This wiki has undergone a migration to Confluence found Here
Difference between revisions of "August 1, 2017 Security Conference Call"
Jump to navigation
Jump to search
(Created page with "Back to Security Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member...") |
|||
| (15 intermediate revisions by 3 users not shown) | |||
| Line 55: | Line 55: | ||
=='''Agenda'''== | =='''Agenda'''== | ||
#''(2 min)'' '''Roll Call, Agenda Approval''' | #''(2 min)'' '''Roll Call, Agenda Approval''' | ||
| − | #''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title= | + | #''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title=July_25,_2017_Security_Conference_Call Security WG Call Minutes July 25, 2017]''' |
| − | #''( | + | #''(10 min)'' '''[https://oncprojectracking.healthit.gov/wiki/display/INTEROP/Common+Agreement+and+Exchange+Framework 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments]''' HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen |
| + | #''(10 min)'' '''No FHIR Security call today'''- John | ||
==News and Review Material== | ==News and Review Material== | ||
| + | *[https://www.healthit.gov/sites/default/files/july24trustedexchangeframework.pdf ONC Trusted Exchange Common Agreement Kick Off Deck] | ||
| + | *Adrian Gropper’s Article on the 21st Century Cures Act Trusted Exchange Framework and Common Agreement Kick-Off Meeting - [http://thehealthcareblog.com/blog/2017/07/25/onc-interoperability-meeting-raises-more-questions-than-answers/ ONC Interoperability Meeting Raises More Questions Than Answers]cites one of the key value propositions for the Security WG TF4FA: ''Different frameworks with different governance principles can only interoperate at a lowest common denominator, frustrating both clinicians and families.'' | ||
| + | *[http://ainq.com/inquiry/wp-content/uploads/2017/03/21stCenturyCuresAct_PatientAccess.pdf What to HIOs Need to Know about Patient Access in the 21st Century Cures Act] Genevieve Morris: | ||
| + | *"Finally, OCR must develop and disseminate guidance for HIOs on the best practices for ensuring that patient information is private/secure, accurate, verifiable, and that consent and patient preferences for sharing data is easily exchanged. We believe that this guidance could get incorporated into the trust framework that ONC will be working with the industry on (we’ll cover this in the next post), though OCR could of course develop separate guidance. HIOs should engage with ONC both on the trust framework and any guidance that they work with OCR to develop." | ||
| + | *[http://ainq.com/inquiry/wp-content/uploads/2017/03/The 21stCenturyCuresAct_TrustedExchangeFrameworkAndCommonAgreement.pdf What HIOs Need to Know about the Trusted Exchange Framework and Common Agreement in the 21st Century Cures Act] Jason McNamara | ||
| + | *[http://ainq.com/inquiry/wp-content/uploads/2017/03/21stCenturyCuresAct_Information-Blocking_PatientMatching_ProviderDirectory-.pdf What to HIOs Need to Know about Information Blocking, Patient Matching, and the Provider Directory in the 21st Century Cures Act] Genevieve Morris | ||
| + | |||
| + | == Minutes == | ||
| + | * Chaired by Kathleen | ||
| + | * Agenda Approved | ||
| + | * Approved Security WG Call Minutes July 25, 2017- Captured by John (Mike, Chris) | ||
| + | * 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen | ||
| + | ** Reviewed slide deck | ||
| + | ** three papers came out of patient inquires by Genevieve Morrison | ||
| + | ** Legally Technology the law requires it to corroborate with the current trust framework | ||
| + | ** Mike requested to review Section 3022-A definition (Information Blocking)- (Prevents sharing of Health Information, Federal law does not require an opt-in for sharing of health information) | ||
| + | ** Opt-in should not be considered as Information Blocking | ||
| + | ** It can prevent providers from uploading health information | ||
| + | ** Data labeling provides the ability to share with protections for eg: treatment services (Mike) | ||
| + | ** By labeling the data can provide a better type of control as mitigation for information blocking | ||
| + | ** Trust framework keeps everyone on the same level of sharing, when it should be different level of authorizations (Mike) | ||
| + | ** Data segmentation can enable the sharing of information (Kathleen) | ||
| + | ** The word consent was used once in the entire deck | ||
| + | ** If everyone is to exchange data freely, health information exchanges should have option to opt-out or notice of privacy practices | ||
| + | ** Not all of the listed Health information exchanges have guidance of opting out | ||
| + | ** (Kathleen): Genevieve Morrison's paper states "OCR must develop and discriminate guidance for health information org. on best practice that patient information is private, secure, accurate, verifiable, and consent of patient data can be easily exchanged"- this served as her interpretation of what is legally required | ||
| + | ** Work Group to review comments listed under News and Review Material | ||
| + | ** Morrison's comment may require an opt-in to be a law | ||
| + | |||
| + | |||
| + | |||
| + | * No FHIR Security call today- John | ||
Latest revision as of 19:04, 8 August 2017
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes July 25, 2017
- (10 min) 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen
- (10 min) No FHIR Security call today- John
News and Review Material
- ONC Trusted Exchange Common Agreement Kick Off Deck
- Adrian Gropper’s Article on the 21st Century Cures Act Trusted Exchange Framework and Common Agreement Kick-Off Meeting - ONC Interoperability Meeting Raises More Questions Than Answerscites one of the key value propositions for the Security WG TF4FA: Different frameworks with different governance principles can only interoperate at a lowest common denominator, frustrating both clinicians and families.
- What to HIOs Need to Know about Patient Access in the 21st Century Cures Act Genevieve Morris:
- "Finally, OCR must develop and disseminate guidance for HIOs on the best practices for ensuring that patient information is private/secure, accurate, verifiable, and that consent and patient preferences for sharing data is easily exchanged. We believe that this guidance could get incorporated into the trust framework that ONC will be working with the industry on (we’ll cover this in the next post), though OCR could of course develop separate guidance. HIOs should engage with ONC both on the trust framework and any guidance that they work with OCR to develop."
- 21stCenturyCuresAct_TrustedExchangeFrameworkAndCommonAgreement.pdf What HIOs Need to Know about the Trusted Exchange Framework and Common Agreement in the 21st Century Cures Act Jason McNamara
- What to HIOs Need to Know about Information Blocking, Patient Matching, and the Provider Directory in the 21st Century Cures Act Genevieve Morris
Minutes
- Chaired by Kathleen
- Agenda Approved
- Approved Security WG Call Minutes July 25, 2017- Captured by John (Mike, Chris)
- 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen
- Reviewed slide deck
- three papers came out of patient inquires by Genevieve Morrison
- Legally Technology the law requires it to corroborate with the current trust framework
- Mike requested to review Section 3022-A definition (Information Blocking)- (Prevents sharing of Health Information, Federal law does not require an opt-in for sharing of health information)
- Opt-in should not be considered as Information Blocking
- It can prevent providers from uploading health information
- Data labeling provides the ability to share with protections for eg: treatment services (Mike)
- By labeling the data can provide a better type of control as mitigation for information blocking
- Trust framework keeps everyone on the same level of sharing, when it should be different level of authorizations (Mike)
- Data segmentation can enable the sharing of information (Kathleen)
- The word consent was used once in the entire deck
- If everyone is to exchange data freely, health information exchanges should have option to opt-out or notice of privacy practices
- Not all of the listed Health information exchanges have guidance of opting out
- (Kathleen): Genevieve Morrison's paper states "OCR must develop and discriminate guidance for health information org. on best practice that patient information is private, secure, accurate, verifiable, and consent of patient data can be easily exchanged"- this served as her interpretation of what is legally required
- Work Group to review comments listed under News and Review Material
- Morrison's comment may require an opt-in to be a law
- No FHIR Security call today- John
