This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "September 18, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 63: Line 63:
 
#''(10 min)'' '''Review of the '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20PAC/ONC%20EHR%20Reporting%20RFI%20Cures/EHR%20Reporting%20RFI%2021st%20Century%20Cures%20Act%20Color%20Coded.docx 21st Century Cures EHR Reporting Program Security & Privacy feedback requested by HL7 PAC]'''  - Kathleen
 
#''(10 min)'' '''Review of the '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20PAC/ONC%20EHR%20Reporting%20RFI%20Cures/EHR%20Reporting%20RFI%2021st%20Century%20Cures%20Act%20Color%20Coded.docx 21st Century Cures EHR Reporting Program Security & Privacy feedback requested by HL7 PAC]'''  - Kathleen
 
#''(05 min)'' '''Check out [https://confluence.hl7.org/display/SEC/Security+Work+Group Security WG Confluence site]''' - Kathleen
 
#''(05 min)'' '''Check out [https://confluence.hl7.org/display/SEC/Security+Work+Group Security WG Confluence site]''' - Kathleen
# Review of prepared comments (below) Kathleen  
+
#''(05 min)'' '''Review of prepared comments (below)''' - Kathleen
 +
#''(05 min)''  '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20PAC/Security%20WG%20ISA%202019%20Comments.pptx ONC ISA 2018 Review Period Security WG Comments]''' - Kathleen  
 
#''(05 min)'' '''Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland'''
 
#''(05 min)'' '''Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland'''
 
#* Additional Agenda items to add?
 
#* Additional Agenda items to add?

Revision as of 20:57, 18 September 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
. Diana Proud-Madruga . Johnathan Coleman x Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall
. [mailto: ] . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security Main Page

Agenda

TEMPORARY Recoridng: [https:/fccdl.in/swzMpjaOk https: fccdl.in/swzMpjaOk]

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of Minutes
  3. (5 min) GDPR whitepaper on FHIR Update - meeting cancelled
  4. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  5. (10 min) PASS Audit Update on Document - Mike
  6. (05 min) TF4FA Trust Framework, Volume 3 - Update Mike, Chris
  7. (10 min) Review of the 21st Century Cures EHR Reporting Program Security & Privacy feedback requested by HL7 PAC - Kathleen
  8. (05 min) Check out Security WG Confluence site - Kathleen
  9. (05 min) Review of prepared comments (below) - Kathleen
  10. (05 min) ONC ISA 2018 Review Period Security WG Comments - Kathleen
  11. (05 min) Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland

Meeting Materials

  • HL7 PAC Request RE: 21st Century Cures EHR Reporting Program
  • ONC released a Request for Information (RFI) on August 24 related to the 21st Century Cures EHR Reporting Program requirements. HL7 will be commenting and our Policy Advisory Committee (PAC) is currently gathering feedback.
  • Comments are due to ONC by October 17, 2018. We ask that you send any comments you would like considered for inclusion in the HL7 response by Thursday, September 20. Please send comments to PAC Chair Mark Segal at msegal@dig-hpa.com and Ticia Gerber at tgerber@hl7.org.
  • As background, ONC states that: This request for information (RFI) seeks input from the public regarding the Electronic Health Record (EHR) Reporting Program established as Section 4002 of the 21st Century Cures Act (Cures Act) codified Section 3009A in Title XXX of the Public Health Service Act (PHSA). This RFI is a first step toward implementing the statute. Its responses will be used to inform subsequent discussions among stakeholders and future work toward the development of reporting criteria under the EHR Reporting Program. ONC is looking for cross-cutting and category specific feedback on 21st Century Cures EHR Reporting Program criteria in the areas of: Security.
  • Describe other useful security and privacy features or functions that a certified health IT product may offer beyond those required by HIPAA and the ONC Health IT Certification Program, such as functions related to requirements under 42 CFR part 2.
  • What information about a certified health IT product's security and privacy capabilities and performance have acquisition decision makers used to inform decisions about acquisitions, upgrades, or use to best support end users' needs? How has that information helped inform decision-making? What other information would be useful in comparing certified health IT products on security and privacy (e.g., compatibility with newer security technologies such as biometrics)?
  • Proposed Input Topics:
    • Support adoption of SAMHSA Consent2Share
    • Support adoption of HL7 Data Segmentation for Privacy CDA IG
    • Support adoption of HL7 Security Labeling Service IG and Healthcare Privacy and Security Classification System
    • Support adoption of FHIR Security Labeling, FHIR Consent and FHIR Contract Consent Directive for Part 2 Consent Directives

Meeting Minutes DRAFT

Chair, Kathleen Connor

Roll Taken, Agenda reviewed, updates made as requested

Motion to approve 9/11 meeting minutes (Suzanne to add link to ballot spreadsheet) Vote: Abstain: none; oppose: none approve: 9


GDPR whitepaper on FHIR Update

  • weekly Monday meeting cancelled this week
  • meeting to be held at WGM on Sunday

TF4FA Ballot Reviewed Ballot comments: 90-99 (motion to approve: Mike / Suzanne)

  • Vote: Abstain: none Oppose: none Approve: 9
  • Please review ballot comments #100-106 for vote next week


PASS Audit document update

  • no update
  • plan to work on during WGM

Volume 3

  • progress has been made
  • draft will be ready to discuss at the WGM
  • whether we need an ISO V2 Provenance - Kathleen mentioned that digital ledger techoloage may be introduced where Volume may shed some light on that

21centure CURES

  • see outline above in Metting Materials
    • finding a way to satsfy 21 CURES....
    • P&S capapbilty to assismai making decision to approfach privacy and security for sstem they would buy
  • the reason kathleen is pushing is because its recognized in ISA; someone in IHE, vendor or other could look this as embedding privacy ans ecurity…

(see 19:00)

  • ONC his eimplementing this comment agreement....
    • article 4000? 4002 (per Mike)
    • in reponse to that ONC has responsed with comments to TEFCA
    • V2 is immenent - the response should be coming ssoon. possibly around the time of the WGM we have may have available for release
  • we have comments from first TEFCA version
    • federal partners wG joined to provide comments fo TEFCA for wehre we would like to see it go.
    • we know that the original TEFCA is out and comments made, we need to see th e next version ased on the comments received
  • kathleen in rFI lookslike they are asking for a particular porion ofht eRFI for reportin on EHR rograms. that is complementary probably--does anyone--are people okay with this list going in the PAC as recommendations for this WG (security)
  • see bulleted sectionat bottom
    • where to look for securtyand privacy support
    • the response from 'us' is in security labeling --we need more than just to support it---but why we feel this is relative.
    • the bullete points could use a little more justifaction
  • kathleen feelswe should also add maybe: RBAC, audit, ABAC, … others (25:00)
  • kathlnee.

WE are supporting the adoption of samhsa consent2share - but we didnt' say support adoption of questionnaire or contracts... an HL7 thing (this is a samhsa thing); you need to add an HL7 hook

Confluence site

  • front page of confluence it will tell y ou how o get in, etc.,
  • there are other WGs who have templates, etc for meeting minutes
  • Agendas are using it... attempt to migrate out of wiki;
  • should be easier for collaboations, edits can be done directly, etc
  • Questions?
  • will add agenda item at WGM

ISA Comments:

Review ISA for Security and Privacy Concerns PPT <<add link>>

  • HealthIT.gov; Remote Patient Aughotizationa nd Submission of EHR Data for Research aka "Right of Access"

Update to Baltimore Agenda Tuesday Q4 - update to MiHIN presentation on how they are using Consent, Lloyd and Grahame have been invited as they would like to bring up the three statements that David brought forward in CBCP.

  • moving Tuesday Q4 - Update of Volume 3 Draft (Mike) to TUES Q2 (replacing PASS Audit Ballot Reconciliation document updates which can be done offline


No additional

No meeting on the 25th