October 4, 2011 Security Conference Call
Security Working Group Meeting
Attendees
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair, absent
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Glen Marshall
- John Moehrke Security Co-chair
- Ken Salyards
- Richard Thoreson CBCC Co-chair
- Tony Weida
Agenda/Discussion:
Roll Call
‘No prior meeting minutes to approve at this time
As this is the first meeting back post the plenary meeting, it was suggested that Agenda items be compiled for more detailed discussion at the meeting. These items will compose the 10/11/2011 meeting agenda.
Inclusion of International Security Members
- Suggestion to updating call to set up at 12M q3rd week, confirm if an additional call or updating one call a week to new time.
Continuing of Security and Privacy Ontology work
- Assigned to Tony Weida, Ed Coyne (?)
Increase active role in ‘’Refactor of Confidentiality Codes’’ a CBCC-sponsored project
- Do we need to discuss during Security meeting or to continue discussion during CBCC meetings only?
- Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project)
- Answer the question: How are implementers supposed to use this? Proposing an obligation vocabulary which would contain metadata…obligation code would be: (see Mike’s paper for details) and see if a combination of this can be directed toward harmonization in March. (An identified pathway); intended to be joint work between CBCC and Security.
- ACTION ITEM: consider amending the refactor project scope or create a new project for the security portion. Where the obligations be carried will be different---they are a metadata of the transaction; further discussion (meta data vs. payload) needed. This piece is also missing from the Security-Privacy DAM. Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm. Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain. Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work. (ontology work—international or US realm? Currently restricting to US to start, but would like to expand to international)
EHR Functional Model
Assistance requested in closing the Security-related comments on the EHR Functional Model ballot; on how they want their catalog to be used. John Moehrke is looking for volunteers to walk through the public comments--to assist EHR WG dispose of these comments. Entails a few meetings, accept/modify the comments and return information to the EHR WG with results. Please contact: John Moehrke (Kathleen has volunteered to assist)
- Meta-data for EHR functional model; project on meta-data criteria for HIE
Presented to EHR WG but unsure if a formal project has been established. (Relation to HHS-ONC…xxx information.)
S&I Framework – (discussion item) overview report to make sure we are all on the same page with other work going on. Discussion of any overlap.
Data Segmentation (note there is call overlap, John Moehrke will be attending this call)
No other topics were brought up for discussion, meeting closed at 1100 PST / 1400 EST