This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 16, 2018 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page


Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Diana Proud-Madruga . Johnathan Coleman x Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall
. [mailto: ] . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security Main Page


  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of Minutes
  3. (10 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  4. (10 min) TF4FA Trust Framework, Volume 3 - Update Mike, Chris
  5. (05 min) Review Security WG 3 Year Plan - Kathleen
  6. (05 min) Check out Security WG Confluence site - Kathleen
  7. (10 min) FHIR Security Update - John
  8. (05 min) GDPR whitepaper on FHIR Update - Alex

Back to Security Main Page

Meeting Materials

  • 201809 Connectathon video for the integrated Care Plan, Clinical Reasoning, and Consumer Mediated Exchange tracks, which featured a Break the Glass scenario. Break glass scenario demonstrated a technical approach to balancing patient safety with patient privacy. Betsy, the starring persona, has used a FHIR consent directive to restrict access to her mental health care plan by all of her multiple distributed care teams other than her mental health provider and CDS'.
  • Betsy's endocrinologist is about to order an opioid to treat her diabetic neuropathy pain based on her medication list, which masked the mental health medication, Xanax based on her consent directive. The endocrinologist's CDS throws a drug-drug counter indication warning based on a CDS Hooks card.
  • The warning gives two options to the endocrinologist, either Break the Glass with notice about being audited or to ask the patient if there are medications that are not shown on the medication list. If the provider takes the Break the Glass option, the endocrinologist will be shown her mental medication list, which includes Xanax and a recommendation to prescribe Gabapentin instead.
  • If the endocrinologist takes the second option, he will explain to Betsy that there is a potential drug-drug counter indication. The endocrinologist then asks if there are some medications that Betsy hasn't authorized him to see. Betsy decides to tell him about her mental health prescription for Xanax. Using her mobile app for Right of Access directives, she directs the app to only retrieve her mental health medications from either her mental health provider's EHR or optionally from those records that are accessible through the mental health provider's HIE. Because Betsy is exercising her Right of Access on her own behalf rather than delegating that right to a third party app to exercise on her behalf, she does not need a signed Right of Access directive. So in this case, a simple click on the app's OAuth authorization button is sufficient. The app returns her mental health medication list, which indicates that Xanax is her currently prescribed anti-anxiety and antidepression medication to treat late onset PTSD related to combat. The provider then requests a list of alternative non-opioid medications for diabetic neuropathy pain. CDS-Hooks returns Gabapentin as a recommended alternative pain medication. The endocrinologist discusses this with Betsy and she agrees to try Gabapentin instead.

Back to Security Main Page

Meeting Minutes DRAFT

Chair, TBD Roll Taken, Agenda reviewed, updates made as requested

  • Motion to approve 9/18 meeting minutes
  • Move / Second 0-0-0

TF4FA Ballot Reconciliation

Reviewed Ballot comments: 129 - 161 for vote next week 10/23.

  • PASS Audit document update
  • Volume 3
  • Security WG 3 Year Plan
  • Securithy Confluence
  • FHIR Security Update
  • GDPR whitepaper on FHIR Update

No additional discussion items brought forward Meeting adjourned at 1258? --Suzannegw (talk) 21:55, 19 September 2018 (EDT)

Back to Security Main Page