Difference between revisions of "August 8, 2017 Security Conference Call"
(→Agenda) |
|||
Line 61: | Line 61: | ||
==News and Review Material== | ==News and Review Material== | ||
+ | *Comment Area 1: Standardization | ||
+ | HL7 some capabilities to propose – have done – cake and eat it too | ||
+ | ISA – comments | ||
+ | definition of interop in the law is far from used HIMSS standards. | ||
+ | According to the ONC definition, adopted from IEEE, interoperability is “the ability of systems to exchange and use electronic health information from other systems without special effort on the part of the user”. The word “interoperability” appears 365 in ONC’s draft Interoperability Roadmap including an addition to the definition which says “Interoperability is made possible by the implementation of standards”. The latter perhaps brushes over that standards may be a necessary condition but are not a | ||
+ | https://www.healthit.gov/sites/default/files/hie-interoperability/nationwide-interoperability-roadmap-final-version-1.0.pdf | ||
+ | Comment Area 3: Cooperation and Non-Discrimination | ||
+ | While information blocking by not sending information is one side of the coin, would choosing to avoid receiving or retrieving information, for example to avoid data overload or avoid finding out about previous services in order to get more recent or immediate test results, or to bill for redundant services be considered information blocking as well? | ||
+ | Would requiring opt-in consent for health information exchange for purposes of treatment, payment, or operations be considered information blocking because ONC considers this unnecessary? | ||
+ | Would permitting opt-out consent directives for health information exchange for purposes of treatment, payment, or operations be considered information blocking because ONC considers this unnecessary? | ||
+ | Would data segmentation based on organizational policy or patient consent directive, which is not otherwise required by state or federal privacy law, be considered information blocking? | ||
+ | Would an HIO or provider segmentation of sensitive health information by means of storing it in a separate data store with more stringent access controls be considered information blocking if not otherwise required by state or federal privacy law? | ||
+ | |||
+ | *Comment Area 4: Security and Patient Safety | ||
+ | Support for Data Provenance | ||
+ | Security labeling to share with protections – rather than just protecting from sharing, Enables a Learning Health System by not silo-ing data due to privacy concerns related to ensuring privacy protection of patient deemed or policy prescribed restrictions on collection/access/use/disclosure of sensitive protected health information. This requires security labeling and data provenance to convey the privacy, security, and patient consent directive policies with which an end user must comply. Data provenance provides the stamp of authenticity, integrity, and reliability, which ensures that health information collectors, and processors are adhering to the required privacy, security, and patient consent directive policies, and provides non-repudiable accounting of disclosures especially if tracked with a digital ledger. Confidence in the authenticity, integrity, and reliability of health information is essential for patient safety. Combined with evidence of compliance with privacy, security, and patient consent directive policies assuages the currently high level of healthcare consumer concern with sharing sensitive information. |
Revision as of 19:01, 8 August 2017
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes August 1, 2017
- (15 min) 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments Review Draft Security WG comments for approval as input to HL7 response due August 14th. - Kathleen
- (15 min) Security WG Interim Health Metrics - presiding cochair
- (10 min) FHIR Security call- cancelled
News and Review Material
- Comment Area 1: Standardization
HL7 some capabilities to propose – have done – cake and eat it too ISA – comments definition of interop in the law is far from used HIMSS standards. According to the ONC definition, adopted from IEEE, interoperability is “the ability of systems to exchange and use electronic health information from other systems without special effort on the part of the user”. The word “interoperability” appears 365 in ONC’s draft Interoperability Roadmap including an addition to the definition which says “Interoperability is made possible by the implementation of standards”. The latter perhaps brushes over that standards may be a necessary condition but are not a https://www.healthit.gov/sites/default/files/hie-interoperability/nationwide-interoperability-roadmap-final-version-1.0.pdf Comment Area 3: Cooperation and Non-Discrimination While information blocking by not sending information is one side of the coin, would choosing to avoid receiving or retrieving information, for example to avoid data overload or avoid finding out about previous services in order to get more recent or immediate test results, or to bill for redundant services be considered information blocking as well? Would requiring opt-in consent for health information exchange for purposes of treatment, payment, or operations be considered information blocking because ONC considers this unnecessary? Would permitting opt-out consent directives for health information exchange for purposes of treatment, payment, or operations be considered information blocking because ONC considers this unnecessary? Would data segmentation based on organizational policy or patient consent directive, which is not otherwise required by state or federal privacy law, be considered information blocking? Would an HIO or provider segmentation of sensitive health information by means of storing it in a separate data store with more stringent access controls be considered information blocking if not otherwise required by state or federal privacy law?
- Comment Area 4: Security and Patient Safety
Support for Data Provenance Security labeling to share with protections – rather than just protecting from sharing, Enables a Learning Health System by not silo-ing data due to privacy concerns related to ensuring privacy protection of patient deemed or policy prescribed restrictions on collection/access/use/disclosure of sensitive protected health information. This requires security labeling and data provenance to convey the privacy, security, and patient consent directive policies with which an end user must comply. Data provenance provides the stamp of authenticity, integrity, and reliability, which ensures that health information collectors, and processors are adhering to the required privacy, security, and patient consent directive policies, and provides non-repudiable accounting of disclosures especially if tracked with a digital ledger. Confidence in the authenticity, integrity, and reliability of health information is essential for patient safety. Combined with evidence of compliance with privacy, security, and patient consent directive policies assuages the currently high level of healthcare consumer concern with sharing sensitive information.