This wiki has undergone a migration to Confluence found Here
November 6, 2018 Security Conference Call
Jump to navigation
Jump to search
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
x | Diana Proud-Madruga | . | Johnathan Coleman | . | Francisco Jauregui | . | Joe Lamy | |||
. | Theresa Ardal Connor | . | Greg Linden | . | Grahame Grieve | . | Dave Silver | |||
. | Beth Pumo | x | Jim Kretz | . | Peter Bachman | . | Bo Dagnall |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Review and Approval of Minutes October 30, 2018
- (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
- (30 min) Review of Final Security Harmonization proposals
- Submission deadline at 12AM ET 11/6. Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.
- Policy Vocabulary spreadsheet
- Policy proposal
- Adding the v3 Policy codes to HL7 v2 Table 0717 for security labeling
- (5 min) GDPR whitepaper on FHIR Update - Alex
- No FHIR Security call update - John sends his regrets
Meeting Minutes
Meeting Chair - Kathleen
Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Vote: Objection: none; Abstain: none Approval: 8
PASS AUDIT Revision
- Unknown if ballot reconciliation sheet was ever uploaded to ballot site
- If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
- Unsure if withdrawals have been requested
- Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
- DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
- Kathleen's understanding was we were waiting on updates to the document
Harmonization proposals
- Tonight is when final proposals need to be in
- We have reviewed them all earlier
- Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
- Only a slight variation/change is needed to correct
- Reviewed a spreadsheet instead of word document
- It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
- Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
- Additional issue -
- under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
- SecurityPolicy(Security Policy)
- adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)
- under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.
- VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
- Opposed: none: abstention: none; Approve: 8
- Kathleen will submit today (tonight) with additional CUI changes
GDPR White Paper
- Low attendance, would like more people from EU
- Peter started discussion with POU which fits very nicely with current POU vocabulary definition
- Agreement during meeting that there is a difference in POU and purpose of processing
- Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
- Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
- (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - codes specifically not related to healthcare ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
- next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
- vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
- In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
- one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call care plan/care plan track
- next call on November 19 NEW TIME- at noon Eastern on Monday
Upcoming Connectathon
- Note: MiHIN is willing to join in the Montréal Connectathon
- finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.
Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST)
Temporary Recoding; https://fccdl.in/q8Ci7x2ZYP