July 24, 2012 Security Working Group Conference Call
Security Working Group Meeting
- Bill Braithwaite
- Kathleen Connor
- Mike Davis Security Cochair
- Suzanne Gonzales-Webb CBCC Cochair
- Ted Lesueur
- John Moehrke Security Cochair
- Pat Pyette
- (05 min) Roll Call, Approve June 19 Minutes and June 26 Minutes & Accept Agenda
- (10 min) Status on establishing new Security WG call times and review of ISO standards request – Trish Williams, Cochair
- (25 min) Update on submission of HL7 Security SOA Project Scope Statement to Foundation and Technology Steering Division and ballot status. Background: HL7 Security Service Oriented Architecture Domain Analysis Model (SSOA DAM) - Mike Davis
- (05 min) Report on approved July Harmonization Proposals – Kathleen Connor
- (05 min) Update on HL7 Privacy and Security Classification System Ballot submission
- (05 min) Other Business, Agenda for Next call, Action Items, and Wrap Up
- RE: Approval of Minutes and Agenda – Presiding Cochair, John Moehrke asked for approval of the minutes and agenda. Since Trish Williams did not make the call, the new call times and ISO standards request were dropped from the agenda. Plan to revisit at the Sept. WGM. Kathleen moved to approve minutes and amended agenda; Suzanne seconded. No further Discussion. Minutes and agenda approved (0-1-5).
- RE: Submission of HL7 Security SOA Project Scope Statement to Steering Division – Kathleen reported that FTSD approved SSOA PSS but required that it be submitted on the 2012 PSS form, which has more fields. FTSD recommended that the PSS explain that conformance to the SSOA DAM is via conformance to the underlying standards. WG reviewed updated form, agreed with change from normative to informative ballot type, and accepted the conformance statement. Kathleen moved and Pat seconded WG approval of revised SSOA PSS. No further Discussion. (0-0-6)
- RE: Report on approved July Harmonization Proposals – Kathleen reported that all 3 proposals were approved without change. These are now part of the HL7 RIM MIF files, but may not be updated in Sept. Ballot Vocabulary. New vocabulary will be included in HL7 Normative Edition 2013.
- RE: HL7 Privacy and Security Classification System (HCS) Ballot submission: Kathleen has until Sunday to get it in.
Kathleen provided update on progress. Most work is around harmonizing HCS terminology with that used in 10181-3 access control information (ACI) that the Initiator (aka Principal, Requester, Discloser) must assert or are otherwise available to the access control system (ACS) must match the Target (aka Object, Information Resource) ACI in order for the ACS to permit access.
WG discussed how to deal with short turn around on review of the HCS ballot material. John suggested that the WG could approve it, since it is a “for comment only” ballot if the document were clearly marked as a preliminary release. He requested that the document indicate that this is a “work-in-progress”, and that the WG anticipated making substantial changes based on ballot feedback and discussion at the Sept WGM. Pat recommended that Kathleen send it out for WG review ASAP, and request an online vote to affirm the WG tentative agreement. If the vote is affirmative, then Kathleen will submit on Friday EOD. If not, the ballot would not be submitted. Kathleen moved to approve; Pat seconded. Motion approved (0-0-6).
- RE: Other Business: Ted Lesueur, McKesson, introduced himself. He manages information security regulatory compliance for McKesson EHR products. Ted asked the WG about where he can find information on Security WG background, standards, and current projects. WG provided several suggestions including attending Security WG meetings at the upcoming Sept WGM. Ted will call Kathleen to get further details.
Meeting adjourned at 1:45 PM Eastern
- RE: HCS Ballot – Kathleen to send material to WG list per motion. If HCS ballot submission is approved, Kathleen will submit by Friday.
- RE: Kathleen to work with Lynn Laakso to get SSOA PSS on TSC agenda.
Documents for Discussion: Approved July Harmonization Proposals
- Approved PurposeOfUse Harmonization Proposal
- Approved ConfidentialityCode Technical Corrections
- Approved ActPrivacyPolicy Technical Correction