April 19, 2011 Security Conference Call
Security Working Group Meeting
- Bill Braithwaite, MD
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Allen Hobbs
- Rob Horn
- Michelle Johnston
- Jim Kretz
- John Moehrke Security Co-chair
- Milan Petkovic
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) hData Risk Assessment
- (15 min) HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015” - John Moehrke
USA “Federal Health IT Strategic Plan: 2011-2015 e-mail from John Moehrke to Security Listserve I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”.
Specifically they have asked for our input on “Goal III: Inspire Confidence and Trust In Health IT” . I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations.
On Goal III: Inspire Confidence and Trust In Health IT, HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).
ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.
Note: The Deadline for comments as been extended two weeks (from this Friday), the HL7 Policy Advisory Committee has requested that we get them our feedback by WEDNESDAY so that they have time to integrate it.
PS. I have responded to Goal III on my blog. I am happy to offer any of it that the WG feels is useful.
ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy
This list is under construction:
- HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
- Implementation Guide for CDA Release 2.0 Privacy Consent Directive
- RBAC Permissions Catalog
- SAIF - Privacy, Access and Security Services (PASS)
- Access Control Service
- Healthcare Audit Services
- EHR Functional Model
- Transport Specification
- Transport Layer Security (TLS)