This wiki has undergone a migration to Confluence found Here

Jun 26, 2018 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair . Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Diana Proud-Madruga x Francisco Jauregui x Joe Lamy . Greg Linden
. Rhonna Clark . Grahame Grieve . Johnathan Coleman . [mailto: Matt Blackman, Sequoia]
. Mohammed Jafari . Jim Kretz . Peter Bachman x Dave Silver
. Beth Pumo . Bo Dagnall . Riki Merrick . [mailto: Julie Maas]

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of June 19, Security Call
  3. (5 min) GDPR whitepaper on FHIR- Alex, John, Kathleen
  4. (5 min) TF4FA Normative Ballot reconciliation - Mike, Chris
  5. (10 min) Audit reconciliation - Mike
  6. (15 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
  7. (05 min) Placeholder: HL7 WGM Baltimore planning

Back to Security Main Page

Meeting Minutes (DRAFT)

Chair: Chris Shawn

Approval of June 19, Security Call Meeting meetings (Motion: Suzanne/Joe Lamy) Oppose: none; abstain: none approve: 10

GDPR White paper on FHIR

  • No report

TF4FA Ballot Reconciliation

  • No report

PASS Audit Ballot Reconciliation

  • No report

TF4FA Trust Framework Volume 3

  • Sharing screen (Mike)
  • Ballot not yet reconciled
  • Working on Volume 3, plan is to have Volume 3 ready for September 2018 WGM and to ballot in January 2019
  • ONC is working toward the Trust Exchange Framework, trying to inform and consider the work that is going on in ONC
  • We have said there are three core elements of Trust needed for sharing, the volumes being produced are moving us in that direction
    • Trust in Identify, Trust in authorization/obligations, Trust in information itself (i.e. provenance of the information; its quality, voracity and trustworthiness)
    • we are trying to establish something to talk about--the work is in a conceptual level for ideas to bring ideas into volume 3-- which is Provenance and Audit. (we are looking at model from W3C diagram which brings together the notion of what provenance is.
    • an activity, that generates something i.e. a document (or entity-i.e. digital or physical or conceptual with fixed aspects), real or imaginary/generalized notion)
    • attributed to an agent which bears some responsibility... we are adopting its core concept--already adopted in GHIR, also adopted by w3c provenance and HL7 provenance have slight differences which we want to also harmonize (remember we are still at a conceptual level
    • the items on the lines was attributed to, was associated with, etc., are high level concepts that are auditable events.
    • we have provenance and audit represented here.
  • leveraging a notion of a federated domain (Volume 1), which is an agreement between two or more domains and their users, policies etc. the notion is that we know about that stuff we know there are lifecycle events,
    • we believe that all provenance can be described systematically by lifecycle events …; the lifecycle events can be seen as provenance events and they are also (lines connecting the provenance diagram) is the audit services
  • volume is changing week to week - currently in very draft form

DRAFT state as discussion continues

  • small group working on this and are getting to the point of what we'd like to add in the document. diagram 3/ the lifecycle event are connected directly connected to auditable events. A mechanism is needed to capture the lifecycle events as they occur (i.e. time) we can use the auditable events to capture and drag out the elements of provenance.
  • using CRUDE we can use those to map lifecycle events (an organizational concept)
  • of the 25 events - do we need all, subset? for provenance?
    • low medium high mapping
  • provenance provides information on authenticity, reliability, etc.
    • we've mapped different lifecycle events whether they impacted different events
    • some events were likely to be more useful that other events
    • depending on interest, conceptually trying to categorize event
  • also looking at the structure of volume 3 where we follow the structure of volume 1, 2 - so this would be a conceptual model for provenance
  • we connection conceptual to FHIR (not yet completed)
  • meeting to be set up in July to produce a draft for review for committee to be ready around the September meeting time and for ballot in January 2019

No comments or questions

Baltimore Meeting September 2018

  • No additions made to Agenda

Back to Security Main Page

Motion made to adjourn. Meeting ended at 1229 Arizona Time --Suzannegw (talk) 15:27, 26 June 2018 (EDT)

Back to Security Main Page