This wiki has undergone a migration to Confluence found Here
Difference between revisions of "FHIR Consent August 18, 2017"
Jump to navigation
Jump to search
(Created page with "==HL7 CBCC FHIR Consent Working Meeting== ==Weekly Meeting Logistics== Weekly meeting; Fridays 2:00 - 3:00 PM Eastern Time Dial-in Number: (515) 604-9861 International Dial...") |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
|| .||[mailto:david.pyke@readycomputing.com David Pyke] CBCC co-Chair | || .||[mailto:david.pyke@readycomputing.com David Pyke] CBCC co-Chair | ||
||||.||[mailto:jc@securityrs.com Johnathan Coleman] CBCC Co-Chair | ||||.||[mailto:jc@securityrs.com Johnathan Coleman] CBCC Co-Chair | ||
| − | |||| | + | ||||X||[mailto:suzanne.gonzales-webb@va.gov Suzanne Gonzales-Webb] CBCC Co-Chair |
||||.||[mailto:grahame@healthintersections.com.au Grahame Grieve] FHIR Director | ||||.||[mailto:grahame@healthintersections.com.au Grahame Grieve] FHIR Director | ||
|- | |- | ||
|| .||[mailto:mense@technikum-wien.at Alexander Mense] Security Co-Chair | || .||[mailto:mense@technikum-wien.at Alexander Mense] Security Co-Chair | ||
| − | |||| | + | ||||X||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair |
| − | |||| | + | ||||X||[mailto:johnmoehrke@gmail.com John Moehrke]Security Co-Chair |
||||.||[mailto:jkretz@samhsa.hhs.gov Jim Kretz] CBCC Co-Chair | ||||.||[mailto:jkretz@samhsa.hhs.gov Jim Kretz] CBCC Co-Chair | ||
|- | |- | ||
|| .||Paul Knapp | || .||Paul Knapp | ||
| − | |||| | + | ||||X||[mailto:david.staggs@securityrs.com David Staggs] |
||||.||[mailto:ksalyards@samhsa.hhs.gov Ken Salyards] | ||||.||[mailto:ksalyards@samhsa.hhs.gov Ken Salyards] | ||
||||.||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||||.||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||
| Line 41: | Line 41: | ||
|- | |- | ||
|| .||[mailto:joe.lamy@aegis.net Joe Lamy, Aegis] | || .||[mailto:joe.lamy@aegis.net Joe Lamy, Aegis] | ||
| − | |||| | + | ||||X||[mailto:Joseph.Quinn@optum.com Joseph Quinn] |
| − | |||| | + | ||||X||[mailto:ithraen@utah.gov Iona Thraen] |
||||.||[mailto:serafina.versaggi@gmail.com Serafina Versaggi] | ||||.||[mailto:serafina.versaggi@gmail.com Serafina Versaggi] | ||
|- | |- | ||
| Line 66: | Line 66: | ||
==Minutes== | ==Minutes== | ||
* Roll Call | * Roll Call | ||
| + | * Reviewed Remove Consent.Except.Purpose [CR 11055] | ||
| + | ** Clarify action requests versus usage limitations. | ||
| + | ** This would have the security label for purpose of use, purpose element is redundant. | ||
| + | ** A consent may be useful having purpose of use in a separate element rather than on the governed data if the consent author is not capable of security labeling or attribute based access control. | ||
| + | *** one set of rules for research, different for treatment in separate provision trees. | ||
| + | *** Some implementations may not support purpose of use tags on the data. -- a A custodian has data, the data is tagged using just confidentiality code and sensitivity tags. They have a request coming in including SAML assertion (etc.) that id's actor as being provisioned for a confidentiality level and a sensitivity, as well as a purpose of use. The consent rules fit in between (consent on file with provisions, some having allow/deny based on purpose of use) Access control engine goes against purpose of use. How does the engine know what data if it's not tagged? In an “all and any” request, e.g., for purpose of treatment or emergency treatment, there would be no need to consider purpose of use tags on the data since all of it would be sent per HIPAA exemption of minimum necessary for push/pull to treating providers. | ||
| + | *** Consent forms may be the source of the labelling on data elements. | ||
| + | *** Security label ids the tags that the disclosed data should be assigned | ||
| + | *** Add to purpose and security label a comment: When the purpose of use tag is on the dates, access request purpose of use shall not conflict. | ||
| + | * Reviewed CR11056 | ||
| + | ** Change definition to "A security label, comprised of 0..* security label fields (Privacy tags), which define which resources are controlled by this exception. " | ||
Latest revision as of 13:23, 24 August 2017
Contents
HL7 CBCC FHIR Consent Working Meeting
Weekly Meeting Logistics
Weekly meeting; Fridays 2:00 - 3:00 PM Eastern Time
Dial-in Number: (515) 604-9861
International Dial-in Numbers are provided
Access Code: 429554
Online Meeting Link: http://join.freeconferencecall.com/cbhs
Back to FHIR Consent Directive Project Main Page
Attendees
| Member Name | x | Member Name | x | Member Name | x | Member Name | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| . | David Pyke CBCC co-Chair | . | Johnathan Coleman CBCC Co-Chair | X | Suzanne Gonzales-Webb CBCC Co-Chair | . | Grahame Grieve FHIR Director | ||||
| . | Alexander Mense Security Co-Chair | X | Kathleen Connor Security Co-Chair | X | John MoehrkeSecurity Co-Chair | . | Jim Kretz CBCC Co-Chair | ||||
| . | Paul Knapp | X | David Staggs | . | Ken Salyards | . | Diana Proud-Madruga | ||||
| . | Mike Davis | . | Neelima Chennamaraja | . | Ken Sinn | . | Beth Pumo | ||||
| . | Joe Lamy, Aegis | X | Joseph Quinn | X | Iona Thraen | . | Serafina Versaggi | ||||
| . | Igor Sirkovich | . | Ali Khan ONC Patient Choice Project rep | . | Amber Patel ONC Patient Choice Project rep | . | Josh Bagley | ||||
| . | Lisa Nelson | . | Hank MayersPCWG Representative | . | Laura Heermann Langford PCWG Co-chair | . | Steve Eichner |
Back to FHIR Consent Directive Project Main Page
Agenda
- Roll-call
- Review open CRs as time allows
Minutes
- Roll Call
- Reviewed Remove Consent.Except.Purpose [CR 11055]
- Clarify action requests versus usage limitations.
- This would have the security label for purpose of use, purpose element is redundant.
- A consent may be useful having purpose of use in a separate element rather than on the governed data if the consent author is not capable of security labeling or attribute based access control.
- one set of rules for research, different for treatment in separate provision trees.
- Some implementations may not support purpose of use tags on the data. -- a A custodian has data, the data is tagged using just confidentiality code and sensitivity tags. They have a request coming in including SAML assertion (etc.) that id's actor as being provisioned for a confidentiality level and a sensitivity, as well as a purpose of use. The consent rules fit in between (consent on file with provisions, some having allow/deny based on purpose of use) Access control engine goes against purpose of use. How does the engine know what data if it's not tagged? In an “all and any” request, e.g., for purpose of treatment or emergency treatment, there would be no need to consider purpose of use tags on the data since all of it would be sent per HIPAA exemption of minimum necessary for push/pull to treating providers.
- Consent forms may be the source of the labelling on data elements.
- Security label ids the tags that the disclosed data should be assigned
- Add to purpose and security label a comment: When the purpose of use tag is on the dates, access request purpose of use shall not conflict.
- Reviewed CR11056
- Change definition to "A security label, comprised of 0..* security label fields (Privacy tags), which define which resources are controlled by this exception. "
