April 10, 2012 Security Working Group Conference Call
Security Working Group Meeting
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Tim Goodlove email
- Jim Kretz
- John Moehrke Security Co-chair
- Tony Weida
- (05 min) - Roll Call, Approve Minutes & Accept Agenda - Mike Davis
- (10 min) - Security and Privacy Ontology May Ballot 2012 preparation - Tony Weida
- (10 min) - Issue: CDA Release 3 - Kathleen Connor
- (10 min) - Issue: RBAC Modeling issues - Kathleen Connor
- (10 min) - HIE Metadata Model - Kathleen Connor & John Moehrke
- (10 min) - RIM Ballot - Kathleen Connor
- (05 min) - Action Items - all
Mike Davis, presiding cochair
Called Roll; Asked for Approval of March 27, 2012 Minutes & Acceptance of the Agenda.
Motion: John moved to accept March 27 meeting minutes and agenda; second: Kathleen (7-0-0).
Security and Privacy - Tony Weida
- Tony was able to secure resources to complete Security and Privacy Ontology in order to complete the work from last January. Ontology ballot files were submitted to HL7extended deadline including the document in PDF form; collection of OWL ontology files; and ballot spreadsheet. Comments and feedback are being solicited.
- Several Security members will not be able to make the May 2012 meeting in Vancouver. Tony will have comments back from people on this. John M, Bernd, Trish will be there. What can these people do for Tony at the WG meeting? For those who submitted comments, the ontology has been revised and extended. Priorities and suggestions would be great in order to complete the hl7 administrative processes would be helpful.
Issue: Meaningful Use - Kathleen
- Many sections of these standards certification criteria that affect the decision about which standards will /criteria will be expected in Stage II. Security WG needs to make recommendations.
Issue: CDA R3 Security and Privacy Issues - Kathleen Structured Documents CDA R3 is ready to go to ballot with the current decision on about how that will be structured. There are two outstanding issues:
- Task 57 related to “Non-verifier” Signature
- Task 62 related to Access Control/Privacy Protection capabilities
Structured Documents WG agreed to refer to Security and CBCC WG.
The more pertinent Task 62 for Security WG relates to access control and use of confidentialityCode. Some of the approaches being discussed are creating more hooks for access controls in the headers; the non-structured body part (i.e. using CDA to wrap an unstructured document/item); and RIM stubs to e.g., A_CdaAct, which replicates the structure used for Quality Measures and has confidentialityCodes on most of the classes. One salient issue is how do deal with access control on a CDA R3 document when any currently RIM artifact (converted into a CDA type template, which can be attached to a RIM Stub. There will need to be access control guidance, e.g., a “high watermark” type rules to deal with nested confidentiality codes and other access control policies.
Task 57 related to “Non-verifier” Signature centers on the security and privacy implications of allowing signatures for Consent Directives vs. signatures from the patients. A presentation is started by Kathleen and will be given soon
Act.confidentialityCode "isDocumentCharacteristic" = true is a RIM change from September 2009 RIM change, which may substantially limit use of confidentiality codes to Acts that are document or record instances for an Act in criterion mood. May 2012 ballot of the updated Core Principles includes the description of how the RIM attribute property "isDocumentCharacteristic" is to be used, e.g., with Act.confidentialityCode. This seems to limit the use of confidentiality codes on Act classes in criterion mood, which in effect dictates the confidentiality code to use on Acts that are document or record instances.
The concern is that historically is that v2 and v3 uses confidentiality codes on Acts that are events as well as documents and records. E.g., if I want to keep my upcoming procedure confidential because I’m a VIP, the v2 message in the ADT system to that effect is not a record; it’s information about my upcoming encounter. This would be s substantial change to the business requirements we are trying to support.
John Moehrke raised a concern generally about lack of coordination with other WGs when they are dealing with Security and Privacy topics, as highlighted by the CDA R3, the Act.confidentialityCode "isDocumentCharacteristic" = true RIM change, and the recent proposal to drop Security WG as a cosponsor of the EHR HIE Metadata Profile.
Next steps should include outreach by Security and CBCC WGs cochairs to MnM and EHR FM WG cochairs to resolve the apparent lack of coordination, including:
- John writing an email to EHR FM cochair Pat VanDyke, who requested a formally statement, that the Security WG intends to remain a cosponsor of the Metadata Profile project. Since the current Metadata profile ballot is not in alignment with the Security WG’s work, e.g., operations vocabulary, we may want to develop comments on that ballot.
- Letting Structured Documents thanking them for involving us; letting them know that we are willing to help, and will make this a top priority work item. They are going to ballot soon, so we need to coordinate timelines.
- RIM changes: We may want to ask the MnM cochairs for a presentation on the Core Principle change, and we may want to develop comments for that ballot as well.
We will continue to monitor these projects to ensure coordination.
- Tony: Conduct email outreach by listserve and personal e-mails to Security WG to make sure people sign up to vote on the Ontology
- John to follow up with EHR WG about Security’s interest in remaining cosponsor on EHR Metadata Profile project
- Suzanne to follow up regarding:
- Ioana presentation on the Data Segmentation (see 3/27 meeting minutes for detail)
- Start agenda template for May 2012 meeting
- Kathleen: Will follow up with material for Meaningful Use, RIM Issue, CDA R3 Tasks
Meeting adjourned at 10:55PST