Difference between revisions of "May 2017 CBCC Working Group Meeting - Madrid, Spain"
m (→DRAFT 2017 May Working Group Meeting - Madrid, Spain - CBCC WORKING GROUP: Add Links to brochure and meeting schedule) |
|||
Line 175: | Line 175: | ||
2017 – CBCC WGM | 2017 – CBCC WGM | ||
+ | CBCC Monday Q3 | ||
+ | Attendees: | ||
+ | David Pyke (david.pyke@readycomputing.com) | ||
+ | Danielle Friend (dfriend@epic.com) | ||
+ | Ardon Toonstra (a.Toonstra@furore.com | ||
+ | Trish Williams (patricia.williams@flinders.edu.au) | ||
+ | John Moehrke (johnmoehrke@gmail.com) | ||
+ | Alexander Mense (mense@technikum-wien.at) | ||
+ | Bernd Blobel (bernd.blobel@klinik.uni-regensburg.de) | ||
+ | |||
+ | Agenda: | ||
+ | CBCC & Security Reports Out | ||
+ | International Reports Out | ||
+ | CBCC Report Out | ||
+ | SPIA Continues to be stalled until Mike Davis or appointee can take over as editor | ||
+ | John Moehrke willing to be responsible for SPIA. Talk to Mike Davis to have it turned over or at least the most recent version submitted to the committee. | ||
+ | FHIR Consent | ||
+ | Consent to share as stable as possible | ||
+ | Advance Directive showing promise with several directives able to be covered without significant change | ||
+ | Research stalled without input from BRR. DP to visit BRR to gain attendees | ||
+ | Treatment in initial stages | ||
+ | Workflow to be covered this week with FHIR-I including potential for a ConsentRequest resource for gaining consent where none currently exists | ||
+ | Security Report out | ||
+ | Reconciliation of trust framework specification – taking place later – dynamically creating trust frameworks (possibly via policy) | ||
+ | Only defined trust elements and framework | ||
+ | Selection of policies | ||
+ | FHIR Security | ||
+ | Audit, Provenance, security labels Need test scenarios | ||
+ | Some open issues | ||
+ | Interest from use case regarding SUBSET regarding update | ||
+ | Two mechanisms – security tags and Summary | ||
+ | How will server know if the push is the result of a subset, that missing are not to be removed – potential for profile/dynamic profile to manage | ||
+ | How to request SUBSET (e.g., w/o gender or race) | ||
+ | If message with SUBSET, how would be dealt with | ||
+ | Redacted state for FHIR returned data | ||
+ | Purpose of use is potential use case | ||
+ | A profile that creates a subset is only one form of de-id, and that starts a bigger problem that may break profiles | ||
+ | FHIR Data model is limiting and causing profiles to break the model | ||
+ | ICT ontology should be examined as an issue (Bernd) | ||
+ | SMART on FHIR and Oauth are moving into HL7. | ||
+ | FHIR-I is hosting, but Security is asking for comment | ||
+ | Smart should not be seen as the one way. | ||
+ | Some constraints are in there but the meet only a subset of FHIR use-cases | ||
+ | Digital signature vocabulary only has ASTM as a source | ||
+ | Use ASTM to add to vocab despite ASTM no longer meeting or use HL7 vocabulary | ||
+ | DSG [IHE] is final text | ||
+ | |||
+ | |||
+ | International report out | ||
+ | Some work concluded regarding specifications | ||
+ | ISO25237 Health info psuedonymisation | ||
+ | Approved IS which has been published. | ||
+ | Accepted for EU parliament | ||
+ | Guidance on health information education | ||
+ | |||
+ | ISO 21298 HI Functional and structural Roles | ||
+ | Organizational relationships | ||
+ | Functional relationships | ||
+ | Global over view how assignments are in various countries | ||
+ | Includes international coding | ||
+ | PKI 17090 Part 5 using PKI creds – Launched by Japan | ||
+ | Completing the framework | ||
+ | Tooling. | ||
+ | TC215 WG4 extended scope to new technology | ||
+ | Cloud – usage, risk assessment, frameworks | ||
+ | TS11633 Remote for medical devices (Japan) | ||
+ | Not ready for publication | ||
+ | Framework stated 2008, Published by TR. | ||
+ | Audit trail 27789 changed relationship with DICOM and HL7 | ||
+ | DICOM passed audit trail proposal with part 16 with vocabulary fixes | ||
+ | Part 15 added patient record or codes same implementation model | ||
+ | Supplement 95 incorporated | ||
+ | System review attempted start to discuss ADA | ||
+ | |||
+ | CBCC Monday Q4 | ||
+ | Presentation by Bernd Blobel on Ontology based standards and effect on current Trust Framework work by Security (to be attached, Kathleen video/audio recorded) | ||
+ | |||
+ | Attendees: | ||
+ | David Pyke | ||
+ | Ed Hammond | ||
+ | Hideyuki Miyohara | ||
+ | David Booth | ||
+ | Richard Esmark | ||
+ | Trish Williams | ||
+ | Alexander Mense | ||
+ | Mark Shafarman | ||
+ | Pat Van Dyke | ||
+ | Steve Hofnagel | ||
+ | Gora Datta | ||
+ | Bernd Blobel | ||
+ | Kathleen Connor | ||
+ | Stan Huff | ||
+ | Susan Matney | ||
+ | Galen Mulrooney | ||
+ | David Booth | ||
+ | Claude Nanjo | ||
+ | Lori Reed-Forquet | ||
+ | Nancy Orvis | ||
+ | Muhammad Asim | ||
+ | |||
+ | Coverage of the Trust Framework was minimal due to large numbers of questions on the base concept of Ontological-based system design. Examples and more detail to be added to the presentation deck | ||
+ | |||
+ | Tuesday Q2 – No Quorum | ||
+ | |||
+ | Tuesday Q3 | ||
+ | Attendees: | ||
+ | Hideyuki Miyohara | ||
+ | William Jones | ||
+ | Alexander Mense | ||
+ | Reinherd Egelkraut | ||
+ | Karl Wolzer(?) | ||
+ | Matthew Graham | ||
+ | John Moehrke | ||
+ | Frank Ploeg | ||
+ | Gora Datta | ||
+ | |||
+ | Mobile Health – cMHAFF update | ||
+ | (Presentation deck to be attached) | ||
+ | |||
+ | 200,00 Consumer Heath Apps, 90% in question, 12% potentially deadly | ||
+ | |||
+ | MH looking for assistance on what to add for privacy/security | ||
+ | |||
+ | Consensus on who cMHAFF was for is missing. Large amounts are US only. It was moved back to the reliability and safety of exchanged data. | ||
+ | Mheath subset of the EU eHealth requested that MH stops work and moved to mHealth. All publication stopped. | ||
+ | Guidelines were considered suggestions for app developers entering the space. Consumer decides if they want to use the app. | ||
+ | Moving to a conceptual framework. Has an aspirational aspect for app development | ||
+ | Would like guidance for concepts and terms for risk assessment for privacy and security. What are the layers for best/moderate/minimal adherence | ||
+ | Certification standards exist, created with Privacy by Design, risk based security | ||
+ | App devs, users may not care when recommending | ||
+ | Trust frameworks may be needed and calculated. Adds social and environment aspects | ||
+ | |||
+ | Tuesday Q4 | ||
+ | CBCC FHIR Consent Issues | ||
+ | |||
+ | Creation possibilities for ConsentRequest resource and mapping to handle use care for gaining treatment or other consent where not existing, across organisations | ||
+ | |||
+ | |||
+ | Wednesday Q2 | ||
+ | Attendees | ||
+ | David Hay | ||
+ | Ardon Toonstra | ||
+ | Alexander Henket | ||
+ | |||
+ | FHIR Consent Comment Resolution | ||
+ | Reviewed comments: 12666, 13313, 13358, 13360, 13361 | ||
+ | Discussed potential for source to link to physical location, awaiting use case to see if actually needed. Potential to have location added to document reference or attachment type | ||
+ | |||
+ | Wednesday Q3 | ||
+ | No quorum | ||
+ | |||
+ | |||
+ | Wednesday Q4 | ||
+ | Atttendees | ||
+ | John Moehrke | ||
+ | Marten Smits | ||
+ | Ashley Duncan | ||
+ | |||
+ | FHIR Consent review | ||
+ | Reviewed comments: | ||
+ | 12666 (Add Consent V2 mappings) | ||
+ | Test mappings added. Further review at the Weekly meetings | ||
+ | 13313 (Add note / comment to Consent) | ||
+ | Awaiting use case | ||
+ | 13358 (Make Policy and PolicyRule a codeableconcept instead of URI) | ||
+ | Implementers confused by the two example links, recommended to change | ||
+ | Further review at Weekly meeting | ||
+ | 13360 (Remove invariant “Either a Policy or PolicyRule”) | ||
+ | Unlikely due to requirement for consent. Further review required. | ||
+ | 13361 (Add option to allow for sepcifying wether a consent was verified by the patient or his/her family)) | ||
+ | Voted to accept 13361 4-0-0 |
Revision as of 19:21, 13 June 2017
Contents
DRAFT 2017 May Working Group Meeting - Madrid, Spain - CBCC WORKING GROUP
Community Based Collaborative Care (CBCC) WORKING GROUP SESSIONS
Agenda and Meeting Minutes
Day | Date | Qtr | Time | AGENDA ITEMS | Session Leader | Room |
SUN | MAY 07 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 | 1:45 -3:00 | No Meeting | . | |||
Q4 | 3:30 -5:00 | No Meeting | . | |||
MON | MAY 08 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3/ Q4 | 1:45 -3:00 / 3:30-5:00 | @CBCC Joint CBCC-Security
New Joint Project review, (if any)
|
CBCC | Room TBD | ||
TUE | MAY 09 | Q1 | 9:00-10:30 | No Meeting | . | . |
Q2 | 11:00-12:30 |
|
CBCC | Room TBD | ||
Q3 | 1:45-3:00 | @CBCC Joint w/Security, Mobile Health
|
CBCC | Room TBD | ||
Q4 | 3:30 - 5:00 | @CBCC Joint w/FHIR Infrastructure
|
. | Room TBD | ||
Q5 | 5:15-6:15 | Birds of a Feather: | . | Room TBD | ||
Q5 | 5:15-6:15 | Birds of a Feather: | . | Room TBD | ||
WED | MAY 10 | Q1 | 9:00-10:30 split-meeting | @EHR Joint w/Security, CBCC, SOA, FHIR
See EHR Agenda for topics Electronic Health Records Hosting |
EHR Hosting | Room TBD |
Q2 | 11:00-12:30 | @CBCC Joint w/FHIR Infrastructure
|
CBCC | Room TBD | ||
Q3 | 1:45 -3:00 |
|
CBCC | Room TBD | ||
Q4 | 3:30 -5:00 |
|
CBCC | Room TBD | ||
THU | MAY 11 | Q1 | 9:00-10:30 | @Security Joint CBCC-Security | ||
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 | 1:45 - 3:00 | No Meeting | . | |||
Q4 | 3:30 - 5:00 | No Meeting | . | |||
FRI | MAY 12 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 | 1:45 -3:00 | No Meeting | . | |||
Q4 | 3:30 -5:00 | No Meeting | . |
Q1=9:00 – 10:30 am; Q2=11:00 – 12:30 pm; Q3=1:45 – 3:00 pm; Q4=3:30 – 5:00 pm
Meeting Minutes Draft
2017 – CBCC WGM CBCC Monday Q3 Attendees: David Pyke (david.pyke@readycomputing.com) Danielle Friend (dfriend@epic.com) Ardon Toonstra (a.Toonstra@furore.com Trish Williams (patricia.williams@flinders.edu.au) John Moehrke (johnmoehrke@gmail.com) Alexander Mense (mense@technikum-wien.at) Bernd Blobel (bernd.blobel@klinik.uni-regensburg.de)
Agenda: CBCC & Security Reports Out International Reports Out CBCC Report Out SPIA Continues to be stalled until Mike Davis or appointee can take over as editor John Moehrke willing to be responsible for SPIA. Talk to Mike Davis to have it turned over or at least the most recent version submitted to the committee. FHIR Consent Consent to share as stable as possible Advance Directive showing promise with several directives able to be covered without significant change Research stalled without input from BRR. DP to visit BRR to gain attendees Treatment in initial stages Workflow to be covered this week with FHIR-I including potential for a ConsentRequest resource for gaining consent where none currently exists Security Report out Reconciliation of trust framework specification – taking place later – dynamically creating trust frameworks (possibly via policy) Only defined trust elements and framework Selection of policies FHIR Security Audit, Provenance, security labels Need test scenarios Some open issues Interest from use case regarding SUBSET regarding update Two mechanisms – security tags and Summary How will server know if the push is the result of a subset, that missing are not to be removed – potential for profile/dynamic profile to manage How to request SUBSET (e.g., w/o gender or race) If message with SUBSET, how would be dealt with Redacted state for FHIR returned data Purpose of use is potential use case A profile that creates a subset is only one form of de-id, and that starts a bigger problem that may break profiles FHIR Data model is limiting and causing profiles to break the model ICT ontology should be examined as an issue (Bernd) SMART on FHIR and Oauth are moving into HL7. FHIR-I is hosting, but Security is asking for comment Smart should not be seen as the one way. Some constraints are in there but the meet only a subset of FHIR use-cases Digital signature vocabulary only has ASTM as a source Use ASTM to add to vocab despite ASTM no longer meeting or use HL7 vocabulary DSG [IHE] is final text
International report out
Some work concluded regarding specifications
ISO25237 Health info psuedonymisation
Approved IS which has been published.
Accepted for EU parliament
Guidance on health information education
ISO 21298 HI Functional and structural Roles Organizational relationships Functional relationships Global over view how assignments are in various countries Includes international coding PKI 17090 Part 5 using PKI creds – Launched by Japan Completing the framework Tooling. TC215 WG4 extended scope to new technology Cloud – usage, risk assessment, frameworks TS11633 Remote for medical devices (Japan) Not ready for publication Framework stated 2008, Published by TR. Audit trail 27789 changed relationship with DICOM and HL7 DICOM passed audit trail proposal with part 16 with vocabulary fixes Part 15 added patient record or codes same implementation model Supplement 95 incorporated System review attempted start to discuss ADA
CBCC Monday Q4 Presentation by Bernd Blobel on Ontology based standards and effect on current Trust Framework work by Security (to be attached, Kathleen video/audio recorded)
Attendees: David Pyke Ed Hammond Hideyuki Miyohara David Booth Richard Esmark Trish Williams Alexander Mense Mark Shafarman Pat Van Dyke Steve Hofnagel Gora Datta Bernd Blobel Kathleen Connor Stan Huff Susan Matney Galen Mulrooney David Booth Claude Nanjo Lori Reed-Forquet Nancy Orvis Muhammad Asim
Coverage of the Trust Framework was minimal due to large numbers of questions on the base concept of Ontological-based system design. Examples and more detail to be added to the presentation deck
Tuesday Q2 – No Quorum
Tuesday Q3 Attendees: Hideyuki Miyohara William Jones Alexander Mense Reinherd Egelkraut Karl Wolzer(?) Matthew Graham John Moehrke Frank Ploeg Gora Datta
Mobile Health – cMHAFF update (Presentation deck to be attached)
200,00 Consumer Heath Apps, 90% in question, 12% potentially deadly
MH looking for assistance on what to add for privacy/security
Consensus on who cMHAFF was for is missing. Large amounts are US only. It was moved back to the reliability and safety of exchanged data. Mheath subset of the EU eHealth requested that MH stops work and moved to mHealth. All publication stopped. Guidelines were considered suggestions for app developers entering the space. Consumer decides if they want to use the app. Moving to a conceptual framework. Has an aspirational aspect for app development Would like guidance for concepts and terms for risk assessment for privacy and security. What are the layers for best/moderate/minimal adherence Certification standards exist, created with Privacy by Design, risk based security App devs, users may not care when recommending Trust frameworks may be needed and calculated. Adds social and environment aspects
Tuesday Q4 CBCC FHIR Consent Issues
Creation possibilities for ConsentRequest resource and mapping to handle use care for gaining treatment or other consent where not existing, across organisations
Wednesday Q2
Attendees
David Hay
Ardon Toonstra
Alexander Henket
FHIR Consent Comment Resolution Reviewed comments: 12666, 13313, 13358, 13360, 13361 Discussed potential for source to link to physical location, awaiting use case to see if actually needed. Potential to have location added to document reference or attachment type
Wednesday Q3 No quorum
Wednesday Q4
Atttendees
John Moehrke
Marten Smits
Ashley Duncan
FHIR Consent review Reviewed comments: 12666 (Add Consent V2 mappings) Test mappings added. Further review at the Weekly meetings 13313 (Add note / comment to Consent) Awaiting use case 13358 (Make Policy and PolicyRule a codeableconcept instead of URI) Implementers confused by the two example links, recommended to change Further review at Weekly meeting 13360 (Remove invariant “Either a Policy or PolicyRule”) Unlikely due to requirement for consent. Further review required. 13361 (Add option to allow for sepcifying wether a consent was verified by the patient or his/her family)) Voted to accept 13361 4-0-0