This wiki has undergone a migration to Confluence found Here
October 14, 2016 Security Conference Call
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | . | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- Purpose: Review and seek approval to submit 3 initial harmonization proposals by midnight ET today.
- Harmonization Schedule:
- Initial Proposals - Submissions due 10/14/2016, midnight Eastern
- Final Proposals - Submissions due 11/04/2016, midnight Eastern
- Proposal 1- Incompetency override code specialization of ActConsentInformationAccessOverrideReason in ActReason code system
- Proposal 2 - Five new Security Compartment Label Codes
- Proposal 3 - Additional Research Purpose of Use Codes
Minutes
- Chairedby Kathleen
- Discussion
- Roll Call, Agenda Approval
Purpose: Review and seek approval to submit 3 initial harmonization proposals by midnight ET today.
- Harmonization Schedule:
Initial Proposals - Submissions due 10/14/2016, midnight Eastern
- Comment- Glen: The Standardization appears to not be regulated.
- Is it possible to obtain a limited consent for research only?
- How is it presented? We should present the patient with choices, and how is it presented under what conditions?
- How do you stay in touch with patients to re-purpose of Data.
- How do we deal with expansive vocabulary?
- Kathleen Comment (Global Alliance work):
- They contributed to the original set of codes into HL7
- Question (John) : What is the relationship between Common Accord and HL7?
- Answer (Kathleen): Common Accord and HL7 is doing something similar to create smart contracts.
- Working with Patient Choice (Kathleen)
- Patient choice is seeking technical solution
- There was a FHIR questionnaire on recent consent scenarios
- Vocabulary Group accepted the proposal; however, Mike Davis would like to see more granularity
- Patient Choice (ONC Project) is looking on how to find standards for research consent. (Kathleen)
- Patient Choice is looking to see if FHIR consent can be used to collect consent
- On November 4, 2016 we have to have a final decision (Kathleen)
- Comment- Glen: The Standardization appears to not be regulated.
- Final Proposals - Submissions due 11/04/2016, midnight Eastern
- Proposal 1- Incompetency override code specialization of ActConsentInformationAccessOverrideReason in ActReason code system
- We have a set of override codes, concept from V2
- One code is cased on Patient declining
- Another is based on Patient incompetence (Incompetency Override)
- Comment: The term incompetent appears insensitive and not an active assessment of the patient (John)
- Proposal 2 - Five new Security Compartment Label Codes
- We can use compartments or workflow to better define purpose of use (ISO-2382-8)
- It is a division of Data into isolated blocks with separate security controls
- It is create a special compartment to financial management such as an offsite billing service (Patient Administration)
- Comment (John): It reads as a structural role rather than a workflow or compartment
- Mike Davis advised in the past that the compartments to be more granular
- Is this Role based Access?
- Comment Mike Davis: The security is for access control is too complex.
- Criteria recommendations: Is there a security or privacy use that supports authorization decision?
- Is the code needed to support introprability?
- Is the code needed beyond legal and privacy, and who would own this (expert party)?
- Is the code needed beyond Security and Privacy?
- Next Step:
- (John) would like to develop a methodology for compartment in healthcare.
- (Glen & Mike Agree)- Compartments are to be more grounded in access control.
- Proposal 3 - Additional Research Purpose of Use Codes
- Call Adjourned
