This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 WGM May 2015 - Paris, France - Security WG - Minutes

From HL7Wiki
Jump to navigation Jump to search

Minutes from Security WG

Tuesday Q1

  • Attendees
    • Chaired by John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Jonathan Coleman
    • Clay Sebourn - Clay.Sebourn@emc.com
    • NOT! Princess Trish Williams - Co-Chair

Tuesday Q2

  • Attendees
    • Chaired by John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Jonathan Coleman
    • Clay Sebourn - Clay.Sebourn@emc.com
    • Trish Williams - Co-Chair
    • Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com
    • Comelia Felder - comelia.felder@roche.com
  • Privacy on FHIR - Jonathan Coleman
    • Presentation given
    • ONC and VA initiative to demonstrate Privacy on FHIR
    • Not an effort to create standards or guidance documentation
    • Using HCS, SLS, Ontology, DS4P, and consent
    • OpenID, OAuth2, UMA
  • Data Provenance IG - Jonathan Coleman
    • comments resolved awaiting final DSTU soon
  • FHIR Ballot triage

Tuesday Q3

  • FHIR Ballot triage continued

Tuesday Q4

lack of quorum, canceled

Wednesday Q2

  • Joint with SOA (hosted by SEC)
  • Attendees
    • Chaired by Trish Williams - Co-Chair,
    • John Moehrke - Co-Chair,
    • Alex Mense - Co-Chair,
    • Hideyuki Miyohara,
    • Clay Sebourn - Clay.Sebourn@emc.com,
    • Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com,
    • Vince McCauley (SOA Co-chair),
    • Stefano Lotti (SOA Co-Chair),
    • Zachary Huynh,
  • PASS Access Control.
    • Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.
  • Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
    • Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
      • Under a Platform Specific Model this would require specification of the security token platform?
      • RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes.
      • For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this.
      • PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc).
    • Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. This is a clarifier of the Platform Specific Model(discussed above)
  • Security will find lead (from those working on the problem). The project will not be created until the people are found.
  • PSS on Approved at TSC 12/05/2015
    • Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].

Wednesday Q3

  • Attendees
    • Chaired by John Moehrke - Co-Chair,
    • Trish Williams - Co-Chair
    • Alex Mense - Co-Chair
    • Miyohara, Hideyuki
    • Clay Sebourn
    • Kevin Shekleton
    • Grahame Grieve
    • Jonathon Coleman
    • Josh Mandel
    • David Hay
    • Peter Bernhardt
    • Corey Spears
    • Michael Donnelly
    • Simone Heckmann


Ballot reconciliation related to FHIR

  • Josh Mandel presented on Argonaut and SMART on FHIR
    • Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these?
    • SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/

Wednesday Q4

  • Attendees
    • Chaired by Trish Williams - Co-Chair
    • John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Clay Sebourn
    • Jonathon Coleman
    • Ken Salyards
    • Frederic Laroche
    • Lloyd McKenzie
    • Grahame Grieve
    • Paul Knapp
    • Michelle Miller
    • Guillaum Rossiana
    • Benoit Schoeffler
    • Corey Spears
  • Ballot reconciliation related to FHIR (continued)
  • Discussion on separation of consent from contract in FHIR to obtain clarity around how this will work.
  • CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share).
    • Disposition was voted on and approved.

Thursday Q1

  • Attendees:
    • Chaired by John Moehrke
    • Trish Williams - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Clay Sebourn
    • David Hay
    • Michael Donnelly
    • Kevin Shekleton
    • Grahame Grieve
    • Comelia Felder
    • Paul Lomayesva
    • Sadamu Takasaka
    • Masaaki Hirai
    • Peter Bernhardt.
  • Ballot comments related to FHIR (continued).
  • WG Administration and Health
    • Attendees: Trish Williams, Alex Mense, John Moehrke, Hideyuki Miyohara
    • WG Health in yellow with 4 outstanding items: M&C <2 yrs, SWOT < 3 yrs, Harmonisation participation, and 2014 TSC election.
      • Revised Mission and Charter (M&C). Proposal to accept Hideyuki Miyohara, seconded by Alex Mense. Approved 3/0/0
      • Revised SWOT. Proposal to accept by Alex Mense, seconded by Trish Williams. Approved 3/0/0
      • Harmonisation participation previously misnoted by call of Kathleen's attendance for SEC. Need to ensure at next meeting we email to give comments//no comment.
      • TSC election: We have been penalized all year for this. Next election in June-Aug - Co-chairs to ensure we cover and vote. TSC agreed to go to e-voting this next session.
      • Trish to manage notification to and approvals by HL7. M&C sent to FTSD 14/05/2015. SWOT sent to Anne Wizauer (HL7).
      • Weekly teleconference calls reconfirmed
      • Trish booked rooms for Oct WGM in Atlanta. Invited FHIR Wed Q3 and Thurs Q1. Accepted invites from CBCC for Mon Q3 & Q4.
Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_WGM_May_2015_-_Paris,_France_-_Security_WG_-_Minutes&oldid=100844"