This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

April 21st 2009 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Security Working Group Meeting

Attendees

  1. Steven Connolly
  2. Suzanne Gonzales-Webb CBCC Co-chair
  3. Russ Hamm
  4. Bob Horn
  5. Don Jorgensen
  6. Glen Marshall Security Co-chair
  7. Rob McClure
  8. John Moehrke
  9. Milan Petkovik
  10. Pat Pyette
  11. David Sperzel
  12. Richard Thoreson CBCC Co-chair
  13. Ioana Singureanu
  14. Tony Weida


Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (55 min) Object Vocabulary - Q&A Object Ontology ~ Steve Connolly

Note: Object List is a Normative spec published by ANSI in 2008

  1. Comments
    1. terms should not be deleted but deprecated with a note that states why the term is being changed (i.e. duplicate, substituted with another term)
    2. Descriptive types notes, summary, report - we had to determine if there were consistency in each of these types. if they are well defined descriptions then we will have to deal with them in another way. We will need to determine singular or plural form of an object and how we portray that. (current list is not consistent)
    3. 2a - terms lean toward verbiage that is common usage or possibly external code systems.
      1. OpenEHR object vocabulary: Clinical Investigator Record Ontology" spreadsheet
    4. another place to look would be in ActInformationCategory Code used in Canada and based on domain data. This would allow the information to blend. (X-type)
    5. recapture some of the original confidentiality code outside of HL7 and it would be useful if all healthcare objects have the same vector and have the same naming here.

We are labeling things toward the type of information. When you label something for confidentiality you are labeling content i.e. type of data Lab Result, content - low white blood cell count which may indicate a disease and limited people may view. This is where patient preference may enter. (Security vs confidentiality differences, align respresentations between the two despite the differences) (John/Glen) will be speaking offline

    1. Bolded information (add link from RBACObjectVocabulary.xls) is added to clarify information needed to protect rather that confusion with a process
    2. All objects have a level of sensitivity to them.


  1. not discussed, moved forward to next week Security Use Cases Ioana Singureanu/Steve Connolly
  2. (5 min) Other Business None

Action Items

Back to Meetings