DRAFT IN PROCESS - Suzanne working on

Back to CBCP Main Page

Community-Based Care and Privacy (CBCP)

formerly Community Based Collaborative Care (CBCC)

DRAFT 2018 September Working Group Meeting - Baltimore, Maryland, USA - CBCP WORKING GROUP

• HL7 WGM EVENT Page Link
• On-Site Meeting Schedule ,
• BROCHURE Link
• [wiki.hl7.org/index.php?title=FHIR_Connectathon_19 HL7 FHIR Connect-ta-thon]
• Security WGM Agenda HL7 WGM Baltimore Agenda

Community-Based Care and Privacy (CBCP) WORKING GROUP SESSIONS

Q1 = 9:00 – 10:30 am / Q2 = 11:00 – 12:30 pm / Q3 = 1:45 – 3:00 pm / Q4 = 3:30 – 5:00 pm

Back to CBCP Main Page

Agenda and Meeting Minutes

Back to CBCP Wiki: Meetings

Back to CBCP Main Page

Meeting Minutes Draft

Back to CBCP Main Page

https://www.hl7.org/permalink/?WikiMinutesTemplate

Minutes DRAFT

10/1/2018 MONDAY Q1

Chuck Jaffe

• Need for standards- fire hydrant example
• ROI electric sewing machine, change management

Argonaut project started to implement FHIR Da Vinci project -vision of advancing... Biopharma embracing hk7 FHIR for clinical trials CTDA translational science. Collaboration w community for gene therapy Sync4science FHIR use to digitize genomic data Consortium for agile genomics

VA open API project (formerly lighthouse) api gateway (gateway pledge) HL7 standards as a service

Under HL7 applications roundtable

• Death on FHIR
• Automation in FHIR

Keynote Session 1: Update from the National Coordinator (Donald Rucker, MD ONCE for HIT, HHS)

ONC for HIT has renewed comprehensive agreement for 2019 fiscal year

Don Rucker, MD; ONC HIT DHHS Keynote speaker 1 Update from the National Coordinator

What is the business case? It’s what is missing in interoperability—computer age, apparently computers don’t talk to each other automatically Agreement of 20th century CURES Act

Keynote Session 2: Sagran Moodly, Senior VP, UHC Clinical Data Services & Technology at United Health Group 2nd speaker. ‘’Datagility’’’ IHR APIs Enables Workflow Integration

DA Vince Initial Set of Use Cases – Project Deliverables… (slides deck available?)

(at break) Conversation with John Ritter – school health – community based for more rural areas who are not able to get to behavioral health treatment area • Ability to get to RN at school facility o Possibility to expand o During snow times, patient-child unable to reach clinic/hospital for treatment 10+ mi away… BUT may be able to reach school RN 3 mi away o Assist for emergency treatment? Behavioral health?

MONDAY Q2 Keynote Session 3: Stan Huff, Intermountain Healthcare CIMI – Detailed Clinical Information Models creation Putting limits on numbers for LOINC or SNOMED Observable Taking models and creating a store/repository, using a core reference model and using explicitly terminologies (RxNorm SNOMED CT, etc.) creating a standard representation of the information This is platform independent; create translators – which create HL7 FHIR Profiles BUT also share information CISC, HL77 CDA, x12, NCPDPD, etc.--- if this corresponds to a new project, we can work with you to put into the CDISC format, etc.

Interoperability pyramid V2 - Structure, few terminology constraints FHIR – Structure, generic LOINC Argonaut – common resources, extensions and some specific LOINC and SNOMED binding CIMI... preferred structure, standard extensions explicit LOINC and SNOMED, units, and magnitude

Q3 Monday – Joint CBCC-Security

Welcome and Introductions 1. eLTSS – Update to WGM Agenda: TUE Q3 ADD – Consent / Pilot implementation how they are using consent (Grahame will be in attendance GDPR Chat-a-thon – should be WED Q4 Q1 Thursday – may not be needed if resolved Tuesday Q3 PSS (new) due to HL7 office; ‘’’eLTSS Update ‘’’ Ballot artifact ‘white paper’ – September 66 comments, bulk affirmative; handful are negative If interested in face-to face comment, Discussion on table for eLTSS update – to develop IG to use the body of work completed for eLTSS PSS to be completed at WGM (intent)

‘’’TEFCA general discussion’’’ Trusted exchange for Published by ONC HIT, framework for exchange of information through trusted exchange • public and private institution • out for public comment, comments received by ONC and are under review VA commented on behalf of federal agencies (aligned) one comment made by Mike was regarding efforts from HL7 with respect to SLS in trying to get SLSL for privacy included in TEFCA. • Has been difficult – different viewpoints on implementations, and opposing viewpoints o Supposedly mandatory – for interoperability we hope this to be picked up; o Also influencing discussion on DURSA or (TEFCA light”) one of those items influence things is he requirement for labeling CUI. Have not heard if fed agencies needs to do this from ONC perspective—from agency perspective we plan to incorpo¬rate. Within HL7 messaging the intent is to add CUI for healthcare as well as the SLS; all that goes together that is a change needed in HL7 to include. This has no healthcare relevance, but it is something recipients of healthcare information from federal agency now have as a requirement they must accept message with CUI labels---into systems. ¬Federal agencies have an enduring interest in the ability from recipients to receive it. Potentially affects some of the work being done to HL7. o Kathleen – SLS standards – we have the capability to add to the product line (CUI); need a code to add so that it renders; part of the harmonization proposal in November o TEFCA aside; CUI regulations … there should not be anything which should stop the submission. o Ken Salyards – if patient directed; CUI does not apply – do not need to stick labels on items that are not needed; o Need to make clear – Kathleen will check in with Ken Salyards to confirm the information being submitted; Kathleen says must be persistent downstream

Is Privacy Obsolete – Mike Davis • An ugly subject <<PPT>>, <<Report>> Looking at privacy in Japan, India, Australia, GB, US – it was an arrogant assumption that we could do this—turns out there are huge resources available. significant amounts of information on privacy—several papers and comparisons; articles on research groups and papers; • Unable to replicate the data into a single paper, not enough resources • Report out; • Roadmap of topics to get reader going. What become clear was privacy definition was dependent on o Personal views o Where you live o Privacy depends on as an enterprise, as a company o Definition may or may not be compatible – must define context • Sections: o Viewpoints o Law – straightforward o Privacy breaches / data o Big data statistics • General observations • Several references, urls

Executive summary – encapsulates learned items from summary; privacy today is substantially different from the past will deem view of privacy – • Prior to internet – information about people was accessed differently • EHRs were completed on paper (or stone tables); o Currently millennials – existing into today’s culture of sharing; the benefits which we get for free is worth giving up some of our information – o However, this also incurs several breaches in data  Facebook; o Big healthcare organizations are fined for breaches  i.e. Boston, MA; hospital healthcare breach (John Halamka) patients received no compensations despite the breach. • If you file a lawsuit; the courts want, you to show ‘harm’ • Justice Sotomayor suggested that the US legal systems do not support the report of breaches. (must specify type of breach in detail) • The best credit monitoring (to follow) for breaches • Case was contested and thrown out – they couldn’t prove that harm came from a specific breach – i.e. beach may have come from social media, etc. o Overall there has been a serious decrease in privacy – the younger generation do not see/understand the decrease; it’s impossible for their generation to live without Instagram, Facebook / social media;  hard to say from a personal point of view;  from a legal view POV several laws, several violations, in healthcare have only resulted in a slap on the wrist but that’s about it o Ken Salyards Just as in 42CFRPart 2 – everyone claims to deal with Part 2; there are no court cases (?) that has one Part2 case involved—never been tried in court wherein you’ve breached my data. o Jim Kretz Neither HIPAA or part 2 have a right of action… recourse? o Johnathan Coleman – NY Presbyterian hospital – in additional to the 99,000 each entity will provide corrective action plan to correct for employees o There is an initiative in California (CA)--similar to GDPR, the legislature in CA—the businesses Facebook, etc., have passed a GDPR light legislature with input from the social media companies so that they would be happier with the legislations. That said CA has the strictest privacy laws in the US. GDPR is having an effect in the US; if GDPR is a good thing for privacy—unsure if its going to impact personally for now. The Google/Facebook have leverage in the o Beth Pumo – also ISO PC317 – Facebook, Google, Facebook… new US TAG; these are the players driving the agendas • Review of paper sections… o Privacy Advocacy Groups • Algorithms are written, and humans are unable to understand. • Conclusion/Findings are as discussed in the Executive Summary

In the proverbial; with the rise of city we had a short - we are back to our hunter-gatherer roots of privacy

‘’Why care – your privacy is a right you haven’t always had’’

Definition of privacy – in standards there is no definition for privacy; last year in December, WG 5 engaged in a discussion of privacy definitions—in the end, they could not find a definition. We know what privacy is when we see it;

• when I protect my privacy-its privacy
• when you protect your privacy – information blocking,

‘’’FHIR Security and Privacy – John Moehrke’’’

• walk-through of FHIR Security; location

FHIR Build – current build; opening page ‘’security and privacy module’’ Informal; 6.01 – introduction 6.02 security owns: Consent, Provenance; Audit Event; Datatypes Signatures Implementation Guidance and Principals security principals; security labels, signatures

‘’The following common use-cases are elaborated below:’’

• list

POC: John Moehrke – change requests, update to the FHIR build We don’t’ have the ability to put normative statements or policy in 6.1.0 page

Recommend: writing more security/privacy IG

• SMART on FHIR is an IG, they closed their ballot today;
  • they are breaking the Argonaut SMART on FHIR but are now ready to correct that in next version

FHIR-I/Security joint project for SMART on FHIR; Working activity to make FHIR page more approachable.

QA – Joint HL7 Australia (Trish)– original did opt-in my myHealth record; then review change to opt-opt changing legislation with 3-month trial; everyone has 3 months to auto opt-in; Senate inquiry into the problems with system and security is poor. Unsure if in-or out; changes being made to myHealth record • Grahame – requested federated architecture for my health record (and include FHIR?)– trying to consider • How individ environment? - unsure if they will decide---government will it everyone

HL7 Japan (Hideyuke) - Discussing health care network information sharing with all health services; government desice master schedule and govt decide to start full service at 2020. And open the master schedule and are examining some use cases such as information gathering and showing, prescription sharing and PHR and EHR connection. and using some domains; next year 2019 we made porotype system for Japanese infrastructure and result is the final system for 2020 - *currently define the environment of the prototype, next type will implement for system; at the same time, we use healthcare ID which do not have currently; currently have numbers for tax. But cannot use the same ID system for healthcare. New system will be developed and defined only for healthcare in 2020. Preparation is making a connection system called “health number” “my number.” - In 2020 – we can point to information connected by HealthID and HealthID network… closed focused network IP6; 2-channel security kept by IP6 VPN, Tier 2 – patient agreement system currently underway. Opt-in/out can be requested by patient, linked. patient portal is accessible by all patients. Patient can see services can be access/information shared. If patient doesn’t want to show they can opt-out (check system); if they want to show organization can opt in. - Full service by 2020

Netherlands Working with the GDPR – not going great; people are lacking the tools to implement in legislations. Lots of work to get up to scratch.

Alex – Nothing new aware of; we have started networking and information security directive for the EU commission. In Austria the hospitals are critical infrastructure and have to implement specific security measure from cybersecurity law—probably the same in EU countries. One more regulation to come EU privacy information which follows the GDPR electronic services.

Chris – US realm specific From VA perspective; Mission Act is the big thing. The ability to share information in accordance HIPAA TPO without speciation operations-their information cannot be redistributed. Briefly spoke of CUI which is an issue in an interopoeratbilty realm. There is a CUI working group trying to determine the policy. The governing regulation 32cfr2002 says cannot mark cui until you have a policy. Currently we do not have policy---draft policy being reviewed DURSA, TEFCA current documentation that is out there.

• data categorization – Chris has been pushing over the last year to not automatically as ‘high’ accordance with NIST FIPS 199 and SP 160 (?) where some categories can be marked as moderate. There is no appetite for that in VA---because ‘all should be high—this is my information’ getting some traction in IT but not necessarily in VA.

Classification of data • Previously categorization CUI is relatively new thing; inon-national information (not secret but still important); was decided what was/what isn’t classified; NARA…has indicated could be a type of CUI—then it needs to be appropriately label. Cradle to grave – Any data between government and Kaiser – in additionto controls in place…?

• patient initiated exchange

800-63. FIPS199 published in 2008 – doesn’t have a use case for interoperability because it didn’t exist as it does not (use case: ‘delivery of care’) but doesn’t detail to surgery or clinic

What te different between moderate and high---is it needed? (give a further evaluation rather than mark as all high) do you know the difference bet med and high DHAPI77 – DoD is zeroing on the new cui instruction – currently out for signature almost ready for instruction (8582-1?)

SAMHSA – url: (OMNIBUS) ocpdemo.consent2share.org/ocp-ui <<link to video>> from Ken Salyards

care coordination dashboard; looking at patients (Sara Thompson); showing the SMART on FHIR apps authorizing consent to share consent2share is an application built to support 42CFW Part 2; add a new consent; we can support general designation and allow.

• we can make information available to entire care team; as care team members are added—any disclose of the (getting down to practitioner level)
• log in is audited, provenance; information that is displayed also relates an audit record.

POU – ability to edit Signatures are captured by attestation, Federal projects roundtable on Wednesday

Asymmetric ONC – won challenge; now a refence for java script … adheres to all security guidelines (oaught) attempts made to hack in (available on GitHub); its out there

<<URL from Andrew Marcus>> from reference asymmetric.com/asymmetric-FHIR

Mike Davis – Still doing reconciliation for TF4FA; in the meantime, new project around provenance. Initial draft with intent to ballot in January – Volume 3 TF4FA; Part of PSAF;

20 minutes: Ballot reconciliation spreadsheet: <link> https://gforge.HL7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20181002_sgw.xlsm Ballot document links for ballot reconciliation: <<link>> https://gforge.HL7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/Ballot%20Documents%20for%20reconciliation

<<Document: IN PROGRESS – HL7 TF4FA Volume 3>> NEED LINK/email sent to Mike/Diana Proud-Madruga/Chris Shawn 10/3 Data provenance – originally tended to an audit ballot document • Lifecycle events (Gary has also put through) • Work with EHR on connecting audit with lifecycle vents and audit – using that to relate these items; from the audit specification that has balloted but not published, describing how audit works; similar to how provenance might work. • Security has clients that are established and collected and has feature that store into a repository, very similar to how a provenance model will work. Policy will dictate to which lifecycle they are interested in. • We have a federated provenance domain – that submit provenance to a provenance service they are told to the provenance… <<check recording 7:30>>

Ready or the WGs to peer review and provide comment – in prep for the January ballot; all part of the previous PSS

Announcement: remind everyone to vote for co-chairs; Re-elections Johnathan Coleman; Dave Pyke Trish Williams for Security.

Meeting adjourned 4:45 PM Baltimore

TUES Q3 – Joint CBCP, Security

Role / brief introductions, Agenda review • (Kathleen)Taking sensitivities and mapping to known law—there are nuances that may make a necessity to change. Default security labels needed for a particular region • (JohnM)Possible add to HL7 confluence (and have a pointer, link) for those mappings for FHIR resources and/or GitHub. • JohnM What is API key – when/where is appropriate to use, tie into a vocabulary… yes, my service uses an API key, and this is where you go to get the key o Person Resource – some of the WGs working on resources are creating a ‘security considerations’ or the like….as in the security and privacy cookbook—WGs are noting—however, looking across the board—the resources within FHIR breakdown to be anonymously available (value set, etc.) and/or sensitive to a business but not necessarily an individual. There may be several categories that overlap (i.e. provider) o Your final result is your consideration/deviation for security and privacy … we would like to make more concise across the board. Information blocking vs protecting information vs information security vs • A FHIR has a compliance requirement that you publish a capability statement

Q4 – Joint CBCP and Security

Consent Contract On Agenda: ONC Patient Choice Pilot, MiHIN Presentation White Paper first round – outline to be completed by Kathleen; SLS – talk about SLS provisioning using • Privacy tagging – Michigan health code changed… before TPO, coordination of care (not defined in health code)-p providers were not sure without a definition o Result was the privacy tagging, (where…?) generally have been more o In order to work with MiHIN, query to see if consent was on file; send information if on file with a privacy tag; if not available  Purpose of privacy tag was for information; there are more tags than just the two—as POU, Normal, a high-water mark—demonstrated on a v2 security label as well as with CDA spec  Default tags are being used: state wide (Michigan);

eLTSS is working on their ballot reconciliation - they are speaking to the commenters and working on the resolutions Security and Privacy Outreach for member recruitment

Bo Dagnall – report out of the FHIR Connectathon

• Perspecta company – spend time on care planning track (led by Dave Carlson); idea was to use care planning to demonstrate workflow across providers; overlayed consent/using consent resouse; using break glass scenario; using clinical decision support—patient safety vs patient privacy
• involved 7-8 different companies

Meeting adjourned 4:45 PM

WED – Q1 Joint CBCP, Security, EHR, SOA, FHIR

Topics Quick update – ISO, HL7 EHR/PHR, FHIR • US trusted Exchange Framework TEFCA • GDPR • S&P Considerations for FHIR • FHIR Privacy, Security, Provenance and Digital Ledger Technology o Conformance Testing Suite o FHIR Connectathon Track • Is Privacy Obsolete? • Other Topics

ISO 21089:2018 Trusted End to End information flows • Approved and published; April 2018 • 27 lifecycle events plus vocab alignment verbs ISO/HL7 10781:2014 – EHR System functional model release 2 • R2.1 I devilment – panned for January 2019 ballot • 27 lifecycles plus vocab alignment verbs ISO 16527:2016 – PHR system functional model release 1 • R2 in development – planned for January 2019 ballot • 27 lifecycle events plus vocabulary alignment events FHIR Release 4 • Record lifecycle even implementation guide • Includes AuditEvent and Provenance Resource Profiles • 27 lifecycle events plus vocab alignment verbs • Implementer’s safety checklist • W5 report – key metadata alignment across FHIR resources o W5=who, what, when, where, why

Security FHIR W5 Report – from the same data but provides information on the W5, still informative—just more guidance

TEFCA Update – Chris Shawn Helped ONC to come up public/private sharing environment – earlier this year released draftt1 of TEFCA; has been opened for public comment. Interest on comments from feds. Summit in March in DC; hosted by MITRE and discussed how it was going to be complete-policy, charter WG—what came out was a semi-agreement between federal agencies to ONC; as federal agencies we have strict guidelines which we uphold as well as applied to our partners including FISMA, CUI, 32CFR 2002 which directs fed agencies to do that. And when feds turn over CUI to a non-fed entity that information is one labeled as such and whomever we turn it over to will continue to safeguard in the same manner. In VA when disclose information to provider its their information—we now want to have some assertion that the information will continue to be safeguarded. Health information is considered CUI the agency is national archive (NARA). There are other laws that govern the information in the US (i.e. HIPAA) both apply as far as we know. The WG came up with this information and submitted comments to ONC. ONC have come up with draft 2.0 and is still under reivew. (comment period over?) second draft has not been release—expect by the end of this calendar year. Anyone interested should be on the lookout. It’s a balance act—because there are some things that we HAVE to do. These guidelines, requirements and we want to keep the information free flowing… avoid information blocking in the manner b making it too hard esp. for a small provider to access. JC - ONC did receive public comments (several) industry at large, including HL7, deliverable on and taken into consideration. This makes the work product much better Gary – one of the challenges are real time query base…before a patient shows up to be seen; as well as in emergency care. If query is going across several networks and expand to devices where health information can be found, this seems from both ends query/responded… traffic. May now have to field hundreds of thousands of queries per day/hour/etc., start to wonder if this feasible—at what point does the scale break? Has this been a consideration? JC – valid questions; but cannot comment because it’s not out yet MD – it seems to be a new type of structure for Information exchange; intermediate points to handle the change and common agreement a ‘super DURSA’ you bring up a good point—we have been working in HL7 on a trust framework. We’ve balloted two volumes on Trust Framework and another focusing on provenance, our viewpoint is a little different here at HL7 that more a notion of what Gary is talking about machine to machine possibility rather than static. We are also considering a runtime exchange. The time of the query is a point…this doesn’t ‘support the model you mention. You brought up an emergency access, the DURSA authorization has emergency as a POU but it has not been implemented---VA has implemented and has brought that up to ONC. If there is an emergency and people are querying on treatment, the VA or other organization cannot respond—it is a patient safety issue. I wonder why we don’t have an emergency POU, to handle those conditions—in a true emergency. There is no way of making that notification. Fires in California-we were notified by the VA but were unable to do it—back to telephones, fax machines—certainly not scalable. Comments have been made, and Sequoia approached CIO pediatrician; Implementing a… limitation is its hard to exchange info with the community partner the payers to bring down the cost of healthcare but maintain quality. With MU there is much information we can use… EMR lack of … Would this be a big dump of data---in regard to trust… MD – the payload is what you’d expect—the messaging doesn’t change. What they have is QHIN that are intermediaries which join endpoints together to facilitate exchange across communities. You can be a member of a new layer of abstractions (…QHIN) and communicate across networks—more national TEFCA is a network of network to facilitate the HIEs, the hope is that it will facility an easier exchange with an agreement upon bet network which everyone agrees to ‘this level’ Q=qualified QHIN qualified health information network--- the requirements, include flowing downing to participants, there will be requirement put on the QHIN to facility TEFCA law… current law will still be in place. Next iteration coming out is another draft. EU update – overview – current issues – regulations in place - Alex

GDPR is reality, as expected May 25 is more of a beginning for companies. Most companies are not prepared: 1. Started late to implement requirements 2. Text of the law is not clear Many open questions, even between lawyers in how to represent the law. There are several cases so far—then get clarification of open questions. There is not too much punishment, but more education and support for the companies to update the requirement. last week Facebook breach – GDPR case, may come up to 1billion dollars. Currently are under implementation. With implementation on how to tackle—consent has to be fine grained (what does mean?) reasonably fine grained? Very fine grained---they need to be answered. From HL7 perspective, the security WG started an initiative this year to create guidelines how the GDPR guidelines to be used in FHIR. Anyone interested weekly Monday AM meetings – discussions around GDPR white paper and confluence page. contributions are welcomed… many other countries have started to update GDPR text and adopt their privacy laws and has become a role model for many countries. The big companies started GDPR earlier (2 years ago) to start implemented, smaller companies have started later.

John Moehrke – FHIR Security Considerations Struggle approaching a FHIR specification • Patient data, patient reament of FHIR use, given most discussions about FHIR, many people think that FHIR is only for treatment of patients and therefore EVERYTHING in FHIR is patient health information • Yet there are some resources that need to be widely available o capability Statement, Structure Definition. Etc. • And there are some resources that might only be Business related o Endpoint, schedule, etc. • And there are some that can be anything o Binary, Document Reference, Media, etc.… Some WGs are being proactive and adding some security considerations SLIDE: Security Considerations affinity (five considerations) • General Statement • Public/Infrastructure • Business Sensitive • Provider Sensitive • Patient Sensitive • Unknowable – could contain anything thus might be public or might be highly sensitive

JColeman - like where this is going; question bet why provider/patient are not together… JMoehrke – is consent involved hence the separation. Reminder that we are continuing to work on this concept Tuesday, FHIR-Security 2:00 ET (confirm time) --- Provenance is interesting work, but we still don’t have people to do the work. Mike – Volume 3; Trust Framework for S*P We found several things in provenance, its close relationship to audit; logically you identify security relevant events you want to capture; you configure your audit systems, and process the result, report…etc. provenance seems to follow the models. The same turn in audit systems; I want the system to capture the occurrence of lifecycle events—audit event, becomes provenance events. Provenance is based around that type of concept. Also, when collected, what am I going to collect? There has to be some community of interest—this is the type of items I want to capture; the community of interest needs to establish what they want in provenance. May be something in an organization which may not be something to share outside the network. We looked at the W3C definitions, lifecycle events and audit. We’ve analyzed that and placed in one sphere of interest. It seemed to be logical early on and have been expanding that. The notion then of what needs to be captured, the provenance can be included into the event itself—a FHIR resource for example. For historical purposes, a digital leger can be implemented in a lot of ways, the resources that provide the storage of the ledger can be distributed. You can then go in and query the ledger if you have the rights to do so.

Is Privacy Obsolete – mike Davis Report out. Worked on this project forever, The original thought was a study group, collecting information for a few years <<Mike Document>>

Must prove harm (per law) regarding breach Answer: it depends on your measures • Japan Australia, EU, UK, US, India… what laws have been passed on privacy and how current are they? Remarkably the laws are very new.

Q2 – VA / DoD Breakout Session (Convey room)

Government HL7 Projects – Conway Conference Room – develop government project list and work to coordinate efforts to better leverage taxpayer dollars

Kickoff / introduction Summary of Agency Priorities / Strategy Provide an opportunity for Departments / Agencies to describe their overarching drivers and goals as related to HL7 Discussion: Risks and Opportunities within HL7 • Open Discussion around risks, opportunities concerns as related to HL7 and what/how the community can rally to address them Project overview ‘lightning round’ presentation giving quick project vignettes and status update Next Steps / wrap up • Future meetings (s) planning • Summary of action items

FHIR plays role but still Ken under belief of technical ubiquity

… Want to make sure FHIR based APIs are ready and implementable – looking at what is currently implemented. During keynote, need to support technology and semantic standards, recently awarded Regenstrief grant – in hope that support (LOINC); will support/continue to support standards coming up FHIR APIs – single patient access, not scalable getting the power of… ; leading edge accelerator grants • Boston children’s hospital, for clinical innovation, clinical use of health ID • Medstar – advanced machine learning, learning HealthID for healthcare… not aimed toward practical regulations but using the technology of our work to improve healthcare. Sent proposed rule for OMG for review (60-day) review;

Bulk Data (16:00?)) Question on bulk data access – lack of standardization to …provide...? currently not scalable; expect the models will still need to At base level, develop

TEFCA There will be some changes depending on broadening of scope, work with SMEs, we hope that the technologies used are used for both Commonwell, eHealth Exchange. (Scott, FDA) appears to do as little disruption as possible; At highest level, yes. The principal is that ability to join one network and that most networks are already working on—and articulated on; expectation is building on as a foundation. Using the latest and greatest FHIR spec knowing they are not always ready and/or fully implemented. TEFCA has not been split to the framework and the more technical; a lot of the technical is in another place. Document to still be created. Are you going to have a document that will be building something they don’t know what to do yet? CS understanding is what’s in draft1 may not be in draft2 • We are trying to schedule some of the timing issues; once we place into public framework-we are anticipating a grant coordinating entity giving them time for cohorts to buildout technical details. ... wherein we invite other entities to join. • I understand that’s the plan – but we would still like to see what the RCE comes back with Nancy Orvis (MHS) Many parts of what DoD is doing. We have a huge technical capability; there is a Sitting on the strategic planning side (not the budget planning side) we are trying to get more informatics people; we have key members working on security and TEFCA; I would say …from the product line of HL7, FHIR is the future for building our clinical … To justify Tricare benefits (2/3 budget) the v2 platform is high volume, high transactions and will be around for a long time, CDA CCDA products we are interested in continuing to use, to have back before be of network providers, are part of the Sequoia project…and we have to meet TEFCA. We’ve got ADA in the CDA format We’ve done some stakeholder between Oasis and HL7 -MHS are part of the NDMS –we play a role in med evacuations out of Scott AFB (introduced yesterday as a real standard); we are looking for promotions of non-hooked up things (re: standards) we are doing push pull in our new stands EHRs vs what we do… for better decision support.

FDA (Scott Gordon) Activities; affected by 21st cures act as well as separate Rx drug…. (act); there is interest call real world data—not created by protocols i.e. clinical trials; cures Rx drug user act; both call on FDA to develop framework on how to accept/determine what is acceptable for this type of data for new indications/existing drugs/safety… already interest in FDA for current work. From clinical trial to endpoint (clinical epidemiology) looking at FHIR as a standard for process. For admission; not related to standards (via CDISC); for future changes in process—looking at FHIR Looking at grant from Boston children’s to explore to use case... and where FHIR can be a viable solution. Also, variety of projects invoking FHIR – patient centered xx oriented... where you cannot query multiple EHRs because they don’t look the same. • Planning for implementation c-currently mappings are being done; • I2b2 • Odyssey-UMA • Conceptual model ‘bridge’ to be submitted for may; extensions and profile; FHIR representations; taking the union set for common data models; where those align we’ve mapped to existing FHIR resources and leading to downstream to FHIR extensions to create models … ongoing to research models; o EHR, claims, o Used for Sentinel. pharmacovigilance o Bridge; used as part of the project--not necessarily used in FHIR at this time (it’s the transitional model)  We are still building lots of models (Nancy) o Bridge conceptual model was used as a mandate back in 2003 (alignment to current data models, gap analysis) • Common data model approach is a reality so that we can compare apples to apples Big call of CURES is to provide guidance—what is scientifically sound; advise without being prescriptive; FDA is heavily interested in the health IT space; coordination across the board (already have coordination with ONC)

Russ Ott; IPO has oversite for sharing of two sites (VA DoD and outside.) • Errata release completed; getting doc reference in the core; pushing for CCDA guidance through Commonwell and Care quality; helping DoD to stimulate dental exchange for readiness on the DoD side…. Implementation focus

Directory was balloted – affirmative vote

• hasn’t been thoroughly vetted; working now on Connectathon; identified where we can host reference implementation to generate synthetic data appropriate for task/data set; to achieve 2ndd/3rd Connectathon---for purpose of improving IG.

Some FHA; managing the transition • Funding two FHA researchers; health guide directory, some changes to unique device identifier (UDI?) o Nancy UDI - Huge issues on DoD side, pharmaceutical side o Ioana (involved)

1.36 billion some going to Boston Children’s, the rest will go to HL7, some CCDA projects; there are some projects—meeting next Q to review projects to improve the implementation of FHIR • another one in January to coincide with the FHIR Connectathon • high level – few of the workstreams to improve and expand to organize the governance of FHIR o making sure that FHIR is implemental and easy to implement o planning for R5; balloting with bulk data o (30 things) per Matt o Key we are working w HL7 are easier to implement ONC – opioid guidelines (Johnathan CDC-CDS opioid guidelines for opioid chronic pain management to build clinical decision support – trying to get those piloted with EPIC, hoping to expand to Yale, MiHIN, Regenstrief eLTSS – helping to develop a data set for homecare, balloted September which may be followed on by FHIR based IG. CMS-ONC project work

other projects for DoD – • Core data elements for data registries; build on US-core to have universal … how do we manage requests for data registries o Looking for key provider supports Lab manufacturers may be starting to issue LOINC codes… i.e. lab results returning coming over with associated LOINC codes (!);

FDA – assess the effectiveness of clinical research whether prospectively as well as retrospectively. Easier side of things – is e-Source (electronic sources for clinical research “prospectively”)

OSEHA – project; data models for synthetic material (dev by MITRE) PSS – cross paradigm mapping; center index... from/to mapping; Open Health market place – spec for meta data tagging, an open api distribution… Google store, etc. for healthcare applications – could evolve to SMART on FHIR applications KNARTs – stack of business rules which are now business based SOLOR – bringing SNOMED, LOINC, RxNorm… concepts … mathematical union of the three/ driven by HSPC Trying to converge reference architecture… agreement in principle from each entity. We have been investing heavily in BPPN, DMMN, CMN– are they expressed to make shareable and portable... pushed in OMG, there is no reason why we can’t publish this out; guide was excepted around April/May, starting to get interest in clinical society, etc... hoping to publish out guidelines as formal representation for (ACOG); hope is that this is the flip to EHR providers on. • Where will you have architects for the modeling notation... o Its just newer modeling… BPMN … it has an 8-year start... these are OMG standards

Security WG – we are lading; conceptual models for trust framework – we have a conceptual behavioral model for access control; in ballot reconciliation • We have a project in audit / audit specification – its passed • Plan to ballot provenance/audit – leveraging audit spec as well as some international standards and lifecycle events for a specification including requirements that support. Intended for sharing model, no a specification for how—but aware of things such as digital leger, GTRI work, etc. Draft presented at this WGM and plan to ballot in January • FHA – looking at common risk, to come up with common solutions

Risks – in general we support FHIR; belief its being oversold; process point of view—at HSPC meeting at a breakout session…clinical content (hate of 80/20 rule) … if we are disenchanting clinical providers; area of potential • Roll out of education for chair; • Inconsistent for semantic FHIR foundations o Stepping a bit away from v3; using FHIR as an access layer. when we do multiple partig and doing inference across that… taking half of their VA outside o Concerns around engineering

Next steps 1. Is there a follow up action on UDI? Terry Reed to meet with Nancy for game plan; Maryanne Slack to be included 2. ONC share to project plan (30 list) 3. PSS cross-paradigm call to be set up… 4. //add HL7

WED – KP / DoD / VA – luncheon Walter Suarez, chair Introductions DoD Dental PPT – Russ Ott • Requirement for ‘medically ready for deployment’ • Increase data exchange for dental/clinical data • Vocabulary used for exchange: SNODEN ONC Report Out OMB Review / Tactical: FHIR, DSTU – to make sure ready for implementers (tool) inferno DSTU2/ready and conformant • Make more active, practical so base API level are consistent • FHIR version 4 will have our API ready for bulk data access o Hope is it will be ready for industry building into their products • Complementing this activity: o Two grants recently awarded

WED Q3 <<The Illinois Blockchain Initiative – PPT >> Brining up all pieces that can be done and weaving in when specs change. Designing the fabric that could be leveraged SMOKE / where there’s SMOKE there is FHIR If the chain can handle the data, and the data isn’t a problem (i.e. PHI, etc.)

If you lose your key (card, fob, or whatever)—you’ve lost the ability to do a signature (not your data); a new key will need to be reissued; you’re using the key for identity control, not access control FHIRBlocks Clinical Use Cases White paper by Symptomatic • Provider Directory (ONC sponsored) • Organ donor is a supply chain issue. • Break glass protocol… post-mortem protocol (where post-mortem is i.e. in question/under investigation) o Malpractice discovers

healthIT.gov/use cases (?) sae

WED Q4 – Security – CBCP Joint GDPR on FHIR Status: mapping has been completed Weekly call: • MON, 10am EST, current participation low (4-5) • https://confluence.HL7.org/display/SEC/FHIR+-+GDPR • Wiki: http://wiki.HL7.org/index.php?title=GDPR_(General_Data_Protection_Regulation) • New time suggested: 11 or 12 EST First DRAFT version of the document published online; intention is to expose those things we’ve completed and to identify the gaps for things we still need to do.

Meeting adjourned at 1700 ET

THURSDAY Q1 – Security / CBCP / FHIR-I Schedule same Thursday Q1 Security joint w CBCP, FHIR-I

Consent vs contract Did not clean out the consent vs contract until recently; causing some confusion—in US still currently on V2, an are now looking

Looking at appropriate use case for consent use cases and as well as OAuth, also PC and APPC—discussions come out of the Connectathon. There is also an interest in continuance of Connectathon-using MiHIN ‘ring of FHIR’ • Idea was to talk about use cases. And reference APPC; back up the use cases by exercising the Connectathon by MiHIN. test assumptions of one or the other use

•

• Whatever needs to be done needs to be done soon for FHIR v4 (Grahame) JohnM would like to get some of the examples into the spec; we have an example from scrimshire recording an OAuth based consent. We have some in the spec today. I’d like to have the differentiation between the two resources first, before projecting for our five.

• At the top of contract and consent—appropriate source of these and that the other exists. Each clear on scope for each; and sometimes you may either. That’s what needs to be explained—there is not an absolute line. Generally, if all your all are recording then ‘x’ • * Kathleen – we have examined that inpatient choice project. • What kind of a deadline do we have? They are STU. 11/11/2019 • Kathleen will need to have first draft in by this date • It may turn out to be its own page; initially the steps are to have a clear scope explanation of those two • Grahame – draft wording for today? • Kath – there is material in the Patient Choice which takes care of the general points—key is whether or not elements of contract that can stand up in court; signature • whether it has to meet the four corners of contract, signed in paper form—which has to have traceability; consent has source (original source—as handled by contract) • Terms as determined by law; those are linked to questionnaire by law; each term by law have to be there; patient acknowledge… (ask Kathleen for verbiage) • Same mechanism that contract has o Which may be sufficient as in a paper form • Grahame is wary about kicking the can on this—his understanding is consent is computable rep of agreement, if agree is backed by legal or paper agreement, then o No… • Need to • Monetary payment cannot be express in consent • You will never find a contract where the contract will say ‘don’t do this’; you don’t have ‘deny’ in contract. it will come out as ‘I agree, you will not do…’ o You use consent to use those data access rules

What are the other cases where I cannot do that cannot be done • Where you need a legally binding contract • Paper should speak to … not a shall, but as a tendency. Setting scope and usage

Topic dropped – moving to next; Kathleen will get wording out as soon as possible

FHIR Security Considerations – John Moehrke

Some work groups are being proactive and adding a security section Grahame – difficulties in understanding what to say about security; Currently five categories: • Public/infrastructure • Business sensitive – mostly public and not sensitive but care as they may contain business sensitive • Provider-sensitive – provider identified data may be appropriate to release for specific use cases but does expose the provider individual • Patient sensitive • Unknowable – could contain anything thus might be public or might be highly sensitive

These are not set in stone, are guidelines; enterprises may add or change as necessary; they are categories of ‘normal use’ Mapping of sensitivity codes to laws – may be included o Suggested default tags • Once we have the descriptions of each affinity, then resource can be tagged as mostly one or more of them • FHIR Build help; similar to how compartment is enabled in the build o See 8.1 Resource Patient – Content Compartments

13.11 Resource Contract – Content Financial Management Work Group Tri Financial Management Work Group Trial Use (Maturity Level: 1) Security: Patient Sensitive Compartments: Not linked to any defined compartments

Legally enforceable, formally recorded unilateral or bilateral directive i.e. a policy or agreement

Grahame is making some infrastructure

• Start with categorizations • Assign resources to category • Fill out resources on home page • Write enough text on security page so they—committee members know what’s going on o Finish text to make it look nice (more broad audience)

Given the modified pages, clarify more than normative; Grahame would like a formal decision from the committee; Motion: Add to security categorization to the security page and a link with a correct resource from the resource page. (Kathleen / Diana); Abstentions none; objections; none passes: 20

Other R5 work that we want to do. FMN Releasing intended scope for R5 in January 2019; also put out document for project roadmap—where FHIR is pushing the community to go in terms of community ecosystem; Grahame will be seeking committee input in SAT. For Grahame, operationalizing consent is a key feature of the roadmap which has standards and non-standard information. Candidate resource and expectation for it to be widely deployed. Other countries are interested in consent. Speaking to ONC to include a set of actions for use with TEFCA. Grahame still have implementers asking about access control instead of consent—and regad extremely unwise to use as access control---create an access control resource (?); K – If you had an access control resource do you imagine it as business/rules engine; from a security point of view; unless you’re in a very trusted domain—there are problems with encoding polices with rules; its unlike one domain will accept a pre-coded AC rules; JM – does not understand why there are AC rules in consent—need GR – AC theory is running being XACML RESTful – is interesting; Grahame will investigate further.

A gForge ticket has been issues for 8.1.0 to go into safety page; FHIR Security • We should remove things from the safety page • Kathleen reordered the safety page – with a document page o ACTION ITEM: follow up with Grahame so that it doesn’t’ get lost/drop off radar

TOPIC SMART Ballot from last fall – publication request – Josh Mandel

Given where we are with ballot resolution as it is one of three things to be done SMART App Launch Framework (page shown) • spec is the same • explicitly call out conformance content, sTU2, STU3 • added language for OpenID connect, and incorporated set of specific things a server can do • still backward compatible with Argonaut; its clear in adding of things to move forward o capability statement o smart configuration, JSON file o rename as an alias one of the Oauth resource used --- link to FHIR resource and not an arbitrary document • https://build.fhir.org/ig/HL7/smart-app-launch/

under 4.4 Well-Known URI Registry – smart-configuration

MOTION: (Josh Mandel/Jim Kretz) move forward toward publication; as the harmonized ballot reconciliation for v1

Discussion: Who has read all of this? (Alex); This is the effort to resolve the ballot comments to meet the original PSS requirement and move toward publication. Option to send out an e-vote to give time for people to read ahead of time (lesson learned; for future)

In Favor moving forward to publication: 14; negative: 3 abstentions: 4 Motion passes

Grahame: CP19298 • Undocumented feature. Can put an undocumented feature • Potential length issue if provenance statement gets very long. • Document the provenance header as a way to convey the provenance resource for a change when performing PUT/POST o Provenance would have to JSON, but observation can be whatever (i.e. xml) o Grahame will add to the provenance page • Move to approve (Grahame / Josh) Vote: abstentions 1; objections none; approve 19

Adjourned at 10:30

THURSDAY Q2 – CBCP Administrivia

Suzanne Gonzales-Webb Jim Kretz Ken Salyards

MON Q3/Q4 – CBCP Hosting Security TUES Q2 / Q3 / Q4 WED Q2 / Q3 / Q4 THU Q1 / Q2

CBCP Administrivia • JAN 2019 wiki/DRAFT Agenda set up: http://wiki.HL7.org/index.php?title=January_2019_CBCP_Working_Group_Meeting_-_San_Antonio,_Texas_USA#Agenda_and_Meeting_Minutes • Room Requests completed/ joint sessions with Security scheduled

NEED TO DO • 3-year plan – review and update • (check off) review of