This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

August 27, 2018 CBCP Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to CBCP Main Page

August 28, 2018 CBCP Conference Call


Back to CBCP Main Page

Member Name x Member Name x Member Name x Member Name
x Johnathan ColemanCBCP Co-Chair x Suzanne Gonzales-Webb CBCP Co-Chair x Jim Kretz CBCP Co-Chair x David Pyke CBCP Co-Chair
x Kathleen Connor Security Co-Chair x Mike Davis x John Moehrke Security Co-Chair x Diana Proud-Madruga
x Chris Shawn . Neelima Chennamaraja . Joe Lamy . Greg Linden
x Irina Connelly . Saurav Chowdhury . Dave Silver \x. Francisco Jauregui
. Mark Meadows . Amber Patel x Becky Angeles . Jennifer Brush
. Mohammad Jafari . Ali Khan x Ken Salyards . Michael Gu
x David Staggs . Bonnie Young . Ioana Singureanu . Beth Pumo
. Lawless . Ken Lord . [mailto:] . [mailto:]

Back to CBCP Main Page

Agenda DRAFT

Meeting recording: TEMPORAY:

  1. Roll Call, Agenda Review
  2. Meeting Minutes approval:
  3. eLTSS Update - Irina / Becky
  4. Withdrawal of V3: Medical Records; Data Access Consent, Release 1 (VOTE Needed)
  6. Baltimore WGM Agenda DRAFT, ready for agenda items

Meeting Minutes (DRAFT)

July 10 – Approve Meeting Minutes: (Motion Suzanne / Jim)

  • Vote: Opposed: none, Abstain: 1 (Johnathan); minutes approved: 11 for July 10

July 17: tentative approval (DP to add CPs worked on) Suzanne / Jim opposed: none, approved:11

  • Vote: Opposed: none, Abstain: 1 (Johnathan); Minutes Approved; 11 for July 17

eLTSS Update

  • (Becky) 113 persons signed up for ballot
  • questions on ballot reconciliation from Becky;
    • amalgamated ballot comment reconciliation, Suzanne can review process
    • can add ballot reconciliation to WGM agenda

Withdrawal of v3: Medical Records: Data Access Consent, Release 1

  • Per Dave (from e-mail sent to CBCP co-chairs – see link in Agenda above) being pulled as an ANSI-standard
    • only Canada is using (a Canadian version)
    • Recommendation is to pull from v3
  • Comment/commendation to Dave for due diligence of reviewing, determining usage
    • Continued discussion to be placed in parking lot - the shared secrets usability ma want to consider for FHIR; what it does---(may be able to done with OAuth) the actual modeling the signature; allow me to break glass in an ad hoc manner - can be in an emergency (patient requesting is conscious); may have redactors or restricts--with a provider and decision made that MD may need to know; shared secret can then be entered by MD (i.e. MD is now authorized)
    • May want to replicate ability as a future use case==
      • There is background information, documents; may be used in FHIR consent

<<Kathleen to add link/documents>> for minutes

  • (Mike) its fine to bring up/assess the use case; we are leaping technologies... we do not need to provide multiple capabilities;

Kathleen moves to removing from v3 / second: Suzanne (or Johnathan)

abstentions: none; opposed: none; approved: unanimous

Discussion: Mike is correct that OAuth/SAML…. the provider has received the PIN (and recorded) that has to be in place for SAML or oath pin to work.... CAPTURED AS A CONSENT DIRECTIVE

  • what is necessary - n the consent resource (or appropriate); hold and override PIN for patient to override specific information to bypass OAuth… (check recording)
  • Mike would like use case to be more general (less associated with technical) there are multiple technologies available); can change OAuth permission to allow one-time permission; this is an ad hoc type of authorization that the patient has capability to grant--outside the normal scope of authorization
  • Kathleen - yes; they can authorize a read only; one time they can turn this on--with this secret having this secret as long as SAML can handle
    • the provider system can make request to override the secret file; whatever the last consent... allowing the one provider to read it the one time
  • (Mike) so while Canada has this in place; outside of Canada may not want; changing systems with existing capabilities to do the same thing; concern on the use case implementation
  • Dave - sees benefit of PIN for the override; which places control w patient; limits exception to current consent record without change anything in the resource... (stuck in the middle) need to sit down with use case and figure out the best way to look at it... likes the simplicity of the pin
  • Mike; requires underlying structure to deal with the pin. have to have a mechanism to deal with the PIN... Canada does this, but the rest may not; not in favor of forcing people to adopt a technology

FHIR consent

  • No CPs for review

Baltimore WGM Agenda DRAFT

  • eLTSS (Irina) will be available M-Th
  • Volume 3 - PPT / for TEFCA
  • Privacy obsolete
  • FHIR Security / privacy overview
  • remainder of agenda



Q2 remove eLTSS


ONC pilot - ? if available / Johnathan will work out details.

Q4 - eLTSS ballot reconciliation



Q2 cont. eLTSS ballot reconciliation; co-chair admin

Q4 Piper, BH interest group - Jim will attempt to contact /

  • also, would like to add privacy obsolete update


Q1 FHIR Consent discussion; report out of FHIR Connectathon


ADD Jim just off phone from financial management - interested in participating on creation of a FHIR resource for program (as opposed to ? ) may be hearing from Mary Kay; (add to agenda after confirmation of relationship to CBCP) - Kathleen to assist with scheduling...

also add to agenda - cross paradigm (Suzanne to speak to Ken Lord for update)

Privacy Obsolete - Mike

  • review 2018 items
    • in a report related august 9 -- 3.1 million healthcare records were exposed by 142 by breaches by Q2 along
    • this continues Q to Q without any abatement - apparently, we are not doing our job in HL7 security and privacy
      • if no one follows the standards then there is only so much we can do
  • In the news - the VA mission act passed; which made changes to 38USC7332 which allows us to share to patient information, including information that is identified as confidential in title 38 ---without an authorization. there is a trend here to offer citizens choices in their best …. i.e. upping retirement account due to cost increases-- also saw that in June there is an article that House passed a bill to align substance use Disorder 42CFR....
  • article in July - which reports that says that HHS is pushing for changes in HIPAA rule and 42CFR part 2 to allow SUD to be shared without authorization -

Question to the group - are these articles on track to what this group understands - there seems to be a trend with opioid epidemic - are we moving in this direction

  • what to share - what not to share (conversation between Kathleen and Mike)
  • there is continues pressure in Congress to do in 42CFR part 2 - why that is, doesn't make sense (Jim) we have been getting pressure from various people on the hill which is why it was revised last year - the revision was only minor; the law its based upon is clear. what's behind the anticipated benefit is not clear. there are a lot of EHR publisher who do not want to deal with it--that appears to be enormous pressure group 42CFR Part 2 to be HIPAA compliant.

which doesn't add to the discussion.

(Mike) doesn't seem to me in the VA the way its being implement - we are opted in by default. if you want to opt out, you have the choice ; there is nothing being removed from the patient EHR; we used to require authorize... if you want to share it, it’s there but if you don’t you have to request to limit Jim - the HIPAA exceptions are what's its pointed to; where there is no option; that is to the discretion of the provider;

Mike - we've been looking at both position sides - each have incredible arguments; what I’m seeing in the reports is that there is an effort; house bill was passed in June 2018, and if HHS is pushing it--which followed the house bill, then maybe that's where we're going…

Mike - the other thing; the whole privacy landscape continues to evolve rapidly. the study can go on forever but plan to end it in September; attitudes about privacy are changing. it’s a gradual thing. we freely give out information away who give us free stuff. there are bastions, i.e. banking, healthcare where is some concern. the privacy is being attached on different fronts; a good example is new technology--to put up balloons or satellites or drones that would be operating over every sq. inch of the planet, they would provide internet services and have cameras to watch everything below; in California there is increased... to have cameras that read car licenses that take photos of you and your phone tracks you that you can turn your phone off/disable but it still tracks you. to have it stops tracking is to leave it somewhere. these are so gradual its imperectapbe we are accepting the changes one-by-one. GDPR doesn’t' address these things (it addresses structural things) but on the use of some information it doesn't address the slippery slope--where we are giving up the information we really want protected. articles being read at the moment are very doomsday but we've all gone willingly there -

  • Mike trying to put together a report - short PPT and a document; an HL7 site, but plan to stop effort on research
    • if you have information or experiences you want to include please send to
    • GDPR is outside EU; moving its own legislation outside of privacy; it may take effect in the North America.
    • Mike trying to distinguish between GDPR and corporate abuses/abuses we do on our own; we're giving away our information for benefits there is a tremendous erosion (tweet, Facebook, etc.) being used to profile you--GDPR doesn't address that; (David) but it does because you can evoke right to erasure.

No additional items added to agenda

Motion made to adjourn: Meeting adjourned at 9:54 Arizona Time --Suzannegw (talk) 13:23, 28 August 2018 (EDT)