This wiki has undergone a migration to Confluence found Here
Jul 24, 2018 Security Conference Call
Jump to navigation
Jump to search
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| x | Diana Proud-Madruga | x | Francisco Jauregui | . | Joe Lamy | . | Greg Linden | |||
| . | Rhonna Clark | . | Grahame Grieve | . | Johnathan Coleman | . | [mailto: Matt Blackman, Sequoia] | |||
| . | Mohammed Jafari | x | Jim Kretz | . | Peter Bachman | x | Dave Silver | |||
| . | Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | [mailto: Julie Maas] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of:
- July 24, 2018 Security Call and
- Meeting Minutes (in process) July 17, 2018 Security Call
- (5 min) GDPR whitepaper on FHIR- Alex, John, Kathleen
- (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
- Meetings: Tuesdays, 11:00 AM Eastern; freeconference.com same as Security call
- TF4FA Ballot Reconciliation (wiki)
- Ballot Reconciliation Sheet_v20180724 for review offline Comments 1-10
- (10 min) PASS Audit reconciliation - Mike
- (15 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
- Is Privacy Obsolete - Mike
- (05 min) Placeholder: HL7 WGM Baltimore planning
Meeting Minutes (DRAFT)
Chair: Chris Shawn
DRAFT Meeting Minutes: June 26 – meeting minute approve Motion to approve: (Suzanne / Mike) Objections: none ; abstentions: none approve July 10 – meeting minutes approval Motion to approve: (Suzanne / Mike) Objections: none ; abstentions: none approve
Add Is Privacy Obsolete to agenda GDPR whitepaper on FHIR – Alex
- No update
TF4FA Ballot Reconciliation
- Met today; reconciliation initiated
- Comments 1-11 adjudicated; (not voted)
- Pending any comments – we will vote on
PASS Audit reconciliation
- Have not met yet – meeting first time this Friday; 12 NOON EASTER
- All are welcome to attend
- Some discussion if another call would be a burden
- If we took the last 20-30 minutes and do reconciliation on this call (suggestion…)
- Jim, Suzanne in favor
- Chris will cancel the Friday Audit and make reconciliation on PASS Audit part of this Security
- Ballot reconciliation sheets / documents will be added to gForge (ballot spreadsheet and documents)
- Will add to the agenda starting next week
TF4FA Trust Framework Volume 3
- Presentation given last week on diagrams to Security WG
- Need to get a team of authors who will take on writing portions of the document (writing sections)
- Please contact Mike Davis if you are interested in contributing to the document
Is Privacy Obsolete? - report out
- Plan is to finish off work and present at HL7 September 2018 WGM
- Present to EHR the findings
- When starting due to breaches in large
- Yahoo
- Victims were not getting relief; courts have been ruling against claims where victims were unable to prove harm; most of the breaches have been characterized as identity theft and not privacy violations.
- Facebook, google – Zuckerberg trial
- Approaching this is to look at some representative countries and seeing whether the law in those countries how they are doing with respect to privacy… looked at the core emerging technology to help individual privacy
- Looked at china, India, UK EU, US all countries have recent and significant
- The interanion way
- In the US privacy laws are fragmented. Healthcare is a good example for privacy
- Did not include Russia
- GDPR – is also highlighting violations have large fines; GDPR
- ( see notes from CBCP)
- Privacy impact assessments;
- Originally not much attention paid into it
- These are recommended to be completed yearly
- Requirement for GDPR
- Data classification
- An emerging area
- Enables prioritization of data and policy that span them
- HL7, implementations in all the HL7 messaging
- Consent management
- HL7 very active I consent management
- Google, Facebook
- Need to be aware of privacy breach/issues
- Have not written conclusion – things looking more hopeful rather than privacy being obsolete
- Development sin ISO in the privacy space – area not forgotten; we do have breaches in healthcare in the US, ONC goes after the most egregious breaches with the notion of putting technology in place… fairly promising
Questions?
Baltimore
- Add privacy obsolete – report out
- Joint EHR – add privacy obsolete
- May want to brief to one of the FHIR groups – we’ve introduced them in the past ??
- TF4FA – volume 3
Motion to adjourn: (Suzanne) – next week we will start audit reconciliation
