October 23, 2012 Security Working Group Conference Call

Meeting Information Back to Security Main Page

Attendees

• Kathleen Connor
• Mike Davis Security Cochair
• Suzanne Gonzales-Webb CBCC Cochair
• Adrienne James
• Patrick Pyette
• Harry Rhodes
• Jennifer T. Sisto
• Richard Thoreson CBCC Cochair
• Trish Williams Security Cochair

Back to Security Main Page

Agenda

1. (05 min) Roll Call, Approve Oct. 16, 2012 Security Working Group Conference Call Minutes & Accept Agenda
2. (10 min) HCS Ballot Prep NIB due 10/28 and update on Security Labeling System – Mike Davis
3. (10 min) Approval of HL7 Security WG November 2012 Harmonization Proposals due 10/28 – Kathleen
4. (10 min) S&P Ontology Ballot NIB due 10/28- John Carter
5. (10 min) Integrity Vocabulary - Reed Gelzer and John Moehrke
6. (05 min) Follow up on SHARPS- TBD
7. (05 min) Other Business, Agenda for Next call, Action Items, and Wrap Up

Minutes

• RE: Approval of Minutes and Agenda – Presiding Cochair, Mike Davis, asked for unanimous approval of the minutes and agenda. Minutes and agenda minus deferred items were approved [0-1-7]
• RE: HCS Ballot and Security Labeling System – Mike explained that the Notices of Intent for Ballot for SWG ballot items are due 10/28. He walked through the most recent version of the Security Labeling System diagram, which he presented on Monday, Oct. 22nd DS4P VA/SAMHSA pilot call as an addition to the HCS ballot material under development. Mike asked for and received a motion from Trish and a second from Pat to submit a NIB for HCS. Motion carried [0-0-8].
• RE: Approval of SWG Nov Harmonization Proposals - Kathleen presented the proposed vocabulary submissions.
  • Two proposals are for simple changes to more developer-friendly codes.
  • One is a technical correction to implementation of General POU value set, which had been previously approved.
  • The fourth proposal is for a Security Observation Vocabulary, which leverages current security and privacy vocabulary as security labels. This proposal would add several types on integrity concept domains and codes, which are needed for the HCS integrity security labels and the S&P DAM.
• Mike asked for and received a motion from Richard and a second from Trish to submit these proposals for Nov. Harmonization.
• During discussion, Richard asked how the security labels would relate with the CDA external references. Kathleen explained that while external references could be used for the labels, SDWG suggested that for implementation ease and for semantics, that the external references be used for security and privacy information that is dynamic, i.e., for which there is a potential for updates, such as patient consent directives and privacy policies. SDWG Modeling Facilitator, Calvin Beebe, had suggested the use of Clinical Statement Observations as an alternative means for associating security metadata with Clinical Statement Entries where persistent association with the entry is desirable and to facilitate consumption of the metadata by receiving systems.
• After discussion, the motion carried [0-0-8]
• RE: S&P Ontology Ballot – Mike discussed the current status of the project and the end goal of incorporating the Ontology into SNOMED.
  • He asked for and received a motion from Trish and a second from Suzanne to submit a NIB to ballot the updates to the Ontology in January.
  • During discussion, Pat asked about the relationship between the Ontology and the proposed Nov. Harmonization vocabulary. Kathleen stated that the vocabulary proposals have in the past been informed by and aligned with the Ontology. She anticipates that same alignment would be part of the update to the Ontology for the ballot.
  • Richard asked about the level of IHTSDO’s interest in incorporating the Ontology, which Mike stated that this had already been negotiated.
  • Kathleen mentioned that the SNOMED uptake of the Ontology would likely be of interest to the SHARPS project’s proposal to develop LOINC codes for privacy and security concepts.
• Motion carried [0-0-8]
• RE: Integrity Vocabulary - Deferred
• RE: Follow up on SHARPS – Deferred
• RE: User-Managed Access (UMA) – Mike discussed the UMA presentation given by Eve Maler to the OASIS XACML committee, noting its similarity to work SWG is doing on data segmentation. Kathleen provided an overview of UMA. Mike suggested that SWG’s further consider leveraging UMA for healthcare including patient control over access to health records and ability to impose obligations on requesters.
• RE: Other Business, Agenda for Next call, Action Items, and Wrap Up – Deferred Items will be added to Oct. 30 agenda

Meeting adjourned at 2:00 PM Eastern

Action Items

• RE: Submission of approved SWG NIBs– Mike, as SWG publishing facilitator
• RE: Submission of approved SWG Harmonization proposals – Kathleen, as alternate vocabulary facilitator

Material Referenced in Call

• HL7 Security WG November 2012 Harmonization Proposals
• User-Managed Access (UMA)
• 

  Diagram of the components of a healthcare security labeling system

Back to Security Main Page