July 21, 2015 Security WG Conference Call
Jump to navigation Jump to search
|x||Member Name||x||Member Name||x||Member Name|
|x||Mike DavisSecurity Co-chair||.||Duane DeCouteau||.||Chris Clark|
|x||John MoehrkeSecurity Co-chair||Johnathan Coleman||.||Aaron Seib|
|x||Alexander Mense Security Co-chair||.||Ken Salyards||x||Christopher Brown TX|
|.||Trish WilliamsSecurity Co-chair||.||Gary Dickinson||.||Tim McKay|
|x||Kathleen Connor||.||Ioana Singureanu||.||Mohammed Jafari|
|.||Suzanne Gonzales-Webb||.||Darrell Woelk||.||Galen Mulrooney|
|x||Diana Proud-Madruga||Grahame Grieve||.||William Kinsley|
|x||Rick Grow||Chethan Makoahalli||Lloyd McKenzie|
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve July 14 Meeting Minutes,
- ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
- (10 min) ACS model - Mike/Dave Silver
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PSAF Update - Kathleen
- ( 5 min) Status of Provenance and AuditEvent subcommittee -- Kathleen/John
- ( 25 min) FHIR Security Discussion Items ready for a Discussion
- 7752 2015May core #1073 - Replace value set with FHIR Signer Type value set (Kathleen Connor) Not Persuasive
- ( 5 min) FHIR -- Items asking for Policy statements, where recommend that no specific Policy statement be given.
- 7572 2015May core #863 - Explain business-specific details of update (Ioana Singureanu) None
- 7683 2015May core #974 - Add security guidance for 'read' (Ioana Singureanu) None
- 7685 2015May core #976 - Add authorization qualifier to 'vread' (Ioana Singureanu) None
- 7686 2015May core #977 - Add authorization qualifier to 'update' (Ioana Singureanu) None
- 7687 2015May core #978 - Add authorization qualifier to 'history' (Ioana Singureanu) None
- 7688 2015May core #979 - Add authorization qualifier to 'delete' (Ioana Singureanu) None
- 8165 2015May core #975b - Add authorization qualifier to 'read' (Ioana Singureanu) None
- ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
- Please send any agenda items to Suzanne
Approve July 14 Meeting Minutes
- The minutes from the July 14 meeting were unanimously approved.
PASS Access Control Conceptual Model (SOA) Update
- The PSS was approved by the SOA, Security and CBCC WGs, as well as the Foundation and Technology Steering Division (FTSD).
- It is now being reviewed by the TSC for final approval.
- Diana accepted a role as the publishing facilitator.
- The project team is currently going through the existing document (DSTU) and identifying areas where information on an Access Control Services functional model, obligations which directly affect privacy, and trust frameworks can be added.
Joint Vocabulary Alignment Update
- Diana is currently drafting a guide which identifies a process for creating dictionary definitions along with conformance rules for what definitions should look like. She will send this draft to the Vocabulary WG upon completion to ensure harmonization across HL7. This would support the project's effort to create satisfactory definitions for the EHR Record Lifecycle Events, implement the new definitions and rules in the ISO 21089 Trusted End-to-End Information Flows document, and bring it all back to HL7 for inclusion in this Joint Vocabulary Alignment standard.
- Kathleen met with Harry Rhodes (AHIMA). AHIMA has a project that could possibly leverage the PSAF model and provide use cases and verification of what the project participants are doing in the Provenance section of the model.
- Harry's interest would be mostly in the records management and evidentiary support section of the model where they are trying to find a way to provide guidance to the industry on how to track what happened to the information within one organization and as it goes through different lifecycles in a system, and then its lifespan as it goes through different systems (each one of these systems has a lifespan segment).
- Use cases focus on audit, and also the dilemma the healthcare community has with cut-and-paste (tracking the cut-and-paste, who did it, where the mistake happened) so as to better enable practitioners to use cut-and-paste in an accountable way and to put safety barriers around it so that alerts can be issued (with this instance of cut-and-paste, you duplicated something or only brought over half of the material).
Status of Provenance and AuditEvent subcommittee
- Kathleen and partners are creating a Provenance Event vocabulary which will bring in the EHR Lifecycle Events with the preliminary definitions (to hopefully be established as the final definitions), the data operations, and the codes that are already in Provenance Event.
- Diana sent the EHR, Security and Provenance terms alignment document that Mike created to Kathleen.
Meeting adjourned at 1259 PDT