Community-Based Care and Privacy (CBCP) Working Group Meeting

Back to CBCP Main Page

Meeting Information

Dial-in Number:  (515) 604-9861;  Access Code: 429554
* International Dial-in Numbers: https://fccdl.in/i/cbhs

* Online Meeting Link: https://join.freeconferencecall.com/cbhs  
* Click on Join an Online Meeting Enter Online Meeting ID:  cbhs 
* Follow prompts if not automatically connected

Please be aware that teleconference meetings are recorded to assist with creating meeting minutes

Back to CBCP Main Page

Attendees

Call Recording: https://fccdl.in/0gfP7LTghl (temporary)

Back to CBCP Main Page

Agenda

1. Roll Call, Agenda Review
2. Meeting Minutes approval: (in process)
3. (5 min) CBCP FHIR THURSDAY call at 1:00 ET // FHIR Consent Directive Project Wiki, Main page
   • FHIR Consent discussion
   • FHIR CPs for review
   • FHIR Consent CPs are located: link to ALL Consent Change requests
4. Privacy Study Group Update - Mike Davis
5. eLTSS Update - Irina / Becky
   • Latest PSS posted to gForge TEFT eLTSS Supplemental ATL F2F
6. FHIR Security Project Update - Johnathan / John Moehrke
   • Weekly meeting on Tuesday - 2 PM Eastern
   • https://www.freeconferencecall.com/join/security36; Phone Number: +1 515-604-9567. Participant Passcode: 880898
7. OCP Project Background - Neelima / Ioana
8. Review of HL7 Cologne Agenda DRAFT
9. Privacy and Security Architecture Framework (PSAF) Ballot - update,
   • Weekly meeting cancelled, new meeting will be scheduled post ballot for reconciliation

Meeting Minutes DRAFT Roll Call No meeting minutes to approve

CBCP FHIR Thursday call Call on hiatus until after ballot

• issue: (change already made), typo plus additional item uploaded in error
  • CP 15707 - search paramenter not consistent
  • issue search function for consent source, was only allowing search for other resources, additional line needed. additional ine added (with consult from Lloyd);
  • VOTE: (JIm / Suzanne) Accept correction as described)
    • Abstention: none; Objections: none; Approve: 11

Patient engagement tracker in FHIR being 'developed' with John Moehrke;

• affects audit and other items
• an IG needs to be created? (discussion to continue at WGM) -- in relation to GDPR, for 'right to be forgotten' - needs to behandled technically
  • JOhnM will rally folk from FHIRi - discussion
  • how do we handle patient based requests (i.e. to query their record--we don't have a way to handle this at this time) because patient consent does effectively come fromt he patient... but deliet my EHR record, needs to havea workfly and changes to certain resources -- privacy/security matter, patient engagement matter

Privacy Study Group - No update

eLTSS Update -

• moving along uneventlylly
• starting to update the draft artifact whitepaper; when tangible document available to review - will send out

FHIR Security Project Update - no update (meeting today reminder given)

Cologne Agenda -

• eLTSS (remove), no eLTSS project representation
• Note: no SAMHSA representation for this meeting
• change #2 Is privacy obsolete to privacy study group

Tuesday:

• Q3 - remove eLTSS
• Patient choice project - Johnathan or Kathleen to report

Wednesday:

• remove eLTSS
• BH Dam update? - remove? (Jim sending information
• add PR of all projects from last 5 years - report out.
  • Ioana will start "[? http://www.hl7.org/implement/standards/product_matrix.cfm?ref=nav (search under Work Group - Community-Based Care and Privacy) standards matrix]"
  • add as possible materials for HL7 slides
  • cross-paradigm are the latest greatest DAM specificiation

• Everything we've learned from V2 can be applied to FHIR as well as information from CDA
  • how do we lower the

Thursday

• round table with FHIR-I
  • smart on FHIR launch specification - have we been following
  • allows for apps to co-exist; thought on consent... ptient context is what a secondary application is learns at launch time. you tell application here's your user and heres you patient
  • your oauth policy says you're supposed to work within the limitations the scopoe gives you
  • i you take a consent and turn into a set of scopes and use the patient context as one of the copes int he policy... youc an set up rules wehre the fhir/resouces servie
    • check to see if the policy is authorized
  • check the patient context and see if you have th epermissionf rom the client to look at that standard
  • there is an intersection where smart on fhir and operational consent...
  • ioana invited to Thursday Q1 meeting... to continue discussion.

OCP Proejct Ioana -

• Greg
• staring in January 2018 working to implement a set of functionalities to endabvle a better kind of care coordination/planning for BH

improve the value through FHIR across application module

• we have have apps that are
• that have read /wret permission; other apps may come in and have a different set of clinical scopes, they could ready the patien tencounter and create a consent. those different types of modules with guidance in place, we have a predefined set of capabilities with what they can do on launche. if they have a 'secret' or pulic application-- smart on fhire provides different flaors...

in the case of the OCP aplcaiton the omnibus care plan - applciationcan launce a care plan of care plans... lance another thire part ... createing a reusable

• the caapbiltiysate metn is consistent. going to use a patient and user context for example. do will not need ccow anymore to tell application at launce what paient is ...for user identity
  • if you take one step further now based on consent
  • very open to sensibility

deployed hapi fhir gce(?( servicer...

• in terms of cascading auth or validation those interceptors are already part of the hapi fhir
• can intercept a read event and validate scope
• in terms of solution: using hapi FHIR - deploying amazon web service platefor
• using 3rd using oath2 , openID connect service (not the builit amazon service)
• we start with a default data set, there are two layers of specification...
  • there is a second UI that controls the display... its data first then design bifurcated..what is the data asses and then how do you display. the dev team is making good process...
  • how e get dta how do we store...
  • fhir as a standars ased api is very useful
  • extensions are great for the api, but terrible for interoperability.

(from kathleen: Alternative to string scopes https://medium.com/@jafarim/using-json-to-model-complex-oauth-scopes-fa8a054b2a28 Alternative to string scopes JSON to Model complex OAuth Scope

• this is not associated with a PSS, eveyrhign we are doing here; is very good information for the eLTSS connect ta thon--planning to participate in June/July 2018. Ioana will be there to show to make sure they are coving their dtaset.
• should do a compare-contrast betweent the scopes - may be a report out in cologn (Keith/Moahmmad have already written...?)