HL7 Security Workgroup

HL7 WGM Baltimore September 2012

HL7 Security Workgroup

Meeting Minutes

Table of Contents

Security WGM September Agenda 3

Attendees 3

Minutes 3

Monday Q3 & Q4 - Joint with CBCC 3

· VA/SAMHSA led ONC Data Segmentation for Privacy Pilot Demonstration 4

· HL7 Vocabulary Adoption and Availability for DS4P Implementation Guidance – Heather Grain, Vocabulary Cochair 4

· Other CBCC-Security Joint Project Updates (5-10 min each) 5

· US and Intl Realm Report out 5

Tuesday Q1 - Opening Security WG Meeting 5

· Presiding Cochair 5

· Introductions 5

· Approval of agenda 5

· Confirmed approval of May 2012 WGM Minutes 6

· Reminder about Security Cochair Election 6

· Provide input to HL7 Comments on AHRQ RFI on Quality Measures. See discussion from Sept 4 Security WG call minutes. 6

· Review of industry activities 7

Tuesday Q2 7

· Review of industry activities 7

o US iEHR project for VA/DOD 7

· Review of EHR FM Security and Privacy terminology – prep for Joint with EHR WG Wed Q1 9

Tuesday Q3 9

· Levels of Assurance – Bill Braithwaite 9

· Healthcare Privacy and Security Classification System Ballot Reconciliation 9

Tuesday Q4 – Security WG Project Meeting 9

· Healthcare Privacy and Security Classification System Ballot Reconciliation 9

· Security SOA Project (SSOA) Planning 10

Tuesday Q5 - VA/SAMHSA led ONC Data Segmentation for Privacy Pilot Demonstration 10

· VA/SAMHSA led ONC Data Segmentation for Privacy Pilot Demonstration 10

o DS4P IG Conformance Testing -Test Case Accomplishments 10

· HL7 support for future DS4P requirements, e.g., HITECH Self-Pay, balloting of DS4P IG 10

Wednesday Q1 – Joint with EHR & SDWG Meeting 11

· Joint w/ EHR 11

o Review of the Metadata profile being developed based on EHR-S FM R2 11

· Cross Initiative Work Group - S&I Simplification 11

· SDWG Meeting 11

o Discuss CDA External References; use of HL7 Privacy and Security Vocabulary in the ONC Data Segmentation for Privacy IG 11

Wednesday Q2 – Joint with SOA 11

· Transition of PASS projects to SSOA Project 12

· Coordination of HL7 Privacy and Security Classification System with HSSP Data Sensitivity and Tagging Project 12

Wednesday Q3 – Free Security Educational Session Part 1 12

Wednesday Q4 – Free Security Educational Session Part 2 12

Thursday Q1 13

· Use of Act/Role.confidentialityCode [1..*] for ABAC and long term data governance in iEHR – Kevin Coonan 13

· Overview of All Security Projects for 3-Year Plan 14

Thursday Q2 14

• Confidentiality and “isDocumentCharacteristic” – Woody Beeler, MnM Cochair 15

• Data Segmentation Strategies for Legacy Systems – Mary Kay McDaniel, FM Cochair 15

Thursday Q3 15

· Review of Proposed DAM R2 – Kathleen Connor 15

Thursday Q4 15

· Co-Chair Administrative time (Charter review, items due to the Steering Division) 15

· Security WG 3-Year Plan 15

No Meetings 15

Security WGM September Agenda

Attendees

Name / E-mail / Affiliation / Tue Q1 / Tue Q2 / Tue Q3 / Tue Q4 / Wed - Joints / Thu
Q1 / Thu Q2 / Thu Q3 / Thu Q4
Woody Beeler / / x
Bernd Blobel / / HL7 Germany / x / x / x / x / x
Bill Braithwaite / / Anakam / x / x / x / x
Laura Bright / / eHealth Ontario
Gerald Beuchelt / / (on phone) / x
Kevin Coonan / / Deloitte / x
Kathleen Connor / / Edmond Scientific Company / x / x / x / x / x / x / x / x
Mike Davis / / VA / x / x / x / x / x / x / x / x
Duane Decouteau / x / x
Beat Heggli / / HL7 Switzerland / x / x / x
Sepideh Khosravifar / / Edmond Scientific Company / x / x / x / x / x
Don Jorgensen / / Inpriva / x
Ted Lesueur / ted.lesueur.com / McKesson / x / x / x / x / x / x / x
Mary Kay McDaniel / / x
Hideyuki Miyohara / / HL7 Japan / x / x / x / x / x / x / x / x
John Moehrke / / GE Healthcare / x / x / x / x / x / x / x
Mike McCormick / / Accenture / x / x / x
Eric Pupo / / x
Harry Rhodes / / AHIMA / x
Walter Suarez / Dr. Walter Suarez [ / Kaiser Permanente / x / x / x / x
Trish Williams / / HL7 Australia / x / x / x / x / x / x / x / x

Minutes

September 10

Monday Q3 & Q4 - Joint with CBCC

Q3 / 1:45-3:00 /
/ Joint with CBCC
·  VA/SAMHSA led ONC Data Segmentation for Privacy (DS4P) Pilot Demonstration
·  HL7 Vocabulary Adoption and Availability for DS4P Implementation Guidance – Heather Grain, Vocab Cochair
·  Other CBCC-Security Joint Project Updates (5-10 min each) / CBCC / CC Rm 340
Q4 / 3:30 -5:00 /
/ Joint with CBCC – New discussion items and projects
·  US and Intl Realm Report out / Security / CC Rm 340

·  VA/SAMHSA led ONC Data Segmentation for Privacy Pilot Demonstration

·  Introductions by Richard Thoreson – CBCC cochair

·  Mike Davis presented the DS4P VA/SAMHSA pilot brochure and deck

·  Johnathan Coleman presented on the ONC DS4P approach to using existing standards with multiple pilot implementation approach, real world experience to test the implementation guide

·  Joy Pritts, National Privacy Officer, spoke on the goals and importance of DS4P project and pilot implementations

·  Mike discussed use of “promise” sent from requester to sender, which is necessary for the exchange. Not part of the PUSH scenario in the initial pilot. Discussed use of WE-Trust SAML with XACML Authorization to send the Obligations, POU, refrains etc.

·  Questions about the enveloping approach, promises, algorithmic comparison of encoded HCS Guidelines exchanged among different affinity domains.

·  Demo Walk-through

·  Questions about CDA external reference, adoption and availability of HL7 vocabulary, and derivation of attested CDA

·  HL7 Vocabulary Adoption and Availability for DS4P Implementation Guidance – Heather Grain, Vocabulary Cochair

Heather spoke with key DS4P representatives at the end of the session and validated the following:

·  Determined that HL7 Vocabulary is adopted when approved during one of the 3 Harmonization meetings per year

·  HL7 Vocabulary is available post Harmonization approval in RIM VOC MIF (model interchange format ) file

Kathleen provided the following detailed information about an outstanding issue on vocabulary implementation from July Harmonization:

·  Required sets for DS4P are approved and viewable in the MIF except for addition of ETREAT and COVERAGE POU codes to the General POU value set, which was approved during July Harmonization

·  HL7 is in the process of remediating this issue so that General POU value set is complete in this cycle’s VOC MIF file

·  Other CBCC-Security Joint Project Updates (5-10 min each)

·  US and Intl Realm Report out

September 11

Tuesday Q1 - Opening Security WG Meeting

Q1 / 9:00-10:30 / / Opening Security WG Meeting
·  Introductions
·  Approval of agenda
·  Confirm approval of May 2012 WGM Minutes
·  Reminder about Security Cochair Election – Trish Williams, Interim cochair, is running
·  Input to HL7 Comments to AHRQ RFI on Quality Measures Discussed in Sept. 4 Security WG call minutes
·  Review of industry activities / Security / Guest Rm 647

·  Presiding Cochair

·  Mike Davis

·  Introductions

·  Twelve participants introduced themselves and interests in the Security domain

·  Approval of agenda

·  Walked through the WGM proposed agenda.

·  Security Education Session WQ4 presentations changes

o  Bernd – Security and Privacy DAM and Ontologies

o  Mike – HL7 RBAC Catalog

o  Don - PASS

o  Trish – Consent CDA

·  Discussion of call time changes to better support international participation

·  Approval of changes to the revised agenda

·  Walter asked about whether the DS4P Implementation Guidance would be brought to ballot through HL7. Several examples of S&I project deliverable that were brought to ballot are CCDA and v.2 ELINCS Lab implementation guide. Trish and Bernd discussed the potential for generalizing the DS4P implementation guidance so that it could be adopted in other realms. Mike argued that the discussion may be preliminary as ONC has not approached HL7 and there are no resources available. Decision to discuss at Tuesday Q5 and Thursday Q1 as part of discussion of Security WG current and prospective projects.

·  Mike asked for a motion for approval of the minute.

Proposal / Mike asked for a motion for approval of the minute.
Moved / Second / Opposed / Abstain / In Favor
Trish / Bernd / 0 / 0 / 11

·  Confirmed approval of May 2012 WGM Minutes

·  Reminder about Security Cochair Election

·  Trish William, interim cochair, is standing for formal election

·  Provide input to HL7 Comments on AHRQ RFI on Quality Measures. See discussion from Sept 4 Security WG call minutes.

·  The RFI consumer engagement question prompted much discussion. Some WG members questions whether the comments were within Security WG scope. Other Security WG members wanted to have more time to provide detailed security requirements about supporting consumer engagement. Below is the relevant input from AHRQ RFI comments with Security WG approved input excerpted for the minutes:

·  AHRQ Quality Measure RFI Question 4 - What health IT-enabled quality measures, communication channels, and/or technologies are needed to better engage consumers either as contributors of quality information or as users of quality information?

Proposed response based on Keith Boone’s draft including the Security WG input (underlined):

We believe that community focused efforts through public health, or provider organizations might be one way in which consumers can be better engaged in the development and use of quality information. We believe that the most important catalyst for consumer engagement is demonstrating that consumer preferences about the ways in which personal health information is used in an electronic exchange environment will be honored (e.g., via questionnaires, self-assessments, pilots, and personal engagement of citizens). This is a key reason for HL7’s commitment to developing semantically interoperable privacy and security standards intended to support jurisdictional and organizational privacy policies, and those policies’ patient consent directives.

·  An example of a consumer preference pilot is the current ONC National Privacy Office eConsent project discussed during the 12/07/2011 HITPC report on page 4:

Katherine Marchesini described the e-consent trial project, which is based on the HITPC’s individual choice recommendations of September 2010 and is intended to design, develop, and pilot innovative ways to: educate and inform individuals of their options for individual choice in a clinical setting to share their health information electronically; ensure that individuals are knowledgeable participants in decisions about sharing their electronic health information in a clinical environment; and electronically obtain and record meaningful choice from individuals in a clinical setting. E-consent pilots will be conducted at health provider sites within the Western New York Health Information Exchange, which is a Beacon Community. Best practices will be identified and reported.

Proposal / Mike asked for a motion for approval of AHRQ Quality Measure RFI.
Moved / Second / Opposed / Abstain / In Favor
Bill / Bernd / 3 / 2 / 6

·  Review of industry activities

·  Deferred to Q2

Tuesday Q2

Q2 / 11:00-12:30 / / Security WG Review of Industry and SDO Activities Meeting
·  Review of industry and SDO activities
o  US iEHR project for VA/DOD
·  Review of EHR FM R2 Glossary Verbs, and Security and Privacy terminology – prep for Joint with EHR WG Wed Q1 / Security / Guest Rm 647

·  Review of industry activities

·  US iEHR project for VA/DOD – Mike Davis provided an overview of the progress on the Veteran and Military Health interoperable EHR to support access control, patient consent directives, data segmentation, and security labeling.

·  Hideyuki reported that ISO 1441 Privacy and Security Functional Model for EHR passed

·  Bernd reported on Germany and Europe

o  German law required that Jan 2006 Health Infrastructure, which includes a federal health insurance personal health card containing summary and emergency information, be implemented for 100% of the population by 2012, but that hasn’t been completed yet. By end of the year, 80 million citizens (75%) who have basic insurance through the government will have German Health Card in addition to a citizen card. Citizens may have additional private insurance. Employers or entrepreneurs must purchase private insurance. 250 companies have harmonized the price of insurance so must compete on services and benefits. One could opt out and chose only private insurance, but cannot get public insurance later based on the “free rider principal” and solidarity.

o  Initial person identity proofing is required. The personal health card has chip and an encrypted folder under patient control. It supports digital signature (one key for authentication, one key for digital signature) so that the patient can store personal items safely, and for which only the patient has a key protected by an 8 digit pin.

o  Physician has own card. Physician authenticates and exchange certificates between patient and physician cards, access to the information on the card; physician can change the record for up to 3 days or must have the patient come in again.

o  Austria and Slovenia are also adopting similar approach. Finnish has health insurance card that is human readable. Thailand has implemented this approach.

o  Health card supports authentication of patient, and authenticates checking of patient registry to verify demographics and updates the card from registry. It includes health coverage information such as billing and health care cost information.

o  ePrescription will be supported in the future when provider/pharmacist procedures are harmonized.

o  Digital encryption key on the card supports data segmentation of personal and provider controlled information on the card except the emergency data set (WHO), which a physician can access in emergency without authenticating.