This wiki has undergone a migration to Confluence found Here

May 26th 2009 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Security Working Group Meeting

==Attendees== (expected)

Agenda and Meeting Minutes DRAFT

WORK IN PROGRESS - not ready for acceptance

  1. (05 min) Roll Call
  2. (05 min) Approve Minutes & Accept Agenda
  3. (05 min) PASS Update, SAEF Project Update - Don Jorgenson
  • Process continues. Ioana has prepared some materials that are being worked into the charter.
  • Another week or two needed to create draft to circulate to group.
  • Building a concens and buy in for the charter is the most important task right now.
  • Note: Name change may be occuring. currently is SAEF….now: are looking for alternatives—looking at a greater scope (outside of services aware).
    • Name change will not affect the PASS project outcome.
  1. (15 min) White Paper - RBAC Permission Catalog Update Steve Connolly

In column E these are the functions from the EHR functional model, here we are mapping to the current permission catalog. 1.1.4 Produce a summary record of care is related to 2 things: discharge summary and transfer summary report. Those in blue are from the permission catalog; those in black are from the functional model.

The spreadsheet provides some value in giving us a standard by which we can tag the objects within the object vocabulary. That’s one requirement that it fulfills, it does not peg the object vocabulary to a clinical record vocabulary or process that say, SNOMED CT does. One the decision that I would like the workgroup to do is---if the adoption of the functional model does provide sufficient value, we can tie the object vocabulary to it- it indicates certain indications. Kathleen - there are different flavors of the EHR functional model—pediatric, etc…inpatient outpatient, etc… keep in mind that the EHR functional model you are using to do this mapping is very generic. If you tie the vocabulary mapping closely to this one model, there will be different workflows that are predominant in other workflows. The other functional models can be found conformance; this one (the current one you are mapping to) is the superset, if you look in the methodology, there are different flavors that are out there (care setting specific profiles, that is where these artifacts are there)

Rob – the need is to clarify those nuances we can go to those Kathleen – it makes sense to apply to the superset, but wanted to let everyone know of the other flavors There is a PHR functional model, separate from this one, also constraints-care setting profiles that are specific to specific care settings that might be implemented. Mike 0 what I’m gathering….neither LOINC or SNOMED CT have worked out. They are partial; essentially we’re saying that we’re not going to use them. Kathleen – is there a way to approach Mike – we’ve mapped these things to the functional model before, and we’ve found good conformance. We’re mapping arbitrary functions to another HL7 balloted model. We can find vocabularies for objects directly or indirectly. This is the minimum standard set. Glen – it’s also possible if we find the vocabulary insufficient, it’s able to amend the vocabulary in HL7 harmonization. If it’s not perfect, it should not be a barrier if the formula is in fact correct. Mike – we’re not trying to force a vocabulary into our set here. We have something to work on; it’s a finite exercise, Rob – you bring in a source that’s been vetted externally to the security specific use case, that’s why this set is greater value, in that these different requirements and use case provide a common way of describing things, and publish it for others to go look Mike – we don’t have standard definitions for these words, we’ve been putting definitions that come from all kinds of sources and that’s what adopted (little adhoc) Rob – as long as it follows a vetted approach, that’s a good, away as anyone else’s way. Steve – patient allergies in blue…there is not 100% conformance is that a priority importance Mike – that’s just editing. We started this exercise to get the terminologist to get us standardized vocabulary after several months we’ve found that this isn’t’ the case. We’re back to creating our own vocabulary… Rob – the needs that this group has, describes these kinds of objects that others haven’t had a need to do, without question there is an alignment that is really important to flush out, particularly around consent directives and privacy. At its core, it’s true. SNOMED CT or LOINC will not be able to provide a vocabulary for this kind of use. It makes sense that we do the work because we are the experts that understands it. Mike – create a vocabulary that we can ballot very soon. At the rate we’re going we’re not going to make it. It’s a version 2 where we have improved operations, improved operation vocabulary, the analysis that we have here and we have the privacy side is comfortable (actions, and operations) and if we have a requirements to also do financial as well (Kathleen can/give us assistance), we need to bring the financial vocabulary onto these calls. With respect to the XSPA calls we’re removed SNOMED CT from the documentation. Richard The ballot does not say how you will connect to these different kinds of codes i.e. SNOMED CT Mike – correct we cannot do that because it’s a mess. Richard – how will they do this then? Mike – I’m not planning to do that mapping, we’ll provided a numerated vocabulary that will allow people will use it, and how they use is not up to me. Rob – this is something we’ll have to discuss, simply stated the context of these elements did not line up well. (Context of use) there are some things that patients will use that will line up with these functions and systems that these create, it does not talk about HIV, but because of the context of use, they do not align. What we’ve determined the things that we needed for security to align, a combined security /privacy…these are two different of use. The alignment has Richard – context…security access control…the other privacy

  1. (15 min) Extending the Permission Catalog Extending the Permission Catalog Ioana Singureanu

Ioana – DAM analysis we’ve added a few other policies that map out to the privacy policy as well. Glen - Type designations or distinct diagram? Curious about the modeling aspect. Ioana - In addition to the privacy policy there will be an additional obligation policy. Are there specific attributes of a delegation policy that If the only thing different is the type – then the We may end up adding a policy type as an attribute, Mike – we’re basically following PMAC here, these do have…better represented by how Ioana has set up here Ioana – it may end up collapsing delegation, obligations, type or whatever…that’s how you can think of those added attribute. Part of the beauty of domain analysis. We’ve moved the moved the purpose of use to the privacy policy level, its ot specific to a rule but to….. The constraint catalog – what became apparent that some of the constraints listed were mapping out very closes to the class attributes that we have identify in the e-policy domain analysis (purpose, obligation, ) in the future it may be easier in the future to work on a common domain analysis in a more general way…to harmonize in the HL7 informational model. Those are the few changes. Describing an electronic privacy policy. There are specialization of privacy policies consists of one or more rules the rules association specific type of user and information and specifies who has control over some rule and grants to grantee or grantor. The stakeholder, may have opportunity to opt out of the rule depending on the policy, the grantee is the one who issues the policy. One of the things that became apparent from security point the structural role is less important than the functional role…it has been lumped into the user group. Kathleen – break the glass scenario…not okay for janitor to break glass, but it could be okay for another provider can. Ioana – the janitor would not belong to a certain user group… Mike – I only gave Ioana the top level of this group box. I have to give you the rest of that. There is more under that. Let’s just say that this is not complete… Ioana – the structural may still come into play Rob – a more structural …chief of department, they will pick up abilities. Mike – a class under this group which includes roles and you can have identifiers…that can identify functional or structural roles...whatever you want. Both of them have permissions, but the kinds of operations and objects that they are dealing with. Objects are much higher Kath – structural roles will be lumped together, subsets Mike – the group idea will get us to care team and things like that. We’re not making either on disappear; both are contained in this model. User groups have roles…types of groups would be functional and structural roles. Structural role is a role: Role identifier Role name Role description So under user group, we shouldn’t have functional user code, it would be the group name, group identifier and group description. Rob – do you want to force people…..?

Ioana – a user group contains several structural role, does not have a functional user code (i.e. direct care team as a role) Rob – role would have a code that is structural or functional Kathleen – that goes against the idea of constraining certain functional or structural roles to an idea Ioana – functional role is nurse, structural is Kathleen – types of nurses, per the policy could have permission to perform acts, when they put on the functional role of ER provider, author or different (functional role denote an act…responder, author…) the nurse would have a set of those per the organization policy. Mike – the structural role that someone has represent at a high level position, the name for the role is humanly understandable, something a patient would understand the concept of what they are talking about. The functional role is a collection of permission which is operations on objects those are collected into functional roles, there is not explicit relation between the structural and functional role except the structural role is a precursor of capabilities. Ioana Kathleen – if an organization has 3 structural roles, they are default assigning functional roles to them. Mike – that’s where the structural role is there to operate the workflow. The structural role is sufficient enough to form some function. Kathleen – if you tie a structural Ioana – as far as policies Glen – the implication was that as security administrator assigned a function role they should be aware of the implications of any of those assignments….what permissions are they giving, etc…they need a specialty security admin to filter though that Mike – I don’t’ think a patient will be able to relate to weave through the permissions.

  1. (15 min) Item3
  2. (5 min) Other Business

Action Items

Back to Meetings