June 6, 2017 Security Conference Call

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

1. (2 min) Roll Call, Agenda Approval
2. (4 min) Review and Approval of Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
3. (15 min) Review and approval of Madrid Minutes Chair
4. (30 min) HIMSS 2017 Debrief - Mike Davis
5. (5 min) TF4FA Ballot Reconciliation update
6. (5 min) FHIR Security Call - Please review front matter - John Moehrke

Minutes

1. Chaired by Alex
2. Agenda Approved
3. Review and Approval of 23,_2017_Security_Conference_Call, deferred to next call Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
4. Approved (Alex, Mike) Review and approval of Madrid Minutes

1. HIMSS 2017 Debrief - Mike Davis

• Power Point was presented and the following were reviewed
• Three sets of Files of the HIMMS 2017 demonstration (based on Jan FHIR Connectathon were presented on behalf of HL7 (Shared with group, editable to add content)
• HIMMS definition of interaprability and vocabulary reviewed:
• FHIR on a foundation level (Cyber Security) allows data exchange
• Structural interporability is the structure of the data
• Cantara UMA and Java are included in the transport section
• Audit Providence are included in the resource description
• Health Care classification system provides the ability to input the security and privacy labels on the data
• CDA high level confidentiality restricted code/content based on HL7 Code set is included
• Obligations and Prohibition or re-disclosure of information is included
• Security standards of CBC groups relevent to FHIR included
• Soon trust framework will be able to be added
• Attribute based Access control should be used when defining role based access
• Rule is included to define the rules and the rules are managed by a rules engine
• Link to a youtube video is also provided in presentation to describe the presentation
• This year we showed how Patients can take control of their data
• Patients want choice, and HIPPA Auth allows patients to grant their choices and direct the covered entity and delivered it to requested location
• Part of the HIPPA law does not allow the patient to choose where to send their encrypted healthcare data
• OATH autherization server allows for provisions for the patient by providing the requesting organization with a token to grant access to patient data
• Kathleen shared the link of use cases to Duane to review prior to sharing with Security Work group ( Approved by Mike to share Demo)
• Clinical support system is able to read the protective conditions (eg: drug drug interactions), data is masked not redacted
• Security labeling Service allows searching and labeling feature for the patients conditions, and create privacy protective service of masking data
• (use case) Patient Consent on Research goes to a genomic data base and data warehouse
• Kathleen will schedule time for Duane to demonstrate to group
• Duane comment: Several organization participating in clinical workflow,
  • Three organizations discussed in the demo
  • VHA is the primary custodian
  • MyHIN
  • Veteran for Research (patient provides informed consent for genomic research), research organization can identify treatment, and informed consent can also be generated for the treatment
  • Lab test can be seen and other data can be seen through the cascading OATH
  • More will be discussed next week

• call adjourned