This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

January 24th, 2012 Security Working Group Conference Call

From HL7Wiki
Jump to navigation Jump to search

Security Working Group Meeting

Back to Security Main Page


Back to Security Main Page


  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) HL7 WGM wrap up and Action Items Mike Davis
  3. (15 min) Draft Work Plan - Security and Privacy Ontology
  4. (15 min) HL7 EHRS FM Action--Verb Hierarchy ppt
  5. (15 min) acquiring ISO Standards
  6. (5 min) Other Business

Meeting Minutes - DRAFT

Roll Call, Approve Minutes & Accept Agenda

Draft Work Plan - Security and Privacy Ontology

Please follow link:

HL7 EHRS FM Action--Verb Hierarchy
  • The attached HL7 EHR-S FM Action Verb hierarchy should be reviewed by Security and CBCC WGs.
    • They do not map to the Security Operations (CRUDE or the data operations code system).
    • They do not appear to align with the Security and Privacy Ontology.
  • Below are examples of potential issues:
    • Why would encrypt/decrypt be under the category of “Store” when those could be required for use and exchange as well.
    • The definition of TAG is “To UPDATE data by marking it for special use. For example, a nurse may TAG the previous week’s records for patients that presented with a severe cough and fever.” This might be useful for tagging for sensitivity, but needs to be thought through – why isn’t the data “tagged” when created rather than as an “update”?
    • RENDER and EXTRACT may be a “Disclosure” but that’s not differentiated.
    • AUDIT (revised) To TRACK system-initiated or user-initiated activities by analyzing logs based on policies or rules. For example, the system may automatically AUDIT the daily log for multiple-failed-logon-attempts. Another example is that an administrator may AUDIT the excessive use of extraordinary (i.e., “break-the-glass”) access to certain patient information in the Emergency Department. John already suggested that there should be a more general Event logging – and that Audit should be a specialization.

Request to publish Security and Privacy DAM DSTU FYI -- This was announced to the co-chairs and affiliate chairs for consideration back in October 2011, and the TSC tabled the motion to approve publication on Nov 7th anticipating a human-readable form of the DAM, another announcement is not needed. The tabled motion has been entered onto the TSC agenda on Monday January 30th. It's being tracked at TSC tracker # 2104. See for details.

  1. (5 min) Other Business

Action Items

Back to Security Main Page