This wiki has undergone a migration to Confluence found Here
Difference between revisions of "February 20, 2018 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
(22 intermediate revisions by 2 users not shown) | |||
Line 7: | Line 7: | ||
!x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | ||
|- | |- | ||
− | || | + | || x|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair |
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair | ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair | ||
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||
Line 33: | Line 33: | ||
|- | |- | ||
|| .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | || .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | ||
− | |||| | + | ||||x|| [mailto:jim.kretz@samhsa.gov Jim Kretz] |
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||
− | |||| | + | ||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] |
|- | |- | ||
|| .|| [mailto:oliver@lawless.co Oliver Lawless] | || .|| [mailto:oliver@lawless.co Oliver Lawless] | ||
Line 42: | Line 42: | ||
||||.|| [mailto:nathanbotts@westat.com Nathan Botts] | ||||.|| [mailto:nathanbotts@westat.com Nathan Botts] | ||
|- | |- | ||
− | || x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui | + | || x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] |
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||
− | ||||.|| [mailto: | + | ||||.|| [mailto:rikimerrick@gmail.com] |
− | |||| | + | ||||.|| [mailto:acg.internajonal@gmail.com Theresa Connor] |
|- | |- | ||
|} | |} | ||
Line 52: | Line 52: | ||
=='''Agenda'''== | =='''Agenda'''== | ||
#''(2 min)'' '''Roll Call, Agenda Approval''' | #''(2 min)'' '''Roll Call, Agenda Approval''' | ||
− | #''( | + | #''(5 min)'' '''Review and Approval of [http://wiki.hl7.org/index.php?title=February_13,_2018_Security_Conference_Call Feb.13, 2018 minutes] and [http://wiki.hl7.org/index.php?title=HL7_January_2018_-_New_Orleans_US_MINUTES&action=edit&redlink=1 New Orleans Jan 2018 WGM Minutes] - Thank you Princess Trish! We've had a week to review. Time to approve |
− | #''( | + | #''(5 min)'' '''Review of [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20and%20Privacy%20Policy/TEFCA%20Comments/HL7%20TEFCA%20Response%20Final%2002.20.18.pdf Final HL7 TEFCA Comments] and [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20and%20Privacy%20Policy/TEFCA%20Comments/TEFCA%20Security%20Appendix%20Final%2002.20.18.pdf TEFCA Security Appendix]''' - Kathleen Connor. |
− | #''( | + | #''(5 min)'' '''TF4FA Updates from PSAF call''' - Mike Davis |
− | #''(30 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/2018Mar_HARM_InitialPROPOSAL_VOCAB_Security_ulrike_merrick_Sec1_HL70952.docx Confidentiality][https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/ | + | #''(5 min)'' '''FHIR Security Block Vote''' Call is scheduled today. John |
+ | #''(30 min)'' Review March Harmonization initial proposals to add HCS Security Classification/Confidentiality codes, Category/Sensitivity codes, and Security Control/Purpose of Use, Obligation, and Refrain policy codes to HL7 Version 2 | ||
+ | *'''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/2018Mar_HARM_InitialPROPOSAL_VOCAB_Security_ulrike_merrick_Sec1_HL70952.docx Confidentiality]''' - Makes no change to code system. | ||
+ | *'''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/2018Mar_HARM_InitialPROPOSAL_VOCAB_Security_ulrike_merrick_Sec2_HL70953v3.docx Sensitivity]''' - Deprecates ETH and adds the v2 sensitivity code "physician requested" and | ||
+ | *'''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/2018Mar_HARM_InitialPROPOSAL_VOCAB_Security_ulrike_merrick_Sec3_HL70719_v3.docx Purpose of Use]''' Adds 4 new POU codes: Break the Glass, Emergency Room Treatment, Coordination of Care, and Healthcare Delivery Monitoring | ||
+ | *[https://gforge.hl7.org/gf/project/security/docman/Harmonization/July%202017%20Harmonization/March%202018%20Harmonization/Dear%20Security%20Work%20Group%20kc.docx Background from Riki Merrick] - Kathleen | ||
==Meeting Materials== | ==Meeting Materials== | ||
+ | #March Harmonization Schedule | ||
+ | *Initial Proposal Submission Deadline - Feb. 28th | ||
+ | *Technical Review by March 6th | ||
+ | *Final Proposal Submission Deadline - March 16th | ||
+ | *Harmonization Meeting - March 20 - 21 | ||
#[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 "Is Privacy Obsolete" Study Group Page"] | #[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 "Is Privacy Obsolete" Study Group Page"] | ||
#[http://wiki.hl7.org/index.php?title=HL7_FHIR_security_topics FHIR Security WG Call] | #[http://wiki.hl7.org/index.php?title=HL7_FHIR_security_topics FHIR Security WG Call] | ||
#[http://wiki.hl7.org/index.php?title=FHIR_Consumer_Centered_Data_Exchange_(CCDE)_Connectathon FHIR Consumer Centered Data Exchange (CCDE) Connectathon] | #[http://wiki.hl7.org/index.php?title=FHIR_Consumer_Centered_Data_Exchange_(CCDE)_Connectathon FHIR Consumer Centered Data Exchange (CCDE) Connectathon] | ||
+ | |||
+ | |||
==Meeting Minutes DRAFT== | ==Meeting Minutes DRAFT== | ||
+ | Role taken / Agenda accepted (motion: Kathleen/David S) | ||
+ | |||
+ | Meeting Minutes: | ||
+ | February 13 - Meeting minutes approval (motion: Suzanne/Mike D) | ||
+ | objections: none, Abstentions: none, approved: 9 | ||
+ | |||
+ | new Orleans WGM - Meeting minutes approval (ChrisS / Suzanne) | ||
+ | objections: none, Abstentions: none, meeting minutes approved: 9 | ||
+ | |||
+ | '''TEFCA Comments''' | ||
+ | Two documents | ||
+ | # overarching HL7 comments | ||
+ | # more detailed Security comments | ||
+ | |||
+ | '''TF4FA''' | ||
+ | * PSAF call this AM | ||
+ | * discussed the information model updates; have diagram/information from 22600 elaborated on some of the policy classes, particularly on the basic policy classes; distinguished | ||
+ | * looked also looked beyond the trust establishment, definitions-what it means to have policy within a contextual framework. | ||
+ | * basic assumptions; in a federator domain initiators have ability t request | ||
+ | * on track for presenting the document for May 2018 (normative); previously informative | ||
+ | ** resolution of comments from previous ballots are what we have been working on | ||
+ | ** NIB is being finalized | ||
+ | ** not planning to ballot the Behavioral model at this point--there have been several changes on Chapter 2, volume 1--we will not have time to complete before May | ||
+ | ** compressed down to 22600, focusing on basic policies for this update | ||
+ | * WG has an outstanding project to work on an IM, balloting the 2014 model which is known to be incorrect anyway--to correct the trust framework information | ||
+ | * Mike suspects that there will be drafts coming out soon from our discussions. | ||
+ | |||
+ | '''FHIR security call ''' | ||
+ | * meeting this afternoon | ||
+ | * will work though other CPs this afternoon | ||
+ | |||
+ | '''Updates for harmonization''' | ||
+ | * Rikki Merrick O&O | ||
+ | ** works with Kathleen on Michigan HIM | ||
+ | |||
+ | ''Discussion'' | ||
+ | * Sensitivity proposal - V3 addition to PHI, deprecating ETH code(updated to SUD) | ||
+ | * new table, importing code from different terms - Security labeling handling instructions | ||
+ | ''Purpose of Use'' table; codes for new table | ||
+ | v2 tables are flat and do not support the higher level uses (Rikki will ask if we should include--not sure 'how they will be used' because they abstract codes in v3) | ||
+ | |||
+ | * due February 28 | ||
+ | * would like to finish delegation/authorization policy so that we can get into this harmonization schedule (otherwise we need to wait until July) | ||
+ | * we're moving Care management moving to coordination of care - because 42CFRPart2, it differentiation from HIPAA authorization a different set of activities--it carves out the activity (coordination of care) which if focused on BH clients, but it could be any patient. the idea is what is required to get a patient into treatment to make the treatment successful. its not the same as signing up for insurance. they carved that piece out. under Michigan health act they've made it so that Treatment, Payment and coordination of care does not require authorization as it did previously... if you want to use the information for other activities, population health, quality management, etc. (health plan type activities) under HIPAA ... that kind of activity does require an authorization. | ||
+ | |||
+ | |||
+ | Meeting adjourned at 1404 Arizona Time |
Latest revision as of 21:13, 20 February 2018
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
. | Mohammed Jafari | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Greg Linden | |||
. | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | x | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
. | Oliver Lawless | . | Joyce] | . | David Tao | . | Nathan Botts | |||
x | Francisco Jauregui | . | Bo Dagnall | . | [1] | . | Theresa Connor |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of Feb.13, 2018 minutes and New Orleans Jan 2018 WGM Minutes - Thank you Princess Trish! We've had a week to review. Time to approve
- (5 min) Review of Final HL7 TEFCA Comments and TEFCA Security Appendix - Kathleen Connor.
- (5 min) TF4FA Updates from PSAF call - Mike Davis
- (5 min) FHIR Security Block Vote Call is scheduled today. John
- (30 min) Review March Harmonization initial proposals to add HCS Security Classification/Confidentiality codes, Category/Sensitivity codes, and Security Control/Purpose of Use, Obligation, and Refrain policy codes to HL7 Version 2
- Confidentiality - Makes no change to code system.
- Sensitivity - Deprecates ETH and adds the v2 sensitivity code "physician requested" and
- Purpose of Use Adds 4 new POU codes: Break the Glass, Emergency Room Treatment, Coordination of Care, and Healthcare Delivery Monitoring
- Background from Riki Merrick - Kathleen
Meeting Materials
- March Harmonization Schedule
- Initial Proposal Submission Deadline - Feb. 28th
- Technical Review by March 6th
- Final Proposal Submission Deadline - March 16th
- Harmonization Meeting - March 20 - 21
- "Is Privacy Obsolete" Study Group Page"
- FHIR Security WG Call
- FHIR Consumer Centered Data Exchange (CCDE) Connectathon
Meeting Minutes DRAFT
Role taken / Agenda accepted (motion: Kathleen/David S)
Meeting Minutes: February 13 - Meeting minutes approval (motion: Suzanne/Mike D) objections: none, Abstentions: none, approved: 9
new Orleans WGM - Meeting minutes approval (ChrisS / Suzanne) objections: none, Abstentions: none, meeting minutes approved: 9
TEFCA Comments Two documents
- overarching HL7 comments
- more detailed Security comments
TF4FA
- PSAF call this AM
- discussed the information model updates; have diagram/information from 22600 elaborated on some of the policy classes, particularly on the basic policy classes; distinguished
- looked also looked beyond the trust establishment, definitions-what it means to have policy within a contextual framework.
- basic assumptions; in a federator domain initiators have ability t request
- on track for presenting the document for May 2018 (normative); previously informative
- resolution of comments from previous ballots are what we have been working on
- NIB is being finalized
- not planning to ballot the Behavioral model at this point--there have been several changes on Chapter 2, volume 1--we will not have time to complete before May
- compressed down to 22600, focusing on basic policies for this update
- WG has an outstanding project to work on an IM, balloting the 2014 model which is known to be incorrect anyway--to correct the trust framework information
- Mike suspects that there will be drafts coming out soon from our discussions.
FHIR security call
- meeting this afternoon
- will work though other CPs this afternoon
Updates for harmonization
- Rikki Merrick O&O
- works with Kathleen on Michigan HIM
Discussion
- Sensitivity proposal - V3 addition to PHI, deprecating ETH code(updated to SUD)
- new table, importing code from different terms - Security labeling handling instructions
Purpose of Use table; codes for new table v2 tables are flat and do not support the higher level uses (Rikki will ask if we should include--not sure 'how they will be used' because they abstract codes in v3)
- due February 28
- would like to finish delegation/authorization policy so that we can get into this harmonization schedule (otherwise we need to wait until July)
- we're moving Care management moving to coordination of care - because 42CFRPart2, it differentiation from HIPAA authorization a different set of activities--it carves out the activity (coordination of care) which if focused on BH clients, but it could be any patient. the idea is what is required to get a patient into treatment to make the treatment successful. its not the same as signing up for insurance. they carved that piece out. under Michigan health act they've made it so that Treatment, Payment and coordination of care does not require authorization as it did previously... if you want to use the information for other activities, population health, quality management, etc. (health plan type activities) under HIPAA ... that kind of activity does require an authorization.
Meeting adjourned at 1404 Arizona Time