This wiki has undergone a migration to Confluence found Here
December 19, 2017 Security Conference Call
Jump to navigation
Jump to search
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | x | [1] | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of December 12, 2017 minutes
- (15 min) Security and Privacy DAM update review - Mike
- (10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen
- (5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn
- (15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
- (5 min) FHIR Security update Call later? - John Moehrke
Minutes
- Alex Mense chaired.
- Agenda informally approved.
- Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
- RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
- RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth presentation. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
- RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
- RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
- Security WG calls cancelled until January 9, 2018
- RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.
Meeting Materials
Updates to Is Privacy Obsolete Study Group Wiki
Meeting adjourned at 3:58 PM ET
