This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 January 2018 - New Orleans US MINUTES

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page

MINUTES WGM New Orleans 29th January to 2nd February 2018

New Orleans WGM Minutes approved during the Feb. 20 Security WG Call.

Monday Q3

Joint CBCP - Security

See CBCC Minutes

Monday Q4

Joint CBCC - Security

See CBCC Minutes

Tuesday Q1

Opening Security WG Meeting

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Mike Davis mike.davis@va.gov
  • Chris Shawn christopher.shawn@va.gov
  • David Pyke david.pyke@readycomputing.com
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • Suzanne Webb suzanne.webb@bookzurman.com
  • Elysa Jones elysajones@yahoo.com
  • Michael Donnelly michael.donnelly@epic.com
  • Ron Ross ron_ross@clinicalarchitecture.com
  • Dennis Patterson dennis.patterson@cerner.com
  • Kevin Olbrich kevin.olbrich@mckesson.com
  • Joe Lamy joe.lamy@aegis.net

Chaired by Trish

  1. Introductions
  2. Approval of agenda
  3. International Report outs
  • Japan: *EU: Alex gave a brief update on GDPR preparations for Austria.
  • Australia: Trish provided information about recent changes to the Persoanl Health Care Record initiative in Australia.
  1. Liaison Reports: ISO, IHE, ONC

Agenda items deferred to Q4

  • FHIR Security Report out - John Moehrke - Updated WG on current CR status and balloting timelines.
  • HL7 Project status and updates:
    • Is Privacy Obsolete? Mike Davis report out presentation for January 2018 WGM.
    • Trust Framework & S&P DAM - Next Steps - Mike Davis reported that the plan is to ballot the PSAF Chapter 2 conceptual information model TF4FA Volume 1, an aligning update of the Security and Privacy DAM to ISO 22600, and if time permits, an Informative TF4FA Volume 3 guide on use of blockchain, audit and other supporting background.

Tuesday Q2

Joint with CBCP - FHIR CCDE Connectathon Report Out/TEFCA Comments

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Mike Davis mike.davis@va.gov
  • Chris Shawn christopher.shawn@va.gov
  • David Pyke david.pyke@readycomputing.com
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • Suzanne Webb suzanne.webb@bookzurman.com
  • Elysa Jones elysajones@yahoo.com
  • Michael Donnelly michael.donnelly@epic.com
  • Ron Ross ron_ross@clinicalarchitecture.com
  • Dennis Patterson dennis.patterson@cerner.com
  • Kevin Olbrich kevin.olbrich@mckesson.com
  • Ken Salyards kenneth.salyards@samhsa.hhs.gov
  • Ali Khan akhan.md92@gmail.com
  • Joe Lamy joe.lamy@aegis.net
  • Chris Hills christopher.hills@navy.mil
  • David Staggs david.staggs@bookzurman.com


2 USA TEFCA Trust Exchange Framework and Common Agreement

Discussion to be centred on sharing with Protections - TEFCA Minimum Necessary given expanded Purposes of Use - Provisioning with ABAC Clearances & Security Labels

  • Description:
    • Goals for authenticating and developing common set of rules and org policies and process for adjudicating and filing non-compliance.
    • It defines how to exchange between all participants would be obligated to meet. Also, it sets up a new entity (3rd party) for deciding health information for the nation exchange- and there will be one organisation for the central management of exchange.
    • Document link:
    • It uses 6 principles – one includes sec safety and patient safety
    • Use case: Emergence access is not one of the purposes of use.
      • Failure recently with VA as asking for information during the fires was not possible. Software hardcoded so couldn’t ask for info.
      • HL7 standard provides for the sharing of info and overrides any other rules on sec – patient safety wins. Purpose of use needs an emergency code/disaster. Operation and provision of services
        • Emergency tracking of patient whatever the origin – is already created in OASIS
        • Distribution Element (DE) is a method that can be used for patient data routing but needs input on how to transport and how to secure from SECWG.
        • Consider FHIR-I project transfer and other methods. Direct Project is not suitable but other options are available.
        • Need to consider actors in exchange (FHIR over HTTP for instance)
    • Document includes minimum requirements for security (section 6.2). It includes reference to various standards for each requirement.
  • HL7 comments in relation to use of HL7 standards
    • HL7 interest is the SLS.
    • WG discussion on the potential amendment and additions to document. Jonathon Coleman captured for the HL7 comments.

2 Findings from CCDE Connectathon

Report out see CDCP Q3 meeting Tuesday. Video posted.

Tuesday Q3

Joint CBCP, Hosting Security

  • CBCP is also Joint with Attachments for eLTSS presentation - should send Reps
  • ONC Research Patient Choice presentation by REACHnet Kyle Bradford
  • WG Recruitment Strategies

Tuesday Q4

Security PSAF Work Session

  • New FHIM P&S Station - Jay Lyle &/or Galen Mulrooney to present
  • Review Proposed May TF4FA & S&P DAM Ballot Material
  • Security should send rep to joint Attachment with FM for eLTSS Security

Wednesday Q1

Joint with EHR, CBCP, FHIR, SOA, Security(EHR hosting)

See EHR Minutes

To include in-depth discussion about:

  • Is Privacy Obsolete? Study Group Findings - Mike Davis
  • TF4FA and S&P DAM updates - Mike Davis and Chris Shawn

Wednesday Q2

No meeting

Wednesday Q3

Security hosting FHIR-I - Security WG deep FHIR topics

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • John Moehrke John.Moehrke@gmail.com
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Mike Davis mike.davis@va.gov
  • Chris Shawn christopher.shawn@va.gov
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • Elysa Jones elysajones@yahoo.com
  • Kevin Shekleton kshekleton@cerner.com
  • Ozlem Kurt okurt@dynamichealthit.com
  • Galen Mulrooney galen.mulrooney@jpSys.com
  • Josh Mandel joshua.mandel@childrens.harvard.edu
  • David Staggs david.staggs@bookzurman.com
  • Aslan Brooke abrooke@zynx.com
  • Matthew Dugal mdugal@dynamichealthit.com
  • Raychelle Fernandez raychelle@dynamichealthit.com

Chaired by John

1 FHIR

    • Summary of Smart-on-FHIR reportout:

They have finished ballot reconciliation, and are now working on implementing those changes into the document. They are expecting to re-ballot if need be. Once that is complete, they will open up next revision where additional scopes can be considered. Where there are currently known scope proposals, as well as new scope proposals newly appearing to be considered.* Is there a comparable FAL3 token in OAUTH? (David)

    • FHIR version of Kantara Consent Receipt

Kathleen: There would be a step where the app goes to the auth to service, and goes to the claim end point. And app has access to the part of the consent it is allowed to see, and create receipt. There is a Consent Receipt the use case is general purpose when any consumer uses the app to access data and create receipt of what was agreed. The CR is metadata (codes for purpose of use) and data blob. Now looking at structured body for the consent. John suggested adoption of the FHIR consent for content. Method to allow app to only have access to consented information. Up to Kantara to manage its receipt content.

    • On Zulip concern about URL parsing coding being a vulnerability. Kevin volunteered to populate information if needed. If something is actionable by implementers then it should be included. Other mitigations bring the level of risk down - for instance they are only talking to trusted servers. This is a basic web security vulnerability.

We already have a warning about markups and input validation, but there are lots of examples that are of a general nature.

    • FHIR FAQs
    • ONC Secure FHIR Server Challenge
      • ONC put out this challenge and with prizes. Unfortunately only had 1 entry with two simple resources.

In FHIR Spec on security page we have a security checklist I informative section) and therefore we can amend this at any time. SMART-on-FHIR. Tangram approach that there are lots of solutions and altogether they form a complete solution. Want to hear from the community about what is a useful spec would look like.

    • Security guidance around encryption for FHIR content and how to include encryption in FHIR.

The core principles of FHIR development is using 80% of the current criteria in a domain. What could be used to encrypt data within the element in the data structure. e.g. DE-identifcation? To do this we need to identify which items in core FHIR spec are clearly direct identifiers and in-direct ones -(e.g as was done in DICOM spec). This led to use case analysis to identify how the de-identification work could be developed in FHIR


2 New FHIM Privacy and Security (S&P) Station - Jay Lyle &/or Galen Mulrooney to present Federal Health Information Model (FHIM) common set of exchange required by law to use in the US, but not only US Realm. The S&P DAM Was modeled (balloted in 2011-12) and latest DAM. FHIM can be used to revise the S&P DAM if needed. FHIM is also looking for a new home (as it is really a DAM of DAMS). We support the idea that HL7 takes it on, but it is not the SEC WG decision to make.

Wednesday Q4

Security WG Project Meeting

Attendees:

  • Trish Williams trish.williams@flinders.edu.au
  • Alexander Mense alexander.mense@hl7.at
  • Kathleen Connor Kathleen.connor@comcast.net
  • Mike Davis mike.davis@va.gov
  • Chris Shawn christopher.shawn@va.gov
  • Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
  • David Staggs david.staggs@bookzurman.com
  • Johnathon Coleman jc@securityrs.com

Chaired by Trish

1 Workgroup Health Update

Unpublished Ballot HL7 Version 3 Domain Analysis Model: Composite Security and Privacy, Release 1 (Pjt ID 529) - Needs Informative publication.

Motion to request publication: Proposed by Alex, Seconded by Hideyuki. Approve: 4 Abstain: 2 Disapprove: 1

Re-stated process to update the DAM with potential ballot in May. See comments below.

2 Decision Making Practices:

Instead of asking each Work Group to post its DMPs on its webpage, work groups will post only their Addendum (should they have one) to their webpage. If no addendum is found, an interested party doesn’t need to read through an entire set of DMPs to realize that the Work Group has simply adopted the default set. If there is an Addendum on a Work Group’s page, interested parties can quickly see the few areas that differ from the default DMPs without having to read through several pages. If your committee does NOT wish to make any modifications to Sections 5, 7 or 8 your work is done. Simply send an email to your Steering Division Co-chairs notifying them of that decision. If your Work Group does wish to modify Sections 5, 7 and/or 8, you will have until the May 2018 Working Group Meeting to complete and send the Addendum Template with your Work Group’s changes to your Steering Division Co-chairs.

Decide on whether to adopt:

Motion to accept default without addendum to new DMP as suggested by HL7 the TSC. Proposed by Kathleen, Seconded by Mike. Approve: 7 Abstain: 0 Disapprove: 0

3 DAM discussion Can we establish a set of rules based on ISO2260 Health informatics -- Privilege management and access control -- Part 2: Formal models, as used in the trust framework in the DAM? Is that a reasonable approach for an information model for access control. Any comments to Mike about this. Try to get something to review in May. Having several calls a week about this.

4 TEFCA comment submission confirmation (Johnathon Coleman) WG confirmed comments to be submitted on behalf of CBCP and SEC on the Trust Exchange Framework and Common Agreement (TEFCA) Motion to approve the comments for submission as the first set of Proposed Johnathon, Seconded Chris. Approve: 5 Abstain: 0 Disapprove: 0

Thursday Q1

Security hosting CBCP, FHIR-I Joint

  • FHIR Security simplification

FHIRPaths for constraints:

   //correlation between scope and category:
       //if you want to constrain to the valueset by it's system:
       scope='ADR' implies category.coding.system contains '<url of valueset>'
       scope='research' implies category.coding.system contains '<url of valueset>'
       scope='privacy' implies category.coding.system contains '<url of valueset>'
       scope='treatment' implies category.coding.system contains '<url of valueset>'
       //if you want to constrain to a specific code:
       scope='ADR' implies category.coding.where(system = '<url of valueset>' and code='<specific code>').exists()
       //and similar for the other 3 cases
   //if scope is privacy, subject has to be populated (provided that subject cardinality changes from 1-1 to 0-1)
   scope='privacy' implies subject.exists()

Thursday Q2

No Meeting as WG administration completed Wed Q4 Back to Security Main Page