October 21, 2014 Security WG Conference Call
using GotoMeeting.com with ID of 667556909
|x||Member Name||x||Member Name||x||Member Name||x||Member Name|
|x||Mike DavisSecurity Co-chair||x||John MoehrkeSecurity Co-chair||.||Trish WilliamsSecurity Co-chair||.||Alexander Mense Security Co-chair|
|.||Chris Clark||x||Johnathan ColemanCBCC Co-Chair||x||Kathleen Connor||x||Duane DeCouteau|
|.||Reed Gelzer||x||Suzanne Gonzales-WebbCBCC Co-chair||x||Rick Grow||.||Ken Salyards|
|.||Mohammed Jafari||.||Don Jorgenson||x||Galen Mulrooney||.||Amanda Nash|
|.||Paul PetronelliMobile Health Security Co-chair||x||Diana Proud-Madruga||.||Harry Rhodes||.||Aaron Seib|
|.||Ioana Singureanu||.||Walter Suarez||.||Tony Weida||.||Paul PetronellimHealth Co-chair|
|.||Paul Knapp||.||Steve Hufnagel||.||Gary Dickinson||.||Tim McKay|
- (05 min) Roll Call, October 14 Meeting Minutes
- (15 min) FHIM S&P Information Model - Galen and Kathleen
- (05 min) Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne
- (10 min) Bringing SPO to SNOMED CT
- (10 min) PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana
- (10 min) Question on the FHIR Security Event sensitivity wrt to Security Labels
- (as time allows) FHIR disposition - review/discussion, ongoing agenda item
- separate call/additional time for Security/Privacy DAM revision/update (January Informative ballot, Security-SOA ballot)
- (05 min) Other business, action items, and adjournment
Approval of meeting minutes Meeting minutes for October 14 unanimously approved.
FHIM S&P Information Model - Galen and Kathleen
Galen Mulrooney presented a brief overview on the Federal Health Information Model (FHIM). Galen's intention is to move the modeling effort from the FHIM modeling team to the Security WG teleconferences, seeking Security's expertise on the code systems. John Moehrke requested that Galen create an itemized list of issues with the FHIM from which the Security WG can work.
Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne
Kathleen requested that Suzanne include the CBCC and Security WGs to the Thursday meeting with Paul Knapp at 4 p.m. Eastern.
Kathleen addressed the next steps for this portion of the project now that Paul has made the Contract Resource available on the FHIR continuous build site. These next steps include Kathleen's creation of four FHIR Consent Directive Profiles, all of which need proposals and new names (Kathleen has created placeholder names). The Contract Resource spreadsheet has 21 data elements that each need a consent directive. John Moehrke advised that individuals need to walk through the spreadsheet themselves and elaborate on the details.
Bringing SPO to SNOMED CT
The Security WG is currently lacking the resources to bring the SPO to SNOMED CT. Therefore, this activity is in a holding pattern for now.
PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana
The EHR Interoperability WG is still looking for an individual that can take the lead on this project. An invitation is out for members of the CBCC and Security WGs to lend their efforts to the project.
Question on the FHIR Security Event sensitivity with respect to Security Labels
John said: "Kathleen noticed that within the Security Event - a resource in FHIR that can be used for doing audit logging - when you describe an event and an object that was describing use of data, in the object description there is the sensitivity tag and it’s unclear, using today’s understanding of sensitivity, what one would do with this sensitivity value."
FHIR disposition - review/discussion, ongoing agenda item
No changes have been made. John looked at the “binary resources can be subverted for cross-site scripting” item, and says we need to craft a readable message and provide instructions on where the text should go, suggesting that all content pulled/pushed upon ingestion must be validated as being of the form expected. He wanted to know if Duane agreed or disagreed with this statement.
Meeting adjourned at 1800 PDT