This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 WMG and Plenary, Sept 2016, Baltimore"

From HL7Wiki
Jump to navigation Jump to search
Line 575: Line 575:
! '''SOA Attendee'''||1 MON Q3||2 MON Q4 !! 3 TUES Q1  || 4 TUES Q2 !! 5 TUE Q3 || 6 TUE Q4 || 7 WED Q2 !! 8 WED Q3 || 9 WED Q4 !! 10 THU Q1 || 11 THU Q2 ||  !!
! '''SOA Attendee'''||1 MON Q3||2 MON Q4 !! 3 TUES Q1  || 4 TUES Q2 !! 5 TUE Q3 || 6 TUE Q4 || 7 WED Q2 !! 8 WED Q3 || 9 WED Q4 !! 10 THU Q1 || 11 THU Q2 !!
Line 632: Line 632:
|| [mailto: Artem Sopin]     
|| [mailto: Artem Sopin]     
|| [ Laura Heermann] Intermountain Healthcare ||||||||x||||||7||8||9||10||11||12||13||.
|| [ Laura Heermann] Intermountain Healthcare ||||||||x||||||||||||||||.
|| [mailto: Martin Rosner]    ||||||||||||||7||8||9||10||11||12||13||.
|| [mailto: Martin Rosner]     
|| [ Emma Jones]  Allscripts  ||||x||||x||||||7||8||9||10||11||12||13||.
|| [ Emma Jones]  Allscripts  ||||x||||x||||||||||||||||.
|| [mailto: Steve Hufnagel]    ||||||||||||6||7||8||9||10||11||12||13||.
|| [mailto: Steve Hufnagel]    ||||||||||||||||||||||||.
|| [mailto: Raheem Daya] McKesson  ||||||||||||6||7||8||9||10||11||12||13||.
|| [mailto: Raheem Daya] McKesson  ||||||||||||6||7||8||9||10||11||12||13||.
Line 664: Line 664:
|| [ Manoj Sharma] Allscripts    ||||x||||||||6||7||8||9||10||11||12||13||.
|| [ Manoj Sharma] Allscripts    ||||x||||||||6||7||8||9||10||11||12||13||.
|| [ Chana West] ESAC Inc.    ||||||x||||||6||7||8||9||10||11||12||13||.
|| [ Chana West] ESAC Inc.    ||||||x||||||6||7||8||9||10||11||.
|| [ Kevan Riley] Infor (?)  ||||||x||||||6||7||8||9||x||11||12||13||.
|| [ Kevan Riley] Infor (?)  ||||||x||||||||||||||x||||.
|| [ Zach May] ESAC Inc.    ||||||x||||||6||7||8||9||10||11||12||13||.
|| [ Zach May] ESAC Inc.    ||||||x||||||||||||||||||.
|| [ Rashedul Hasan] FDA  ||||||x||||||6||7||8||9||10||11||12||13||.
|| [ Rashedul Hasan] FDA  ||||||x||||||||||||||||||.
|| [ Cooper Thompson] Epic    ||||||||||x||||||x||9||10||11||12||13||.
|| [ Cooper Thompson] Epic    ||||||||||x||||||x||||||||.
|| [ Karl Holzer] CGM    ||||||||||||x||7||8||9||10||11||12||13||.
|| [ Karl Holzer] CGM    ||||||||||||x||||||||||||.
|| [ Oliver Krauss] University of Applied Science Upper Austria  ||||||||||||x||7||8||9||10||11||12||13||.
|| [ Oliver Krauss] University of Applied Science Upper Austria  ||||||||||||x||||||||||||.
|| [ Alexander Mense] HL7 Austria    ||1||2||3||4||5||6||x||8||9||10||11||12||13||.
|| [ Alexander Mense] HL7 Austria    ||||||||||||||x||||||||||||||.
|| [ Grahame Grieve]    ||1||2||3||4||5||6||7||8||x||10||11||12||13||.
|| [ Grahame Grieve]    ||||||||||||||||||x||||||.
|| [ Victor Harrison] OMG  ||1||2||3||4||5||6||7||8||x||10||11||12||13||.
|| [ Victor Harrison] OMG  ||||||||||||||||||x||||||.
|| [ Emory Fry] Cognitive  ||1||2||3||4||5||6||7||8||9||10||11||12||13||.
|| [ Emory Fry] Cognitive  ||||||||||||||||||x||||||.
|| [ Elizabeth Newton] KP  ||1||2||3||4||5||6||7||8||9||10||11||12||13||.
|| [ Elizabeth Newton] KP  ||1||2||3||4||5||6||7||8||9||x||||.
|| [ Gora Datta] ?    ||1||2||3||4||5||6||7||8||9||10||11||12||13||.
|| [ Gora Datta] ?    ||||||||||||||x||||||x||||.
|| [mailto: Kathleen Connor] VA    ||1||2||3||4||5||6||x||8||9||10||11||12||13||.
|| [mailto: Kathleen Connor] VA    ||||||||||||||x||||||||||.
|| [ Andrew Statler] Cerner    ||1||2||3||4||5||6||x||8||9||10||11||12||13||.
|| [ Andrew Statler] Cerner    ||||||||||||||x||||||||||.
|| [mailto:bpech1@? Brian Pech] ?    ||1||2||3||4||5||6||x||8||9||10||11||12||13||.
|| [mailto:bpech1@? Brian Pech] ?    ||||||||||||||x||||||||||.
|| [ Mark Scrimshire] ?    ||1||2||3||4||5||6||7||8||9||x||11||12||13||.
|| [ Mark Scrimshire] ?    ||||||||||||||||||||x||||.
|| [ Vladimir Vasiltsov] CAGH    ||1||2||3||4||5||6||7||8||9||x||11||12||13||.
|| [ Vladimir Vasiltsov] CAGH    ||||||||||||||||||||x||||.
|| [ Huy Huynh] Amazon    ||1||2||3||4||5||6||7||8||9||x||11||12||13||.
|| [ Huy Huynh] Amazon    ||||||||||||||||||||x||x||.
|| [mailto:]    ||1||2||3||4||5||6||7||8||9||10||11||12||13||.
|| [mailto:]    ||1||2||3||4||5||6||7||8||9||10||11||12||13||.

Revision as of 18:19, 22 September 2016

DRAFT 2016 September Working Group Meeting - Baltimore, Maryland - SOA WORKING GROUP

Service Oriented Architecture (SOA) WORKING GROUP SESSIONS

Back to SOA Wiki: Meetings

Agenda and Meeting Minutes

Day Date Qtr Time AGENDA ITEMS Session Leader Room
SUN MAY 08 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .
MON SEP 19 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 Workgroup Overview / HSSP Intro / New Attendee "Jumpstart"
  • Provides overview of the workgroup, mission, charter, objectives, current work, etc.
  • Intended for all audiences.
SOA Guest Room 317
Q4 3:30-5:00 "Round Robin" Project Updates

Each active project collaborating with SOA will provide a 5-10 minute update on their current status and activities planned for the week. This is the best quarter to attend to receive an overview of all SOA-related work across all projects.

  • New HSSP cover page
  • PASS Access Control
  • PASS Audit
  • Clinical Decision Support on FHIR
  • Cross-Paradigm Interoperability Project Update
  • Coordination of Care Service - Tech Spec Status
  • Ordering Service - RFP Update
  • Event Notification/Escalation Service
  • HL7 Cloud Planning Guide Document
  • Pub/Sub Service
  • FHIR Connect-a-thon
  • SOA on FHIR
  • Scheduling/Resource Management Service
SOA Guest Room 317
TUE SEP 20 Q1 9:00-10:30 Joint With FHIR Infrastructure (confirmed)
  • SOA specification within FHIR
SOA Guest Room 317
Q2 11:00-12:30 Joint w/ Patient Care (Confirmed)
  • Care Coordination Discussion
SOA Guest Room 317
Q3 1:45-3:00 Patient Administration (Confirmed)
  • Scheduling Service Discussion
SOA Guest Room 317
Q4 3:30 - 5:00 Ordering Service and X-Paradigm Interop Discussions
  • Ordering Service Discussion
    • Walkthrough of ordering service technical specification work,
    • relationship to FHIR workflow activities, and
    • state of OMG submissions
  • X-Paradigm Interoperability Project Discussion
    • TBD
SOA Guest Room 317
Q5 Birds of a Feather
  • Open Source
WED SEP 21 Q1 9:00-10:30 Split meeting

1. Joint w/EHR, Security, CBCC, SOA, FHIR

  • See EHR Agenda for topics Electronic Health Records Hosting


2. Scheduling Service Continuing discussion

  • TBD

  • Constellation C
  • Guest Room 317
Q2 11:00-12:30 Joint w/Security (confirmed)
  • Joint SOA/Security Projects and concerns.
    • PASS ACS vote to request publication
    • HL7 Cloud Planning Guide Overview
    • PASS Audit
SOA Frederick
Q3 / Q4 1:45 -3:00 / 3:30 -5:00 Refresh of Service Functional Model specification process in the world of FHIR.
  • The current Service specification process involves both HL7 and OMG and generally defers technical implementation until further in the process. Given the energy around FHIR and the potential for lost opportunity to impact FHIR, this discussion will revisit our approach to determine better ways to align with and engage FHIR activities synergistically with SOA efforts.
  • Pisces
  • Guest Room 317
THU SEP 22 Q1 9:00-10:30 HL7 Cloud Planning Guide Work session
  • Presentation on Amazon Web Services by Zachary Huy.
  • Cloud Planning Guide Survey
  • Develop a Cloud blueprint sample
  • Flesh out draft document
SOA Guest Room 317
Q2 11:00-12:30 Hot Topics
  • TBD
SOA Guest Room 317
Q3 1:45 - 3:00 No Meeting .
Q4 3:30 - 5:00 No Meeting .
FRI SEP 23 Q1 9:00-10:30 No Meeting .
Q2 11:00-12:30 No Meeting .
Q3 1:45 -3:00 No Meeting .
Q4 3:30 -5:00 No Meeting .

Q1=9:00 – 10:30 am; Q2=11:00 – 12:30 pm; Q3=1:45 – 3:00 pm; Q4=3:30 – 5:00 pm

Back to SOA Wiki: Meetings

Business Meeting
Technical Meeting

Meeting Minutes Draft

Back to SOA Wiki: Meetings


- attendees:
  1. Workgroup Overview / HSSP Intro / New Attendee "Jumpstart"
    • Provides overview of the workgroup, mission, charter, objectives, current work, etc.

All of the attendees were already familiar and active in SOA so we opened the floor to anyone who wanted to share about what they are involved with.

Jerry Goodnough: Discussion revolved around changes happening to Pub/sub. As far as Jerry knows, no one on Patient Care who goes to OMG also attends HL7. Ordering Service - October 7 initial submission but likely will end up slipping that entry. Models are on HSBC.

Diana brought up the question regarding attendance at SOA All hands meetings

Ken: HSPC has agreed to own the project.

Vadim, Jerry, and Preston are planning to meet to discuss (what Ken introduced).

Vadim: Need to identify use cases which would lead to implementation guides.

Ken: The containerization and

We have 2 quarters this week looking at the HSSP/OMG process with HL7. Graham will be joining us Q4 Wed.

Right now it's a bit waterfall. Graham would like to see it more Agile.

Talking about FHIR-I joint meeting: What do we want that meeting agenda to consist of?

Mon Q4

- attendees: 10
  1. Welcome and Introductions: Went around and introduced ourselves
  2. Agenda Review, approval 10 attendees: Passed unanimously
  3. Round Robin updates
    • New HSSP cover page: Vincent displayed the new cover page on the HSSP.
    • PASS Access Control: Diana - Ballot reconciliation package has been uploaded. Will vote on to bring this to publication this week.
    • PASS Audit: resurrecting the previous effort. Using all previous work and comments. Will bring this to ballot in January 2017.
    • Clinical Decision Support on FHIR: (Claude not present) Manoj - Connectathon. Leveraged work on Decision Support Model work. CDS Hook is geared toward integration into the EMR. Claude is trying to establish an ongoing CDS FHIR connectathon every two weeks for CDS. Goal is to get the cycles going faster. CDS on FHIR is a methodology and series of resources for pulling information to support a CDS. This supports all CDS use cases.
    • Cross-Paradigm Interoperability Project Update: Ken Lord - all the objections in ballot have been addressed and resolved. Ballot reconciliation package has been updated. This was an informative ballot. Australia has been using this as well as folks in the US. Implementation guide is in 2 part, behavioral and informational (MDMI). On the MDMI, did information exchange using open source tools. Have had multiple implementations on the informational (MDMI) side of this guide. Expect to go into some pilots with some HIEs in the short term. Working with FHIM, VPR, DES among others. VA, as part of standards and interop, knowledge-based services (Ken Rubin). Australia has shown interest in MDMI and MDHT. Question: where do we go from here? Maybe provide some information on the HSSP website? This is an OMG standard.
    • Coordination of Care Service - Tech Spec Status: Emma - collaboration between patient care and SOA. Been through the STU phases and in the process of getting the FM published. Finishing up the publication request. Will submit the pub request this week. FM is based on the care plan DAM.
    • Ordering Service - Jerry - RFP Update: Currently at OMG. Letters of intent period has closed but don't know who has actually submitted a letter of intent. Initial sub is in Nov 7. Final submission date targeted for March but will likely slip to September. HL7 members are entitled to participate in OMG activities. May have some implementation by mid 2017.
    • Event Notification/Escalation Service: EPS and Unified Communication Service? Jerry isn't sure what is meant by this.
    • HL7 Cloud Planning Guide Document: Vadim - Market need to identify resources for a Cloud Service. Next step is to break it down and start writing a draft blueprint.
    • Pub/Sub Service: Reference implementation is still at OMG. Published. Good until Feb 2017. At the September 2016 meeting, review DSTU comments and see if ready to proceed to Normative in Jan 2017 or if more time is needed to implement before publishing then request DSTU extension in Jan 2017 meeting.
    • Unified Communications Service: Published. Good until Feb 2017. At the September 2016 meeting, review DSTU comments and see if ready to proceed to Normative in Jan 2017 or if more time is needed to implement before publishing then request DSTU extension in Jan 2017 meeting.
    • FHIR Connect-a-thon: See CDS - FHIR Scheduling resources - need to align with the Scheduling service. Ordering Service have a lot of behavioral components that aren't currently in FHIR. Clause was also integrating the Unified Communications Service with FHIR but not successful yet.
    • SOA on FHIR: This is going to be Q3-4 on Wednesday. Have some concrete proposals based on discussions between Graham and Ken.
    • Scheduling/Resource Management Service: Have a draft PSS. Will be finalizing this during the WGM.
    • All Hands meeting schedule and attendance: General consensus that we move to once a month, status update meeting. Other business to be discussed after the status updates as needed.


- attendees: 12
  1. Joint With FHIR Infrastructure (confirmed)
    • SOA specification within FHIR: Claude: Connectathon brief. Were able to connect the careweb into the HAPI JPA server, EPS, and CDS Manager. Ran into problems with the connection to the UCS. Claude did a short demo as much as he could but one of the servers that he needed wasn't available. Discussion on solutions to problem encountered.

The SOA specification pre-dated FHIR. Question is how we bridge that gap? Question are we creating APIs that can interface with FHIR or do we create FHIR APIs. How do we bring the two worlds together? How do you make the bridge btwn functional and behavioral? Vadim: Is there a conflict in the first place? The question is really one of design process? Because of our relationship with OMG, we are in the unusual position of implementation being ahead of development. 2 possible approaches:

  1. Use FHIR only as payload
  2. Use FHIR as the data end

What's available in FHIR (three pillars): PUB/SUB Operations

looking at the order service and the order resource in FHIR, what is the relationship. Jerry: simple question without a simple answer. Ken: how do we get consistent behavior across different implementations? Vince: FHIR spec of operations should do that. Discussion on possible solutions led to the conclusion that we may need to create an implementation guide for a specific service, such as scheduling service. Need to figure out how this implementation guide would fit into the OMG process. How do we move from waterfall to more Agile in developing SOA spec. Right now you need to have a completed STU before moving into the OMG process. We want to move to some parallel development of STU, FHIR resources, and OMG project.

Work these questions in the CDS project.

Catalog service: If trying to do CDS that is evidence based, difficult to do this because of different vocabularies in different systems. The catalog service helps to keep all catalogs in sync. This includes vocab and bindings/constraints associated as well as the ability to constrain using context.

We will have a joint meeting between SOA and FHIR-I at the January WGM. Diana will make that invitation.


- attendees: 
  1. Joint w/ Patient Care (Confirmed)
    • Scheduling Service: Update - Working on the PSS which will be distributed to Patient Care to be a co-sponsor. This is a PA sponsored project.
    • Care Coordination Service SFM -
    • Care Coordination Service Publication - Laura H.: Missed publication date. Working on the publication request. Will send the publication request to Ken and cc Diana in order to finish the request.
    • Care Plan - Ken updated Patient Care on where this project is with OMG.

Care plan: Emma will send Diana a link to information on this.

Ken is an OMG Co-chair which makes it difficult for him to be directly involved on any OMG submissions. Ken described the OMG process. The important part is that we come through this process with something that Patient care is willing to accept (ie: any deviation from the STU is understood and accepted).

Mega-Joint meetings: Early in week having joint meetings with multiple WGs so that only go through the slides once.

Next steps:

  • Continue having a joint meeting (ambassador coming from Patient Care). Make it a three-way joint between Patient Care, SOA, and Patient Administration? Approach Brian (PA co-chair) to see if this consolidation proposal will work.
  • Patient Care is contemplating having a quarter that is all care plan/care coordination. Targeting Thurs Q1 for this.
  • Laura has action to send publication request to Ken.
  • Ken has action item to send PSS for scheduling service to PC.
  • Ken to get to clarity with Wayne on the HL7 vote to OMG on Care Coordination.
  • Patient Care has expressed interest in scheduling service as a possible co-sponsor.
  • If aware of other folks with interest in care plan resources and bring them to OMG's attention.

12:15 - Adjourned the Patient Care meeting.

New discussion - SOA Ontology - what do we do with this? Maybe kill the project in HL7 and find another group who wants to take it on? Decision: Kill the current project and explore other options if we want to resurrect the project.


- attendees: 7
  1. Patient Administration (Confirmed)
    • Scheduling Service Discussion: Finished up the PSS for scheduling service.

Motion by Cooper. Seconded by Diana: SOA WG recommends that PA accept the PSS for Scheduling Service as posted on 9/20/2016. Passed unanimously: 6/0/0

Cooper was asked about making the joint meeting Tues Q2 to include Patient Care and Patient Administration. Keep Tues Q3 as joint with PA.


- attendees: 8
  1. Ordering Service Discussion
    • Walkthrough of ordering service technical specification work,
    • relationship to FHIR workflow activities, and
    • state of OMG submissions

Jerry presented the SFM diagram and a draft version of the PIM data Model. Requirement Association, status and requirement will be changing in the PIM.

Will show curated content in the PISM.

Not just an order execution service any more. Allows for advice and changes in the process.

Order catalog management is the other part of the specification. Building and dist of evidence-based catalogs.

Claude has agreed to blaze the trail with FHIR and catalog stuff.

Changed language from "fuzzy" query language to explicit language.

Still looking for a good work-flow model. When we get to PISM will need to determine the FHIR workflow.

This is posted to

Now have a reference type which allows us to associate certain information to validate the order.

Would like feedback into the FM.

PIM: you can have semantic profiles. At the PIM level you can get away with less strong typing.

Getting key data elevated in order to be able to do first order processing.

Referrals are in scope.

Timeline: Nov 7 submission. Order catalog is behind by about 6 months.

Suggestion to do a peer review in January.

Action item: Ask for an extension on for Pub/Sub and E&S during the Jan 2017 meeting.

  1. X-Paradigm Interoperability Project Discussion
    • Action Item for Ken Lord: Need to make sure that the ballot reconciliation package has been uploaded.

WED Q1: Split meeting

  1. Joint w/EHR, Security, CBCC, SOA, FHIR (See EHR for meeting minutes)
- attendees:
  1. Scheduling Service Continuing discussion


- attendees: 

1. PASS ACS vote to request publication.

Ballot completed and reconciliation package uploaded. All negative votes have been withdrawn.

Motion – Proposed: Mike Davis Seconded Trish Williams

“SOA approves PASS ACS project go forward to publication as Normative”

Vote 11/1/0 Motion passes.

Mike and Kathleen will help Diana with the publication request formalities.

2. HL7 Cloud Planning Guide

Ken Rubin informed the meeting of current progress with the HL7 Cloud planning Guide document can be found at

Survey on this topic conducted since last WGM – 3 page questionnaire taking 15 minutes to complete

  • 50 responses
  • 70% USA, 20% Europe, 10% Asia

70% indicated there were residency policy restrictions for where Health data can be hosted.

Ken went through results which demonstrated wide interest – they will be published on the wiki in the near future. There were two areas where there were Health specific issues one of which was security. However, we could not get security involvement previously.

Now SOA is once again seeking input.

Mike Davis – increased interest due to new solutions from Amazon and Microsoft with security adequate for healthcare data/HIPAA requirements. Renewed interest in software as a service (SAAS). Further work will be undertaken on this Q1 Thursday following a presentation by guest speaker from Amazon web services and plans for Health data in the cloud.

Japan – Amazon in Tokyo is bound by the USA Patriot act under which the FBI can block access to data. Japan thus currently requires separation between private and public cloud.

The intent of the document is (i) make people aware of what the issues are, (ii) where to look for possible information and solutions, (iii) Identify patterns that may be useful

Plan to ballot as informative document for January cycle. TCs bi-weekly. Trish Williams indicated she would like to participate, Mike David will look at document and let us know. Microsoft have indicated they will provide a participant. Kathleen will provide some references.

Kathleen – after completing this may need to revise privacy and security recommends to take into account specific cloud issues. Trish to look at what work is relevant at ISO TC215 WG 4.

Action items:

  • SEC to access the PSS in order for them to consider being added as a co-sponsor.
  • SOA to send document to security – completed.
  • Times for calls to be changed to allow Australian and European participation ?4pm eastern

3. PASS Audit

  • Documentation on the HL7 wiki
  • Previously balloted document has been used as starting point and the previous ballot comments are being reconciled.
  • Plan to have updated document by end of October for distribution to SOA/SEC
  • Plan ballot in January. There are weekly calls Wednesday at 4pm Eastern

4. Future plans

  • Roadplan document that had been produced some time ago was discussed:
  • Possibilities for future services

(i) Identity resolution and trust

(ii) Consent administration

(iii) Authorization

(iv) Mask

(v) Encrypt/decode

(vi) Anonymization/pseudonymization

(vii) Sign

(viii) Pseudonym service

  • NIST has published a SHA-3 standard which VA is recommending

There may be some interest in consent and mechanisms for transmitting consent between organisations.

How to take security SFMs to PSMs?

  • Integrate into FHIR as service
  • Use an alternate SDO to OMG that is specific to security

Alternatives discussed – to be resolved.

Mike Davis to consider VA support for an OMG process for the Security Services.

SOA Joint meeting with Security will take place at January WGM.


- attendees: 13
  1. Refresh of Service Functional Model specification process in the world of FHIR.
    • The current Service specification process involves both HL7 and OMG and generally defers technical implementation until further in the process. Given the energy around FHIR and the potential for lost opportunity to impact FHIR, this discussion will revisit our approach to determine better ways to align with and engage FHIR activities synergistically with SOA efforts.

Created a preliminary SOA process ppt for working with FHIR.

HL7 OMG vote is a lever we can use.

Grahame moved. Jerry seconded. Motion to accept the process as discussed and described in the SOA-FHIR Process PPT. Passed 12/0/0

Concurrent development by breaking the development of the STU into different work threads which are developed concurrently in order to speed up development.

FHIR implementations can start before the STU is balloted.

Action item: Need to think through how we engage the community, eg. through the FHIR connectathon process.

Vic: One possibility is to specify test specs for the developers/implementers. Ken: There is no shortage of, or consistency of, test specs. I (Ken) don't want to take that on at this point.

Update on OMG: 1. Letter of intent: last week the coordination of care submission team voted to open up the LOI through the end of 2016. New initial submission date is March 17, 2017. Slips the final date a little. Want to align with FHIR. 2. EMR: Create a set of curated workflows that can be ported. Going to have a workshop at the OMG event, 1st week in December in Coronado, CA. Blurb on the OMG site will be up sometime next week.

Thurs Q1

- attendees: 9
  1. HL7 Cloud Planning Guide Work session
    • Presentation on Amazon Web Services by Huy H.

Introduced himself and did a brief description of cloud.

Healthcare on the cloud: 83% healthcare orgs are on cloud. HIPAA's change to definition of business associate means that the cloud provider is a business associate and therefore you need a business associate agreement with the cloud provider. There is a shared responsibility. Cloud provider is responsible for:

  • facility operations
  • physical security
  • physical infrastructure
  • network infrastructure
  • virtualization infrastructure
  • hardware lifecycle management

HIPAA compliance is up to customer at this point in time. If AWS can have a list of HIPAA compliant service providers available

Cloud provider responsibilities

  • Implement appropriate safeguards to prevent unauthorized use of disclosure of PHI
  • Report incidents that constitute breaches PHI
  • Make available to HHS its internal practices, books, and records relating to the use and disclosure of PHI
  • Any subcontractors must agree to the same restrictions and conditions

to which level of access they control

Does AWS help figure out where the breech happens? yes. Their incident team will help to pinpoint where the breech occurs.

AWS is in the business of data centers

Redundancy for Denial of service or outages? depends on which service you are using. If using software as a service (Like dynamoDB) where there are multiple availability zones. Infrastructure as a service, not necessarily. Platform as a service, you go to the platform vendor.

Hypervisor - multiple virtual machines

Customer Responsibilities

  • Only process, store, and transmit PHI using HIPAA designated accounts and HIPAA-eligible services
  • Encrypt PHI in transit and at rest, access control, and network isolation.
  • Use hardware dedicated virtual compute instances
    • Dedicated instances are physically isolated at the host hardware level from instances that are not dedicated and from instances that belong to other accounts.
  • Must record and retain activity related to use of and access to ePHI
  • Must have contingency plan to protect data in case of emergency. Back ups are the responsibility of whomever controls the database.

HIPAA dictates that there needs to be a dedicated PHYSICAL server for the data. This brings up a question of tenancy. For US health customers, what are the data tenancy requirements? Is there a tenancy requirement that data not leave the state? If that is the case, there are no cloud data center in Utah because they don't have the infrastructure already in place (fiber trunk). Need to investigate if there are data residency requirements at the state level.

AWS HIPAA Program is FedRAMP certified for government use.

AWS HIPAA Eligible Services

  • Customers may use all services within a HIPAA Account.
  • Customers may process, store, or transmit ePHO using only Eligible Services.
    • EC2
    • EBS
    • Elastic Load Balancing
    • S3 - storage service
    • Amazon Glacier - Archive service
    • Amazon Redshift - data warehouse built to analyze data fast
    • Amazon DynamoDB
    • Amazon RDS for MySQL
    • Amazon RDS for Oracle
    • Amazon EMR (elastic map reduce(?))

(Diagram: first red outline - public subnet second is private subnet. All data in transit needs to be over SSL.) There are other architectural services available which don't touch PHI but which can be used to support none PHI data and infrastructure.

Thurs Q2

- attendees: 5
  1. Hot Topics
  • Round Robin de-brief on week.
    • Vince: Glad the new services are moving forward. Good representation of services at connectathon and incorporation of services resources in FHIR. Pleasing that SOA and FHIR are moving forward to work together and that we are being pushed to be less waterfall and we've pushed them to be more structured in behavior.
    • Ken: Each quarter was geared toward moving toward an objective rather than just doing an update. Found the meetings to be very productive.
    • Joint EHR/Security/CBCC/SOA meeting:
      • Action item - bring order service and scheduling service for inclusion on the Joint EHR agenda. What other items need to be included on that agenda?
      • Action item - need to improve communications. Haven't done a webinar in a while. Could put together a webinar on SOA services.
      • Huy: (Looking at HSSP website diagram) missing monitoring service (devices)in application swim lane and service registry.
      • AI: Refresh the SOA Practical Guide. Among other things, add the FHIR process.
  • Kudos to Diana for bringing us into Green.
  • Administrivia.
    • 3 year plan?
  • Repository of service models
    • do we want one? Definitely desirable.
    • Possibly use HingeX? Put it on the HSSP website?
  • Cloud
    • AI: Trish Williams will follow up on how the Patriot Act affects international customers. (In all likelihood, this is high impact, low probability.) Does the Patriot Act affect a data center that is physically located outside of the US? Depends on how the cloud provider company is structured.

Elasticity is accomplished through provisioning to a different machine. Containerization

Walked through outline of Cloud paper: This is not a paper that folks will be reading cover-to-cover as opposed to cherry-picking the parts of the paper that apply to them. AI: Huy is willing to address section 5. Cloud Maturity Model. Self-survey.

Blueprints are design patterns.

  • What is the structure that we should follow?
  • may be more about business objectives.
  • multi-cloud design pattern

Brought up the Cloud survey.

  • Maybe use the "Our principle interests in Cloud are based upon" responses as the categories for the blueprints?
  • Big data analytics strong driver
  • don't really have an ROI section in the white paper. Add a section for helping to determine ROI for moving to cloud.


SOA Attendee 1 MON Q3 2 MON Q4 3 TUES Q1 4 TUES Q2 5 TUE Q3 6 TUE Q4 7 WED Q2 8 WED Q3 9 WED Q4 10 THU Q1 11 THU Q2
Ken RubinSOA Co-Chair/VA x x x x x x x x x x .
Diana Proud-MadrugaSOA Co-Chair/VA x x x x x x x x x x x .
Vincent McCauley SOA Co-Chair/Telstra Health x x x x x x x x x x x .
Stefano Lotti SOA Co-Chair
Vadim Polyankov Inovalon x x x x x x 7 x x .
Dan Morford Book Zurman x .
Dave Carlson Book Zurman x x .
Sean Muir VA x .
Andy Bond NEHTA
Robert Bishop VA
Nancy Orvis DoD
Russell Ott Deloitte
Trish Williams Edith Corvan Univ x .
Jerry Goodnough Cognitive Med. Sys. x x x x x x x x x .
Chris Shawn VA x .
Mohammad Jafari x .
Duane DeCouteau VA x .
Mike Davis VA x .
Johnathan Coleman ONC x .
Don Jorgenson Inpriva
Hideyuki Miyohara HL7 Japan x 8 9 10 11 12 13 .
Josh Mandel Children's Harvard x .
Kevin Shekleton Cerner x .
[mailto: Yunwei Wang]
[mailto: Maxim Abramsky]
[mailto: Raphael Majeed]
[mailto: Artem Sopin]
Laura Heermann Intermountain Healthcare x .
[mailto: Martin Rosner]
Emma Jones Allscripts x x .
[mailto: Steve Hufnagel] .
[mailto: Raheem Daya] McKesson 6 7 8 9 10 11 12 13 .
[mailto: Shane Loney] McKesson 6 7 8 9 10 11 12 13 .
Claude Nanjo Cognitive x 6 7 8 9 10 11 12 13 .
Lorraine Constable Constable Consulting x x 7 8 x 10 11 12 13 .
Greg Gustafson Penrad 6 7 8 9 10 11 12 13 .
Daniel Laupheur McKesson 6 7 8 9 10 11 12 13 .
Bryn Rhodes ESAC 7 8 9 10 11 12 13 .
Preston Lee VA, Arizona State University x x x x 7 8 9 10 11 12 13 .
Ken Lord VA x x 5 6 7 8 x x 11 12 13 .
Juha Mykkanen HL7 Finland/National Institute for Health and Welfare (THL) Finland x 6 7 8 9 10 11 12 13 .
Bryn Lewis Intelsoft x x x 7 8 9 10 11 12 13 .
Manoj Sharma Allscripts x 6 7 8 9 10 11 12 13 .
Chana West ESAC Inc. x 6 7 8 9 10 11 .
Kevan Riley Infor (?) x x .
Zach May ESAC Inc. x .
Rashedul Hasan FDA x .
Cooper Thompson Epic x x .
Karl Holzer CGM x .
Oliver Krauss University of Applied Science Upper Austria x .
Alexander Mense HL7 Austria x .
Grahame Grieve x .
Victor Harrison OMG x .
Emory Fry Cognitive x .
Elizabeth Newton KP 1 2 3 4 5 6 7 8 9 x .
Gora Datta ? x x .
[mailto: Kathleen Connor] VA x .
Andrew Statler Cerner x .
Brian Pech ? x .
Mark Scrimshire ? x .
Vladimir Vasiltsov CAGH x .
Huy Huynh Amazon x x .
[mailto:] 1 2 3 4 5 6 7 8 9 10 11 12 13 .
[mailto:] 1 2 3 4 5 6 7 8 9 10 11 12 13 .