This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

November 6, 2018 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page


Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui . Joe Lamy
. Theresa Ardal Connor . Greg Linden . Grahame Grieve . Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall

Back to Security Main Page


  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes October 30, 2018
  3. (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
  4. (30 min) Review of Final Security Harmonization proposals
  1. (5 min) GDPR whitepaper on FHIR Update - Alex
  • No FHIR Security call update - John sends his regrets

Meeting Minutes

Meeting Chair - Kathleen

Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Vote: Objection: none; Abstain: none Approval: 8


  • Unknown if ballot reconciliation sheet was ever uploaded to ballot site
    • If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
    • Unsure if withdrawals have been requested
  • Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
    • DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
    • Kathleen's understanding was we were waiting on updates to the document

Harmonization proposals

  • Tonight is when final proposals need to be in
  • We have reviewed them all earlier
    • Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
      • Only a slight variation/change is needed to correct
    • Reviewed a spreadsheet instead of word document
    • It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  • Additional issue -
    • under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
      • SecurityPolicy(Security Policy)
      • adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)

<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.

  • VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
    • Opposed: none: abstention: none; Approve: 8
    • Kathleen will submit today (tonight) with additional CUI changes

GDPR White Paper

  • Low attendance, would like more people from EU
  • Peter started discussion with POU which fits very nicely with current POU vocabulary definition
  • Agreement during meeting that there is a difference in POU and purpose of processing
    • Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
  • Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
  • (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - codes specifically not related to healthcare ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
  • next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
  • vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
  • In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
    • one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call care plan/care plan track
  • next call on November 19 NEW TIME- at noon Eastern on Monday

Upcoming Connectathon

  • Note: MiHIN is willing to join in the Montréal Connectathon
  • finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.

Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST)

Temporary Recoding;

Back to Security Main Page