This wiki has undergone a migration to Confluence found Here
Difference between revisions of "March 15, 2016 CBCC Conference Call"
Jump to navigation
Jump to search
| Line 113: | Line 113: | ||
==Meeting Minutes (DRAFT)== | ==Meeting Minutes (DRAFT)== | ||
| − | Meeting Minutes for March 08 | + | '''Meeting Minutes for March 08''' |
| − | Ballot Reconciliation for Privacy Consent | + | Unanimously approved (10 approve / 0 object / 0 abstain) |
| − | * Ioana requested the most recent ballot reconciliation sheet | + | |
| − | ** ACTION ITEM: Suzanne (or Johnathan) to follow up and provide spreadsheet to Ioana | + | '''Ballot Reconciliation for Privacy Consent Directives''' |
| − | ** Ioana will attempt to provide resolutions | + | |
| + | * Ioana requested the most recent ballot reconciliation sheet (some items have already been resolved/approved by CBCC WG) | ||
| + | ** '''ACTION ITEM''': Suzanne (or Johnathan) to follow up and provide spreadsheet to Ioana | ||
| + | ** Ioana will attempt to provide resolutions offline and present during the CBCC meeting to expedite the resolution process | ||
'''Healthcare Privacy and Security by Design IG''' | '''Healthcare Privacy and Security by Design IG''' | ||
| − | + | ||
| + | Not enough consensus was reached on today’s CBCC call that the PSS touches all the salient points of the discussion that was held. The discussion on today's call dealt with the following: | ||
| + | |||
| + | There are two different worlds involved here: | ||
| + | # Much of what was discussed during today’s call – the idea of taking a PASS-type approach leveraging the recently balloted HL7 Security Labeling Service (SLS), or other privacy-related capabilities, and specifying whether we’d want to take this to OMG or just leave it as a conceptual model – is already covered by an open PSS owned by the Security WG: [http://gforge.hl7.org/gf/download/docmanfileversion/8550/12790/HL7 Privacy and Security Framework PSS2.docm Privacy and Security Architecture Framework revised and renamed Project 914 Scope Statement from 2015] | ||
| + | # This particular PSS (Healthcare Privacy and Security by Design) is proposing a set of processes by which WGs within HL7 would include, in their specifications, considerations for Privacy and/or Security by Design, much like we started under the Security Risk Assessment Cookbook and what is available in IETF, W3C, and DICOM. This falls more into the bucket of creating a process by which WGs would follow. Whichever HL7 product (i.e., specification) is produced, the WG has considered privacy and security to the best of its ability. | ||
| + | |||
| + | The end product of World #2 might be an informative guide for internal HL7 projects AS OPPOSED TO a design implementation guide. Privacy by Design is a guide for an organizational system that, when followed, ensures you have considered privacy as fundamental to the design. Privacy by Design does not at all mandate service-oriented architecture (SOA) or even have in it services built. It has processes. | ||
| + | |||
| + | THE CHALLENGE: | ||
| + | |||
| + | SAIF has different layers of specificity. Where do you want to be? At the logical level? The process specific level? The conceptual level? If you want to provide guidance to implementers to consider Privacy by Design in their applications, you’re going to have the implementation of SAIF as conceptual in nature. We need to tease out what exactly are the testable criteria; how high level are they going to be? | ||
| + | * We want to be at the platform-independent level where we give guidance to groups who are going to create test scripts for their product line. | ||
| + | ** Let’s then say in the PSS that we want to be at the platform-independent level that illustrates how Privacy by Design is incorporated in clinical information systems. | ||
| + | * We still need to name the specific product that’s going to be produced from the PSS. | ||
| + | |||
| + | '''ACTION ITEM''': Rick to consult with ARB WG to answer the questions above, and streamline/clarify the PSS. He will then bring the updated PSS back to CBCC and ask for an approval vote during next week's meeting. | ||
'''FHIR Change Requests #8526- Discontinued medications, reason code/text''' | '''FHIR Change Requests #8526- Discontinued medications, reason code/text''' | ||
| − | + | ||
'''Healthcare Security and Privacy Access Control Catalog''' - Update post ballot | '''Healthcare Security and Privacy Access Control Catalog''' - Update post ballot | ||
Revision as of 13:52, 22 March 2016
Contents
Community-Based Collaborative Care Working Group Meeting
Meeting Information
Attendees
| Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|
| Johnathan ColemanCBCC Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Jim Kretz CBCC Co-Chair | ||||
| . | Max Walker | x | Mike Davis | x | John Moehrke Security Co-Chair | |||
| x | Kathleen Connor Security Co-Chair | Ken Salyards CBCC Interim Co-Chair | Lori Simon CBCC Interim Co-Chair | |||||
| x | Diana Proud-Madruga SOA Interim Co-Chair | x | Rick Grow | . | Harry Rhodes | |||
| x | Serafina Versaggi | x | Ioana Singureanu | x | Glen Marshall | |||
| x | Steve Eichner | . | Steve Daviss | . | Wende Baker | |||
| x | Neelima Chennamaraja | Lee Wise | . | Mike Lardiere | ||||
| Reed Gelzer | . | Marlowe Greenberg | Chris Clark, WV | |||||
| . | Paul Knapp | . | Matt Peeling | Brian Newton | ||||
| . | William Kinsley | Lisa Nelson | . | Amanda Nash | ||||
| Russell McDonell | Susan Litton | David Bergman | ||||||
| . | Linda Bailey-Woods | Debbie Bucci | Chirag Bhatt | |||||
| Oliver Lawless | Keith Boone | Lori McNeil Tolley | ||||||
| . | Mohammed Jafari | Rob Horn | Gary Dickinson | |||||
| Beth Pumo | M'Lynda Owens | [ |
Agenda
- (05 min) Roll Call, Approve Meeting Minutes from March 08, 2016 CBCC Conference Call
- (15 min) Ballot Reconciliation for Consent Directive
- (10 min) - Vote on CBCC sponsor approval of PSS
- Link to Project Scope Statement
- Joint project team meetings (CBCC and ARB) are held weekly on Wednesdays at 4 p.m. Eastern.
- CBCC members who are interested in this work are encouraged to attend.
- (10 min) Review HL7 2017 ONC Interoperability Standards Advisory Cover Letter and HL7 2017 ONC Interoperability Standards Advisory draft recommendations
- (05 min) CBCC co-sponsorship of HL7 v.2.9 v2.5 and v2.9 Consent Segment Use Cases and Elements
- (15 min) FHIR Change Requests #8526- Discontinued medications, reason code/text
- (01 min) Healthcare Security and Privacy Access Control Catalog - Update post ballot
- (05 min) PASS Access Control Services Conceptual Model - (Standing agenda item) update (Diana)
- (05 min) Joint EHR, Security, Privacy Vocabulary Alignment - (Standing agenda item) update (Diana/Mike)
**New** FHIR Security Topics in support of FHIM Meeting Information: Tuesdays 2:00PM PT/5:00PM ET Phone: +1 770-657-9270, Participant Code: 994563 hosted by Security Web meeting Info: https://global.gotomeeting.com/join/520841173 Discussion includes: Security - Audit, Provenance, Labels, Signature
**New Day Time!!** FHIR Consent Profile (FHIR Privacy IG) FRIDAY 10AM PT / 12NOON ET hosted by CBCC GoToMeeting information: https://global.gotomeeting.com/join/520841173 Phone: +1 770-657-9270, Participant Code: 994563
Meeting Minutes (DRAFT)
Meeting Minutes for March 08
Unanimously approved (10 approve / 0 object / 0 abstain)
Ballot Reconciliation for Privacy Consent Directives
- Ioana requested the most recent ballot reconciliation sheet (some items have already been resolved/approved by CBCC WG)
- ACTION ITEM: Suzanne (or Johnathan) to follow up and provide spreadsheet to Ioana
- Ioana will attempt to provide resolutions offline and present during the CBCC meeting to expedite the resolution process
Healthcare Privacy and Security by Design IG
Not enough consensus was reached on today’s CBCC call that the PSS touches all the salient points of the discussion that was held. The discussion on today's call dealt with the following:
There are two different worlds involved here:
- Much of what was discussed during today’s call – the idea of taking a PASS-type approach leveraging the recently balloted HL7 Security Labeling Service (SLS), or other privacy-related capabilities, and specifying whether we’d want to take this to OMG or just leave it as a conceptual model – is already covered by an open PSS owned by the Security WG: Privacy and Security Framework PSS2.docm Privacy and Security Architecture Framework revised and renamed Project 914 Scope Statement from 2015
- This particular PSS (Healthcare Privacy and Security by Design) is proposing a set of processes by which WGs within HL7 would include, in their specifications, considerations for Privacy and/or Security by Design, much like we started under the Security Risk Assessment Cookbook and what is available in IETF, W3C, and DICOM. This falls more into the bucket of creating a process by which WGs would follow. Whichever HL7 product (i.e., specification) is produced, the WG has considered privacy and security to the best of its ability.
The end product of World #2 might be an informative guide for internal HL7 projects AS OPPOSED TO a design implementation guide. Privacy by Design is a guide for an organizational system that, when followed, ensures you have considered privacy as fundamental to the design. Privacy by Design does not at all mandate service-oriented architecture (SOA) or even have in it services built. It has processes.
THE CHALLENGE:
SAIF has different layers of specificity. Where do you want to be? At the logical level? The process specific level? The conceptual level? If you want to provide guidance to implementers to consider Privacy by Design in their applications, you’re going to have the implementation of SAIF as conceptual in nature. We need to tease out what exactly are the testable criteria; how high level are they going to be?
- We want to be at the platform-independent level where we give guidance to groups who are going to create test scripts for their product line.
- Let’s then say in the PSS that we want to be at the platform-independent level that illustrates how Privacy by Design is incorporated in clinical information systems.
- We still need to name the specific product that’s going to be produced from the PSS.
ACTION ITEM: Rick to consult with ARB WG to answer the questions above, and streamline/clarify the PSS. He will then bring the updated PSS back to CBCC and ask for an approval vote during next week's meeting.
FHIR Change Requests #8526- Discontinued medications, reason code/text
Healthcare Security and Privacy Access Control Catalog - Update post ballot
add
PASS Access Control Services Conceptual Model add
Joint EHR, Security, Privacy Vocabulary Alignment update add
