This wiki has undergone a migration to Confluence found Here

Difference between revisions of "August 1, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 86: Line 86:
 
** Not all of the listed Health information exchanges have guidance of opting out  
 
** Not all of the listed Health information exchanges have guidance of opting out  
 
** (Kathleen): Genevieve Morrison's paper states "OCR must develop and discriminate guidance for health information org. on best practice that patient information is private, secure, accurate, verifiable, and consent of patient data can be easily exchanged"- this served as her interpretation of what is legally required  
 
** (Kathleen): Genevieve Morrison's paper states "OCR must develop and discriminate guidance for health information org. on best practice that patient information is private, secure, accurate, verifiable, and consent of patient data can be easily exchanged"- this served as her interpretation of what is legally required  
 +
** Work Group to review comments listed under News
 
** Morrison's comment may require an opt-in to be a law
 
** Morrison's comment may require an opt-in to be a law
  

Revision as of 19:04, 8 August 2017

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes July 25, 2017
  3. (10 min) 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen
  4. (10 min) No FHIR Security call today- John

News and Review Material

Minutes

  • Chaired by Kathleen
  • Agenda Approved
  • Approved Security WG Call Minutes July 25, 2017- Captured by John (Mike, Chris)
  • 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments HL7 Policy Advisory Committee is soliciting Security and CBCC WG responses to the comment areas listed by August 14th for inclusion in HL7's response. - Kathleen
    • Reviewed slide deck
    • three papers came out of patient inquires by Genevieve Morrison
    • Legally Technology the law requires it to corroborate with the current trust framework
    • Mike requested to review Section 3022-A definition (Information Blocking)- (Prevents sharing of Health Information, Federal law does not require an opt-in for sharing of health information)
    • Opt-in should not be considered as Information Blocking
    • It can prevent providers from uploading health information
    • Data labeling provides the ability to share with protections for eg: treatment services (Mike)
    • By labeling the data can provide a better type of control as mitigation for information blocking
    • Trust framework keeps everyone on the same level of sharing, when it should be different level of authorizations (Mike)
    • Data segmentation can enable the sharing of information (Kathleen)
    • The word consent was used once in the entire deck
    • If everyone is to exchange data freely, health information exchanges should have option to opt-out or notice of privacy practices
    • Not all of the listed Health information exchanges have guidance of opting out
    • (Kathleen): Genevieve Morrison's paper states "OCR must develop and discriminate guidance for health information org. on best practice that patient information is private, secure, accurate, verifiable, and consent of patient data can be easily exchanged"- this served as her interpretation of what is legally required
    • Work Group to review comments listed under News
    • Morrison's comment may require an opt-in to be a law


  • No FHIR Security call today- John