This wiki has undergone a migration to Confluence found Here
HL7 January 2018 - New Orleans US MINUTES
Contents
MINUTES WGM New Orleans 29th January to 2nd February 2018
Monday Q3
Joint CBCP - Security
See CBCC Minutes
Monday Q4
Joint CBCC - Security
See CBCC Minutes
Tuesday Q1
Opening Security WG Meeting
Attendees:
- Trish Williams trish.williams@flinders.edu.au
- John Moehrke John.Moehrke@gmail.com
- Alexander Mense alexander.mense@hl7.at
- Kathleen Connor Kathleen.connor@comcast.net
- Mike Davis mike.davis@va.gov
- Chris Shawn christopher.shawn@va.gov
- David Pyke david.pyke@readycomputing.com
- Suzanne Webb suzanne.webb@bookzurman.com
- <to be completed>
Chaired by Trish
- Introductions
- Approval of agenda
- International Report outs
- Japan:
- EU:
- Australia:
- Liaison Reports: ISO, IHE, ONC
- ISO (Hide)
- IHE (John)
- OASIS (Mike)
Agenda items deferred to Q4
- FHIR Security Report out - John Moehrke
- HL7 Project status and updates:
- Is Privacy Obsolete Study Group - Mike Davis
- Trust Framework & S&P DAM - Next Steps - Mike Davis and Chris Shawn
Tuesday Q2
Joint with CBCP - FHIR CCDE Connectathon Report Out/TEFCA Comments
USA TEFCA Trust Exchange Framework and Common Agreement
Discussion to be centred on sharing with Protections - TEFCA Minimum Necessary given expanded Purposes of Use - Provisioning with ABAC Clearances & Security Labels
- Description:
- Goals for authenticating and developing common set of rules and org policies and process for adjudicating and filing non-compliance.
- It defines how to exchange between all participants would be obligated to meet. Also, it sets up a new entity (3rd party) for deciding health information for the nation exchange- and there will be one organisation for the central management of exchange.
- Document link:
- It uses 6 principles – one includes sec safety and patient safety
- Use case: Emergence access is not one of the purposes of use.
- Failure recently with VA as asking for information during the fires was not possible. Software hardcoded so couldn’t ask for info.
- HL7 standard provides for the sharing of info and overrides any other rules on sec – patient safety wins. Purpose of use needs an emergency code/disaster. Operation and provision of services
- Emergency tracking of patient whatever the origin – is already created in OASIS
- Distribution Element (DE) is a method that can be used for patient data routing but needs input on how to transport and how to secure from SECWG.
- Consider FHIR-I project transfer and other methods. Direct Project is not suitable but other options are available.
- Need to consider actors in exchange (FHIR over HTTP for instance)
- Document includes minimum requirements for security (section 6.2). It includes reference to various standards for each requirement.
- HL7 comments in relation to use of HL7 standards
- HL7 interest is the SLS.
- WG discussion on the potential amendment and additions to document. Jonathon Coleman captured for the HL7 comments.
Findings from CCDE Connectathon
Tuesday Q3
Joint CBCP, Hosting Security
- CBCP is also Joint with Attachments for eLTSS presentation - should send Reps
- ONC Research Patient Choice presentation by REACHnet Kyle Bradford
- WG Recruitment Strategies
Tuesday Q4
Security PSAF Work Session
- New FHIM P&S Station - Jay Lyle &/or Galen Mulrooney to present
- Review Proposed May TF4FA & S&P DAM Ballot Material
- Security should send rep to joint Attachment with FM for eLTSS Security
Wednesday Q1
Joint with EHR (EHR hosting) See EHR Minutes
Wednesday Q2
No meeting
Wednesday Q3
xxxxx
Wednesday Q4
xxxxx
Thursday Q1
xxxxx
Thursday Q2
xxxxx