Community-Based Collaborative Care Working Group Meeting

Back to CBCC Main Page

Meeting Information

Attendees

Back to CBCC Main Page

Agenda

1. (05 min) Roll Call, Approve Meeting Minutes from April 12, 2016 CBCC Conference Call
2. (15 min) Ballot Reconciliation for Consent Directive
3. (10 min) Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook update - Rick
   • Privacy Impact Assessment Cookbook DRAFT
   • PbD Principles and Conformance Criteria DRAFT
   • Privacy Impact Assessment Cookbook Project Scope Statement
4. (01 min) Healthcare Security and Privacy Access Control Catalog - Update post ballot
5. (05 min) PASS Access Control Services Conceptual Model - (Standing agenda item) update (Diana)
6. (05 min) Joint EHR, Security, Privacy Vocabulary Alignment - (Standing agenda item) update (Diana/Mike)

Meeting Minutes (DRAFT)

Agenda Approved

Meeting minutes for April 05, 2016 CBCC Conference Call

Approved: 0 / Abstain: 0 / Objections: 0

Ballot Reconciliation - Consent Directive CDA R2 IG Ioana has sent out follow up e-mail to the remaining negative votes, awaiting responses from

• Austin Kreisler
• Vasil Peytchev and Nell Lapres (EPIC)
• Lisa Nelson

We are awaiting response to the proposed comments, suggestions

Ballot Reconciliation - Healthcare Access Control Catalog Suzanne has sent out follow up e-mails to the DoD remaining negative votes

• Ollie Gray
• Wei Guo

Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook Diana expressed concern with the PIA being too cumbersome with HL7 developers which is what she believes is why the Security Risk Assessment Cookbook did not gain any traction.

• PIA cookbook; are we going to Privacy Impact Assessment, when we are looking for privacy considerations in HL7 standards
• Mike - it’s a matter of resources and prioritizing activities. This is the simple man's PIA. We need this in place so that we don't want to be harassed in S&P, we want to give them a simple checklist. Not specifically FHIR related, we have a project plan, with a new scope statement with a trust framework which will be more Privacy by Design (PbD) --more in-depth type of thing. We are not trying to do both in one project--we want two separate PSS which address the specific items in each and can be properly scaled.

Conformance criteria showed... Checklist

• Principle - Concept of choice
• PIA Cookbook - what the developer would go through (questions, checklist)

The PbD is very high level; it’s a design principle to be considered when implementing a system. The S&P Framework is intended to be more of directed toward consideration that developers or system orders would need to think about in a policy perspective. We’ve had recent discussions when you change the labels on a resource and folks with the FHIR community think they can change labels when they want to. We don't want to write policy in FHIR. In this case, the business associate agreement that they would honor the labels as present and not changed--on the other hand, the correction--the data was labeled as sensitive but it’s not. (You’ll need to update the existing version) we could have a recommended best practice in order to deal with this.

Addition discussion, minor revisions made to the project scope

PASS Access Control

• waiting on an update from Alex regarding Bernd's comment (at security meeting)

Joint EHR Security Privacy Vocabulary Alignment This morning's meeting cancelled this week. Work completed last week for presentation at today's meeting. Continuing to review how to model the vocabulary and looking to bring in a terminologist to assist with best practices.

Meeting adjourned at 1154 AZT --Suzannegw (talk) 15:08, 19 April 2016 (EDT)