Minutes from Security WG

Overall Attendees

• Mike Davis mike.davis@va.gov
• John Moehrke john.moehrke@med.ge.com
• Alexander Mense alexander.mense@hl7.at
• Princess Trish Williams trish.williams@ecu.edu.au
• Duane DeCouteau ddecouteau@edmondsci.com
• Kathleen Connor Kathleen.connor@comcast.net
• Diana Proud-Madruga diana.proud-madruga@va.gov
• Dennis Patterson dennis.patterson@cerner.com
• Michael Donnelly michael.donnelly@epic.com
• Kevin Riley kevin.riley@infor.com
• Prareen Ekkati Praveen.Ekkati@infor.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Joshua Mendel childlens.harvard.edu
• Graham Grieve grahame@healthintersections.com.au
• Paul Knapp Pknapp@Pknapp.com
• Nancy Orvis nancy.j.orvis.civ@mail.mil
• Chris Shawn christopher.shawn2@va.gov
• Beth Pumo beth.pumo@kp.org
• Johnathan Coleman jc@securityrs.com

Tuesday Q1

Attendees:

• Mike Davis mike.davis@va.gov
• John Moehrke john.moehrke@med.ge.com
• Alexander Mense alexander.mense@hl7.at
• Princess Trish Williams trish.williams@ecu.edu.au
• Duane DeCouteau ddecouteau@edmondsci.com
• Kathleen Connor Kathleen.connor@comcast.net
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
• Chris Shawn christopher.shawn2@va.gov
• Beth Pumo beth.pumo@kp.org
• Johnathan Coleman jc@securityrs.com

Notes: Opening Security WG Meeting Introductions

• Agenda HL7 WGM JANUARY 2016 - Orlando, Florida USA Security WG
  • John/Trish: 10/0/0
• IHE Report
  • Advanced Patient Privacy Consents Profile -- will leverage CDA Consent Directive
  • Internet User Assertion (IUA) -- will leverage HEART OAuth profiles
• ISO Report
  • ???
• ONC - API taskforce
• HEART http://openid.bitbucket.org/HEART/
  • UMA
  • OAuth Scopes
  • Consent Receipt
• Healthcare Access Control Catalog
  • ballot reconcilliation done, just waiting on agreement
• FHIR Consent -- see us in Q3 at CBCC
• Workgroup responsibilities
  • Future work items (Trish action item)

Tuesday Q2

Attendees:

• Mike Davis mike.davis@va.gov
• John Moehrke john.moehrke@med.ge.com
• Alexander Mense alexander.mense@hl7.at
• Princess Trish Williams trish.williams@ecu.edu.au
• Duane DeCouteau ddecouteau@edmondsci.com
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Chris Shawn christopher.shawn2@va.gov
• Beth Pumo beth.pumo@kp.org

Notes:

• Security/EHR Verb/Provenance/Lifecycle Vocabulary
  • Work space Record Lifecycle, Security, Privacy, and Provenance Vocabulary Alignment
  • Struggling greatly
  • three months have produced 4 terms
  • Principle to find a good-enough definition, focus on describing the functionality,
  • Note IHE has published a White Paper on "Health Information Management". Written primarily by AHIMA individuals working within IHE. http://www.ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_WP_HITStdsforHIMPratices_Rev1.1_2015-09-18.pdf
• Worked on 3 year plan for Security WG

Tuesday Q3

Attendees:

• Mike Davis mike.davis@va.gov
• Princess Trish Williams trish.williams@ecu.edu.au
• Duane DeCouteau ddecouteau@edmondsci.com
• Kathleen Connor Kathleen.connor@comcast.net
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Chris Shawn christopher.shawn2@va.gov
• Diana Proud-Madruga diana.proud-madruga@va.gov

Security WG Project Meeting - Notes

• SOA Audit
  • Diana started PSS. Group worked on formulation of PSS in preparation for joint meeting with SOA Q2 Wed.

• Discussion on Future work items
  • Future security tutorials (free or paid) future planning?
    • New topic for tutorial would be to cover the security aspects of FHIR. This could cover the different resources:
    • Questionnaire, contract and C-CDA composition, security vocabularies supporting the labeling. To be considered for HL7 WGM Sept 2016 or May if possible. This would be a free tutorial. Kathleen will inquire about opportunities to deliver such tutorial close the the FHIR Connectathon.

• Workgroup Health
  • Email communication with TSC revealed that the WG is penalized for missing TSC election last year. This penalty applied to the workgroup health for the following 3 meetings.
  • Three-Year Plan last updated Sept 2012. To be updated at this meeting.
    • Trish updated Three-Year Plan in preparation for approval by WG.
  • Mission and Charter last updated May 2015
  • SWOT last updated May 2015
  • Decision Making Processes last updated Sept 2014
  • Post WGM Effectiveness Survey completed by Trish 13/01/2016
  • Room bookings for next WGM in May completed by Trish 13/01/2016

• Actions:
  • New Facilitator Publishing needs to be selected with the retirement of Mike Davis as Co-Chair. The HL7 Security Leadership page will need to be updated.
  • New Three-Year Plan to be circulated and approved by WG.
  • Next WGM (May) agenda to be posted to Wiki by 01 April 2016

Tuesday Q4

Attendees:

• Mike Davis mike.davis@va.gov
• Alexander Mense alexander.mense@hl7.at
• Princess Trish Williams trish.williams@ecu.edu.au
• Duane DeCouteau ddecouteau@edmondsci.com
• Kathleen Connor Kathleen.connor@comcast.net
• Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
• Chris Shawn christopher.shawn2@va.gov
• Beth Pumo beth.pumo@kp.org
• Don Jorgenson

Security WG Project Meeting Notes:

• Trust Framework
  • Establishing a level that exchange between two or more entities can communicate.
  • The current methods of common contract is inflexible and often technology specific. How this architecture applies to FHIR is (as yet) undetermined.
  • The negotiation of the policies can happen at run-time, but these are computer negotiated contract that drives the policy.
  • Using Trust Frameworks allows run time flexibility (and technology independent).

  -- possibly Conformance resource, linkage to Contract.

Wednesday Q1

Hosted by EHR

Wednesday Q2

Hosted by SOA

Wednesday Q3

Hosting FHIR

Wednesday Q4

Thursday Q1

Hosting FHIR

Thursday Q2