=8&t=0s SAMHSA Consent2Share]
 +
***Support adoption of HL7 Data Segmentation for Privacy CDA iG
 +
***Support adoption of HL7 Security Labeling Service IG and Healthcare Privacy and Security Classification System
 +
***Support adoption of FHIR Security Labeling, FHIR Consent and FHIR Contract Consent Directive for Part 2 Consent Directives

Revision as of 04:38, 11 September 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb . Mike Davis x David Staggs
. Diana Proud-Madruga . Johnathan Coleman x Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Mohammed Jafari . Jim Kretz . Peter Bachman . [mailto: ]
x Beth Pumo . Bo Dagnall . [mailto: ] . [mailto: ]

Back to Security Main Page

Agenda

Meeting Recording link: https://fccdl.in/05glbvmHlr (temporary)

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of Minutes
  3. (5 min) GDPR whitepaper on FHIR Update - Alex, John, Kathleen
  4. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  5. (10 min) PASS Audit Update on Document - Mike
  6. (05 min) TF4FA Trust Framework, Volume 3 - Update Mike, Chris
  7. (10 min) Review of the 21st Century Cures EHR Reporting Program Security & Privacy feedback requested by HL7 PAC - Kathleen
  8. (10 min) Review of the Proposed Restructuring and Additions to FHIR Implementer’s Safety Check List
  9. (05 min) Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland

Meeting Minutes DRAFT

Chair, Chris Shawn Role Taken, Agenda reviewed

Meeting Materials

  • HL7 PAC Request RE: 21st Century Cures EHR Reporting Program

Dear HL7 Work Group Chairs: ONC released a Request for Information (RFI) on August 24 related to the 21st Century Cures EHR Reporting Program requirements.  HL7 will be commenting and our Policy Advisory Committee (PAC) is currently gathering feedback. Comments are due to ONC by October 17, 2018.  We ask that you send any comments you would like considered for inclusion in the HL7 response by Thursday, September 20.  Please send comments to PAC Chair Mark Segal at msegal@dig-hpa.com and Ticia Gerber at tgerber@hl7.org.   We have attached the RFI document with areas in green that we will be commenting on and areas in yellow that we are considering for HL7 comment.  We look forward to your feedback on these areas or others you feel are relevant for your Work Groups. As background, ONC states that: This request for information (RFI) seeks input from the public regarding the Electronic Health Record (EHR) Reporting Program established as Section 4002 of the 21st Century Cures Act (Cures Act) codified Section 3009A in Title XXX of the Public Health Service Act (PHSA). This RFI is a first step toward implementing the statute. Its responses will be used to inform subsequent discussions among stakeholders and future work toward the development of reporting criteria under the EHR Reporting Program. ONC is looking for cross-cutting and category specific feedback on 21st Century Cures EHR Reporting Program criteria in the areas of: Security.

  • Describe other useful security and privacy features or functions that a certified health IT product may offer beyond those required by HIPAA and the ONC Health IT Certification Program, such as functions related to requirements under 42 CFR part 2.
  • What information about a certified health IT product's security and privacy capabilities and performance have acquisition decision makers used to inform decisions about acquisitions, upgrades, or use to best support end users' needs? How has that information helped inform decision-making? What other information would be useful in comparing certified health IT products on security and privacy (e.g., compatibility with newer security technologies such as biometrics)?
    • Proposed Input Topics:
      • Support adoption of SAMHSA Consent2Share
      • Support adoption of HL7 Data Segmentation for Privacy CDA iG
      • Support adoption of HL7 Security Labeling Service IG and Healthcare Privacy and Security Classification System
      • Support adoption of FHIR Security Labeling, FHIR Consent and FHIR Contract Consent Directive for Part 2 Consent Directives