This wiki has undergone a migration to Confluence found Here
June 6, 2017 Security Conference Call
Jump to navigation
Jump to search
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
- (15 min) Review and approval of Madrid Minutes Chair
- (30 min) HIMSS 2017 Debrief - Mike Davis
- (5 min) TF4FA Ballot Reconciliation update
- (5 min) FHIR Security Call - Please review front matter - John Moehrke
Minutes
- Chaired by Alex
- Agenda Approved
- Review and Approval of 23,_2017_Security_Conference_Call, deferred to next call Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
- Approved (Alex, Mike) Review and approval of Madrid Minutes
- HIMSS 2017 Debrief - Mike Davis
- Power Point was presented and the following were reviewed
- Three sets of Files of the HIMMS 2017 demonstration (based on Jan FHIR Connectathon were presented on behalf of HL7 (Shared with group, editable to add content)
- HIMMS definition of interaprability and vocabulary reviewed:
- FHIR on a foundation level (Cyber Security) allows data exchange
- Structural interporability is the structure of the data
- Cantara UMA and Java are included in the transport section
- Audit Providence are included in the resource description
- Health Care classification system provides the ability to input the security and privacy labels on the data
- CDA high level confidentiality restricted code/content based on HL7 Code set is included
- Obligations and Prohibition or re-disclosure of information is included
- Security standards of CBC groups relevent to FHIR included
- Soon trust framework will be able to be added
- Attribute based Access control should be used when defining role based access
- Rule is included to define the rules and the rules are managed by a rules engine
- Link to a youtube video is also provided in presentation to describe the presentation
- This year we showed how Patients can take control of their data
- Patients want choice, and HIPPA Auth allows patients to grant their choices and direct the covered entity and delivered it to requested location
- Part of the HIPPA law does not allow the patient to choose where to send their encrypted healthcare data
- OATH autherization server allows for provisions for the patient by providing the requesting organization with a token to grant access to patient data
- Kathleen shared the link of use cases to Duane to review prior to sharing with Security Work group ( Approved by Mike to share Demo)
- Clinical support system is able to read the protective conditions (eg: drug drug interactions), data is masked not redacted
- Security labeling Service allows searching and labeling feature for the patients conditions, and create privacy protective service of masking data
- (use case) Patient Consent on Research goes to a genomic data base and data warehouse
- Kathleen will schedule time for Duane to demonstrate to group
- Duane comment: Several organization participating in clinical workflow,
- Three organizations discussed in the demo
- VHA is the primary custodian
- MyHIN
- Veteran for Research (patient provides informed consent for genomic research), research organization can identify treatment, and informed consent can also be generated for the treatment
- Lab test can be seen and other data can be seen through the cascading OATH
- More will be discussed next week
- call adjourned