This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

June 18, 2013 DS4P Analysis

From HL7Wiki
Jump to navigation Jump to search

Security Working DS4P Project Meeting

Back to Security Main Page


Back to Security Main Page


  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (10 min) Update on Model Driven Healthcare Tools –Ioana Singureanu
  3. (40 min) ONC DS4P IG Walk-through” – Mike Davis
  4. (05 min) Other Business

Meeting Minutes

Roll Call, Approve Minutes & Accept Agenda

Motion Moved Second Affirm Abstain Opposed

Approval of June 11 minutes|| Name of Mover

Name of Seconder




  • Ioana updated the project team on progress with CDA IG publication and training on MDHT for DS4P
  • Mike Davis led a walk-through of the ONC DS4P IG
  • John Moehrke made the following observations: Also discussed was the question of what exactly do we need to document vs just pointing the reader toward the IG for background. I do think that we need to cover the use-case in an abstract way that illuminates the specific needs that fall out of the DS4P constraints. These use-cases don’t need to be as specifically USA based, we can speak to the specific needs without bringing in the specific regulations. These specific needs are universal, so we shouldn’t unnecessarily constrain ourselves to USA regulations. The IG can stand in that place. For the constraints we need to be specific about:
    • a) What standards are we importing by reference (e.g. the XDM, or XDR, or CDA, etc.)
      • What vocabulary is required? Is it extensible?
    • b) What are the encoding rules, meaning what does a sender need to take care when encoding what they are sending?
    • c) What are the expected actions/behaviors of the receiver? Tied to vocabulary, content, policy, enforcement, etc.?
    • d) What are the exception pathways?[Note b, c, and d repeat as necessary.]
    • e) Any residual risks we haven’t fully covered – ala Security/Privacy Considerations – i.e., our Cookbook
  • Often this is where audit requirements are, environment requirements are spelled out, policy environment requirements, procedural requirements, user interface requirements, etc.

(Note that the above is the basic layout of the IHE Volume 2 materials. Clearly we need to own our own format, and meet our own needs. I just wanted to give credit for the experience) Other Business Plan to continue discussion of SPO conformance criteria on June 11 call. Adjourned

Action Items

Back to Security Main Page