July 24, 2018 CBCP Conference Call
Attendees
Member Name | x | Member Name | x | Member Name | x | Member Name | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
. | Johnathan ColemanCBCP Co-Chair | x | Suzanne Gonzales-Webb CBCP Co-Chair | x | Jim Kretz CBCP Co-Chair | x | David Pyke CBCP Co-Chair | ||||||||||||||
x | Kathleen Connor Security Co-Chair | x | Mike Davis | . | John Moehrke Security Co-Chair | . | Diana Proud-Madruga | ||||||||||||||
x | Chris Shawn | . | Neelima Chennamaraja | . | Joe Lamy | . | Greg Linden | ||||||||||||||
. | Irina Connelly | . | Saurav Chowdhury | . | Dave Silver | x | Francisco Jauregui | ||||||||||||||
x | Mark Meadows | . | Amber Patel | x | Becky Angeles | . | Jennifer Brush | ||||||||||||||
. | Mohammad Jafari | . | Ali Khan | . | Ken Salyards | . | Michael Gu | ||||||||||||||
. | David Staggs | . | Bonnie Young | . | Ioana Singureanu | x | Beth Pumo | x | Lawless | . | [mailto:] | . | [mailto:] | x | [mailto:] |
Agenda
- Roll Call, Agenda Review
- Meeting Minutes approval: none to approve at this time
- eLTSS Update - Irina / Becky
- eLTSS NIB submitted before Sunday deadline
- PSS - CBCP Approval (Ken Lord)
- Privacy - Is privacy Obsolete update - Mike Davis
- FHIR Consent
- FHIR CPs for review
- FHIR Consent CPs are located: link to ALL Consent Change requests
Meeting Minutes DRAFT
Chair - Dave Pyke
eLTSS
- Lynne - publishing folks - any other that we need to do
- they frown upon ballotable material publicly; so items will not be posted on the CBCP wiki
- no other specific instructions were given to get ready for ballot
- uploading items to the wiki; need to delete some information
- hesitating to upload spreadsheet; until
- owed to CBCP a final version with executive summary; once ready Irina will provide once ready
FHIR Consent
CPs items to vote on
four have been dealt with one way or another;
- CP 15581 - Motion: Suzanne / Jim Vote on disposition as displayed
- vote: abstentions: none; against: none; approval: 11
- CP 15641
- followed up with Michelle with no response
- wish to close as not persuasive Motion made: Jim / Suzanne
- Abstention: none; Against: none; Approval: 11
- 17154 Search parameters
- Securitylabel to security-label (must have dash) Motion: Jim/Suzanne
- Vote: abstentions: none; against: none; Approval: 11
- CP 14181
- items have been elimated - could not be mapped to v3 RIM (they are not found in v3 RIM
- CP 11069 (already resolved)
- suggest to close as this is based on an older version
NEW DISCUSSION:
additional e-mail discussion: David Pyke been asked to put forward this statement for voting as a motion to the group clarifying our stance on consent in FHIR <quote> * The Consent resource is the correct (and best) way to store and exchange computable consent agreements in a FHIR environment * Formal consent documents are contracts and you may use the Contract resource to capture that aspect of them for attachment to the Consent resource as a source document. * While Consent information may sometimes be found in DocumentReference, Binary, Contract and other resources, Consent is the principle resource for representing consent-related information and is the endpoint where systems should expect to find this information <endquote>
Above given to DAvid by Grahame and Lloyed on FHIR Resource - usage of various resources and their use in FHIR
CBCP - information to be sent out for review Cross-Paradigm Interopbility project
showing to transform security labels from FHIR to CDA... not a lot to do on FHIR consent contract or the CA consent; to a large extent is about security labels--there may be misunderstanding
- to be proposed as a joint sponsorship; and confirm which WGs are involved--
wait until we get a better descrption if we do need to be involved (based on kathleen description... unsure of scope; involving cross paradign
Suzanne - to reach out to Ken Lord before sending information out for CBCP review
Is Priacy Obsolte - update
- year / year and a half
- no recent report outs; lots of concern of whether privacy was dead due to large nmber of breachers (large breaches) often without harm to lega regsitutuion to victims--as credit theft
- in the meantime ; we have been engaged with worldwide review; AUS, China Eu India, Japan UK, US among others - specifically did not look at Russia.
- most countries have new privacy laws in place
- EU - GDPR in place
- other countries are looking at GDPR as benchmark (Japan may incorporate GDPR version)
- in US, initial feeling was fragmented state by state and largly with specific industry focus; it is a patchwork of state laws, that being said the US is considered to be strong in terms of privacy because of the FTC enforcement of federal trade commission act; also healthcare is one of the vertical as excellent privacy practice.
- with the FTC the general concensus US privacy enforcement and laws in US are the strictest in the world
- but doesn't address victims do not get credit in the courts--efforts are largly to correct breaches int he first place; in terms of technology, seeing lots of new technology in privacy i.e. zero-knowledge proofs UMA block chans, data beach responses - included in the GDPR; which has raised the bar
- all 50 US states have breach notification law in place. we have consent management
- data classification (we call it security labeling) enforcing/segmenting privacy information.
- largely if looking at enfocement activities which fall more in what organzations do … we wuld say its a big plus that detracted by the fact that we do have breaches involving billions of dollars; there is reason to question security in facebook, google; knowing we go in at our own risk;
- privacy is not dead - it has issues there are activities in law and technology in standards bodies to address the issues; may not be the final conclusion for today; goal: wrap up and bief out at the Security/ HL7 WGM meeting
Oliver: freeze your credit? recourse to protect yourself or is there other
- breaches are not just getting into our account; ie. security clearance infroatmion collected was breached for millions of federal employes, homes they've lived, cards etch... were breaches including healthcare privacy not just credit card monitory involved in identy theft
- there is no effective recourse to sufficiently lock up the information they carry; the GDPR is slapping down on companies on that. Therorizes that GDPR can protect toursts who travel outside Eu; there are no harsh penalites (in Canada) and make retributions... except through credit monitoring
Legal changes/technology changes / enforcement and we're talking about privacy across the board; not just identity theft... its more promising thatn what we toguht whenw e were just looking at victims not getting more than credit monitorying.
Motion made to adjorn: Jim Meeeting adjorned at 9:43 Pacific time --Suzannegw (talk) 12:44, 24 July 2018 (EDT)