This wiki has undergone a migration to Confluence found Here
Difference between revisions of "December 01, 2015 Security Conference Call"
Jump to navigation
Jump to search
| Line 93: | Line 93: | ||
'''Approve meeting minutes for November 24''' | '''Approve meeting minutes for November 24''' | ||
| − | Objections: none, Abstentions: none, Approval: | + | Objections: none, Abstentions: none, Approval: 12 |
| − | '''Healthcare Access Control Catalog''' | + | '''Healthcare Access Control Catalog''' - Update |
| − | Ballot voting begins on Friday | + | * Ballot voting begins on Friday |
* Document completed for ballot | * Document completed for ballot | ||
| − | Joint | + | '''Joint Vocabulary Alignment Update''' |
| − | *This AM looked at diagrams completed for vocabulary verbs | + | |
| − | **Reviewed changes made | + | * This AM looked at diagrams completed for vocabulary verbs |
| − | ** | + | ** Reviewed changes made |
| − | ** | + | ** Revisiting verb: "Received" |
| − | ** | + | ** The items looked at this AM are 80-90% complete |
| − | * | + | ** Other verbs are being diagramed |
| + | * Hoping by January 2016 meeting that 10 verbs will be completed (or mostly completed) | ||
'''PASS Access Control Conceptual Model''' | '''PASS Access Control Conceptual Model''' | ||
| − | * | + | |
| + | * Ballot reconciliation - all of the comments have been reviewed, resolutions provided | ||
* VA will be contacted to withdraw the negative vote | * VA will be contacted to withdraw the negative vote | ||
| − | * | + | * Still need to contact Bernd |
| − | * | + | * Need to contact DoD on adopting the VA comments, withdrawing/retracting their negative vote |
| − | * | + | * Changes from the resolutions will be added to the document |
| + | '''January WGM 2016, Orlando, Florida''' | ||
| − | + | Agenda Item topics: | |
| − | Agenda Item | + | |
| − | * FHIR Connect- | + | * FHIR Connect-a-thon work (before the WGM) |
| − | + | ''Monday'' - joint with CBCC | |
| − | + | ||
| − | * Interest on the approach | + | * Update on the FHIR Connect-a-thon |
| + | * Interest on the approach to privacy protection (Alex's student has written on this subject) - security risks to health | ||
** Alex will contact student to possibly have student join call | ** Alex will contact student to possibly have student join call | ||
** a look beyond what we normally look at ''beyond healthcare'' | ** a look beyond what we normally look at ''beyond healthcare'' | ||
| Line 129: | Line 133: | ||
''Tuesday'' | ''Tuesday'' | ||
| − | Tuesday Q3/Q4 - Access Control Catalog - ballot reconciliation; w/CBCC representative | + | |
| + | * Tuesday Q3/Q4 - Access Control Catalog - ballot reconciliation; w/CBCC representative | ||
''Wednesday'' | ''Wednesday'' | ||
| + | |||
* Q2 - Scheduling in PASS Access Control ballot reconciliation | * Q2 - Scheduling in PASS Access Control ballot reconciliation | ||
* Wednesday Q3 - Vocabulary Alignment w/EHR, CBCC representative, Security | * Wednesday Q3 - Vocabulary Alignment w/EHR, CBCC representative, Security | ||
| Line 141: | Line 147: | ||
#* approvals needed for proposals in changes | #* approvals needed for proposals in changes | ||
#* provide an outline, work on during summer in prep for May 2016 ballot | #* provide an outline, work on during summer in prep for May 2016 ballot | ||
| − | #* note that VA | + | #* note that VA folks will be not going to May/Canada meeting |
| − | |||
| − | Audit Service diagram <<add link>> | + | '''Audit Service diagram''' <<add link>> |
| − | Detailed walkthrough provided | + | Detailed walkthrough provided by Dave Silver |
Model was created such that it will render on a landscape page | Model was created such that it will render on a landscape page | ||
| − | + | Based on The Open Group mode of audit service which reflects other standards (tracing back to ISO standards) | |
# Audit event - something has happened somewhere (OS, processes, hardwired to | # Audit event - something has happened somewhere (OS, processes, hardwired to | ||
| − | ## creating an AuditEvent | + | ## creating an AuditEvent which pulls together configured raw data |
| − | ultimately an audit record is created (which we want to keep) | + | ## ultimately an audit record is created (which we want to keep) |
| − | + | ||
| + | Email Dave Silver (dsilver@electrosoft-inc.com) with any questions on the model. | ||
| − | Meeting Adjourned at 1400 | + | ''Meeting Adjourned at 1400 MST'' --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 16:04, 1 December 2015 (EST) |
Latest revision as of 15:43, 8 December 2015
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | Duane DeCouteau | . | Chris Clark | ||||
| John MoehrkeSecurity Co-chair | Johnathan Coleman | . | Aaron Seib | |||||
| x | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
| x | Kathleen Connor | . | Ioana Singureanu | Mohammed Jafari | ||||
| x | Suzanne Gonzales-Webb | Rob Horn | . | Galen Mulrooney | ||||
| x | Diana Proud-Madruga | Ken Rubin | x | William Kinsley | ||||
| x | Rick Grow | Paul Knapp | . | Debbie Bucci | ||||
| x | Glen Marshall, SRS | Bill Kleinebecker | x | Christopher Shawn | ||||
| Oliver Lawless | Rob Horn | Serafina Versaggi | ||||||
| x | Beth Pumo | Russell McDonell | Paul Petronelli , Mobile Health | |||||
| Christopher Doss | x | Kamalini Vaidya | [mailto: ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve November 24 Meeting Minutes
- ( 5 min) Healthcare Security and Privacy Access Control Catalog Update - Rick, Suzanne
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( min) FHIR Security report out - John
- ( 5 min) PASS Access Control Conceptual Model (SOA) ballot reconciliation Update - Diana, Don, Mike, Dave
- (10 min) Upcoming January WGM 2016 - Orlando, Florida - AGENDA ITEMS
- Update Preview of Audit Functional Model - Dave
- in future to update the PASS Audit
**New** FHIR Security Topics in support of FHIM Meeting Information: Tuesdays 2:00PM PT/5:00PM ET Phone: +1 770-657-9270, Participant Code: 994563 hosted by Security Web meeting Info: https://global.gotomeeting.com/join/520841173 Discussion includes: Security - Audit, Provenance, Labels, Signature
**New** Wednesday Consent on FHIR Topics ' 3:00PM PT/6:00 PM ET hosted by CBCC GoToMeeting information: https://global.gotomeeting.com/join/520841173 Phone: +1 770-657-9270, Participant Code: 994563
Meeting Minutes (DRAFT)
Approve meeting minutes for November 24
Objections: none, Abstentions: none, Approval: 12
Healthcare Access Control Catalog - Update
- Ballot voting begins on Friday
- Document completed for ballot
Joint Vocabulary Alignment Update
- This AM looked at diagrams completed for vocabulary verbs
- Reviewed changes made
- Revisiting verb: "Received"
- The items looked at this AM are 80-90% complete
- Other verbs are being diagramed
- Hoping by January 2016 meeting that 10 verbs will be completed (or mostly completed)
PASS Access Control Conceptual Model
- Ballot reconciliation - all of the comments have been reviewed, resolutions provided
- VA will be contacted to withdraw the negative vote
- Still need to contact Bernd
- Need to contact DoD on adopting the VA comments, withdrawing/retracting their negative vote
- Changes from the resolutions will be added to the document
January WGM 2016, Orlando, Florida
Agenda Item topics:
- FHIR Connect-a-thon work (before the WGM)
Monday - joint with CBCC
- Update on the FHIR Connect-a-thon
- Interest on the approach to privacy protection (Alex's student has written on this subject) - security risks to health
- Alex will contact student to possibly have student join call
- a look beyond what we normally look at beyond healthcare
- privacy protective security protective mechanisms (Glen, Alex, Kathleen)
- Kantara - tokens
Tuesday
- Tuesday Q3/Q4 - Access Control Catalog - ballot reconciliation; w/CBCC representative
Wednesday
- Q2 - Scheduling in PASS Access Control ballot reconciliation
- Wednesday Q3 - Vocabulary Alignment w/EHR, CBCC representative, Security
- Wednesday Q4 - ballot reconciliation; S&P Access Control Catalog
Also agenda time needed for:
- proposed audit standard for SOA (supported by Security), maybe WedQ2
- framework; FHIR provenance
- approvals needed for proposals in changes
- provide an outline, work on during summer in prep for May 2016 ballot
- note that VA folks will be not going to May/Canada meeting
Audit Service diagram <<add link>>
Detailed walkthrough provided by Dave Silver
Model was created such that it will render on a landscape page
Based on The Open Group mode of audit service which reflects other standards (tracing back to ISO standards)
- Audit event - something has happened somewhere (OS, processes, hardwired to
- creating an AuditEvent which pulls together configured raw data
- ultimately an audit record is created (which we want to keep)
Email Dave Silver (dsilver@electrosoft-inc.com) with any questions on the model.
Meeting Adjourned at 1400 MST --Suzannegw (talk) 16:04, 1 December 2015 (EST)
