This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "March 15, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 30: Line 30:
  
 
|-
 
|-
|| x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
+
||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
|||||| [mailto:mailto:robert.horn@agfa.com Rob Horn]  
+
||||x|| [mailto:robert.horn@agfa.com Rob Horn]  
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
  
Line 40: Line 40:
  
 
|-
 
|-
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
+
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
Line 83: Line 83:
  
 
= Minutes =
 
= Minutes =
Approve Security WG March 15 Minutes- Approved
+
#Kathleen chaired.  Approved Agenda and  [http://wiki.hl7.org/index.php?title=March_8,_2016_Security_Conference_Call Security WG March 8 Minutes]
 
+
#   Discuss any comments on Draft ISO 21089 Health informatics - Trusted (Mike)
Review
+
end-to-end information flows for submission by 215 National Member Bodies. Appendices include FHIR Record Lifecycle Event Implementation Guide from FHIR DSTU-2
#Discuss any comments on Draft ISO 21089 Health informatics Trusted (Mike)
+
*         Discussion on EHR WKGP/FHIR Record cycle events
end-to-end information flows for submission by 215 National Member Bodies.  
+
*         Comments were accepted by EHR WKG
Appendices include FHIR Record Lifecycle Event Implementation Guide from FHIR DSTU-2  
+
*         Based on FHIR second edition (Document was shared on screen)
* Discussion on EHR WKGP/FHIR Record cycle events
+
*         Review of Appendix A (Healthcare Interoperability Examples)
* Comments were accepted by EHR WKG
+
*         Comments, Mike:
*Based on FHIR second edition
+
**No copy right notices regarding HL7 Material 2) Appendix B Life Cycle Mta Data Capture; Rick and Mike reviewed and found the table to be confusing The W5 is highlighted
 
+
** Not clear what action or performers are recording Record Author User, or Record by Author User? Is this an action performer, needs further clarity by Gary.  
(Document was shared on screen)
+
**Question if Audit Event is a Column heading or description, the layout is not clear Note: Gary is creator of the table confirmed by Diana) difficulty understanding the table for W5 3) Appendix B, Questions on coding 4) to Change Record to Record life cycle event
 
+
**Note: The appendices were copied from the FHIR implementation guide
*Review of Appendix A (Healthcare Interoperability Examples)
+
Governance and IP concerns – Mike:
*Comments, Mike:
+
*Draft has been presented to U.S Tag TC215, which has only two members from HL7 Security WG
+
** Gary informed it has been submitted and HL7 does not have the right to comment but can see parts of the appendices
1) No copy right notices regarding HL7 Material
+
** Rick asked since HL7 is an ISO specification, HL7 should be able to participate?
2) Appendix B Life Cycle Mta Data Capture; Rick and Mike reviewed and found the table to be confusing
+
**Diana is waiting to hear from TC215 Secretary to obtain details on how Hl7 can participate
The W5 is highlighted
+
**According to Gary the appendicitis are copied from the FHIR implementation guide, part of DSTU- Diana
*the coding is not clear
+
**Initial ballot is in May, and Official Ballet is in July
*We were not clear on the action performers are recording Record Author User, or Record by Author User?  
+
*Action Item: (Kathleen) - Request review of governance concerns to HL7 Standards Governance Board and IP issues with Karen Van Hentenryck
Is this an action performer, needs further clarity by Gary.  
+
Mike moved to approve action item. Glen seconded. 9-0-0
3) Question if Audit Event is a Column heading or description, the layout is not clear
+
*Next Steps:
Note: Gary is creator of the table confirmed by Diana) difficulty understanding the table for W5  
+
*HL7 chairs would let him know we would appreciate more input (Mike)
3) Appendix B, Questions on coding  
+
#Review HL7 2017 ONC Interoperability Standards Advisory Cover Letter and HL7 2017 ONC Interoperability Standards Advisory draft recommendations.  WG had no new update, no new issues.
4) to Change Record to Record life cycle event  
+
#Health Care Privacy Security by Design – Rob Grow
* Note: The appendicitis were copied from the FHIR implementation guide  
+
**WG discussed ambiguities about the nature of the final deliverable, e.g. is it a conceptual model, a platform independent IG?  Item deferred until further discussion with ARB, and incorporation of input from Security WG wrt to actual deliverable.  Rick will send invite to that discussion to the WG.
 
+
#Joint Vocabulary Alignment Update Diana: Meetings will resume next week
Issues/Concerns, Mike:  
+
#PASS Access Control Conceptual Model – Diana:  Still waiting to hear back from Alex on the withdrawal of Bernd’s negative vote, will reach out to Alex
 
+
#PASS Audit Conceptual Model – Diana:  Functional Model is availableNew material: We have detailed requirements on high level audit requirements surrounding the service
*Draft has been presented to TC215 Group
+
1.    FHIR Security report out - John
*From the U.S Tag TC215 there are 2 member
+
*         Approvals of CP's
*Gary informed it has been submitted and HL7 does not have the right to comment but can see parts of the appendices
+
*         Approved CPS are updates
*Hl7 is an ISO specification, HL7 should be able to participate (Rick)
+
*         Signature is now in discussion
*Diana is waiting to hear from TC215 Secretary to obtain details on how Hl7 can participate  
 
*According to Gary the appendicitis are copied from the FHIR implementation guide, part of DSTU- Diana  
 
*initial ballot is in May, and Official Ballet is in July
 
*Remedy is to remove material
 
*Content issue can be addressed with tag
 
 
 
Action Item: (Kathleen, )
 
*Bring up to FHIR Management Governance board with HL7
 
*Provide them highlights of concerns
 
*Have them reviewed and make a motion
 
 
 
Motion (s) :  2 approve/ 1 abstain
 
 
 
1)As a group to speak to notify Karen Vann voicing Governance Concerns
 
  and provide recommendations and comments
 
2) Security Co-Chairs to notify Johnathan regarding the tables and obtain recommendation
 
 
 
 
 
Next Steps:  
 
*HL7 chairs would let him know we would appreciate more input (Mike)  
 
*Security work group has a item to review the tags
 
*harmonization action to improve the existing lifecycle vocab
 
*if that was done the FHIR can then take that Lifecycle vocab
 
Note: The life cycle audit event that has a lifecycle element is Diacom
 
 
 
#Review HL7 2017 ONC Interoperability Standards Advisory Cover Letter and HL7 2017 ONC Interoperability Standards Advisory draft recommendations  
 
* no new update, no new issues (John)
 
#Health Care Privacy Security by Design
 
* deferred until further discussion
 
*invite to be sent to group
 
 
#Joint Vocabulary Alignment Update - Diana
 
* meetings will resume next week
 
 
 
#PASS Audit Conceptual Model – Diana
 
*waiting to hear back from Alex on the withdrawal of the negative vote, will reach out to Alex
 
*Functional Model is available  
 
*New material: We have detailed requirements on high level audit requirements surrounding the service  
 
#FHIR Security report out - John
 
*Approvals of CP's
 
*Approved CPS are updates
 
*Signature is now in discussion
 

Latest revision as of 19:12, 22 March 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson . Dave Silver
x Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb x Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . ... . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve Security WG March 8 Conference Call Minutes
  3. (10 min) Discuss any comments on Draft ISO 21089 Health informatics — Trusted

end-to-end information flows for submission by 215 National Member Bodies. Appendices include FHIR Record Lifecycle Event Implementation Guide from FHIR DSTU-2

  1. (10 min) Review HL7 2017 ONC Interoperability Standards Advisory Cover Letter and HL7 2017 ONC Interoperability Standards Advisory draft recommendations
  2. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  3. ( 5 min) Joint Vocabulary Alignment Update - Diana
  4. ( 5 min) PASS Audit Conceptual Model – Diana
  5. ( 5 min) FHIR Security report out - John
    • Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

  1. Kathleen chaired. Approved Agenda and Security WG March 8 Minutes
  2. Discuss any comments on Draft ISO 21089 Health informatics - Trusted (Mike)

end-to-end information flows for submission by 215 National Member Bodies. Appendices include FHIR Record Lifecycle Event Implementation Guide from FHIR DSTU-2

  • Discussion on EHR WKGP/FHIR Record cycle events
  • Comments were accepted by EHR WKG
  • Based on FHIR second edition (Document was shared on screen)
  • Review of Appendix A (Healthcare Interoperability Examples)
  • Comments, Mike:
    • No copy right notices regarding HL7 Material 2) Appendix B Life Cycle Mta Data Capture; Rick and Mike reviewed and found the table to be confusing The W5 is highlighted
    • Not clear what action or performers are recording Record Author User, or Record by Author User? Is this an action performer, needs further clarity by Gary.
    • Question if Audit Event is a Column heading or description, the layout is not clear Note: Gary is creator of the table confirmed by Diana) difficulty understanding the table for W5 3) Appendix B, Questions on coding 4) to Change Record to Record life cycle event
    • Note: The appendices were copied from the FHIR implementation guide

Governance and IP concerns – Mike:

  • Draft has been presented to U.S Tag TC215, which has only two members from HL7 Security WG
    • Gary informed it has been submitted and HL7 does not have the right to comment but can see parts of the appendices
    • Rick asked since HL7 is an ISO specification, HL7 should be able to participate?
    • Diana is waiting to hear from TC215 Secretary to obtain details on how Hl7 can participate
    • According to Gary the appendicitis are copied from the FHIR implementation guide, part of DSTU- Diana
    • Initial ballot is in May, and Official Ballet is in July
  • Action Item: (Kathleen) - Request review of governance concerns to HL7 Standards Governance Board and IP issues with Karen Van Hentenryck

Mike moved to approve action item. Glen seconded. 9-0-0

  • Next Steps:
  • HL7 chairs would let him know we would appreciate more input (Mike)
  1. Review HL7 2017 ONC Interoperability Standards Advisory Cover Letter and HL7 2017 ONC Interoperability Standards Advisory draft recommendations. WG had no new update, no new issues.
  2. Health Care Privacy Security by Design – Rob Grow
    • WG discussed ambiguities about the nature of the final deliverable, e.g. is it a conceptual model, a platform independent IG? Item deferred until further discussion with ARB, and incorporation of input from Security WG wrt to actual deliverable. Rick will send invite to that discussion to the WG.
  1. Joint Vocabulary Alignment Update – Diana: Meetings will resume next week
  2. PASS Access Control Conceptual Model – Diana: Still waiting to hear back from Alex on the withdrawal of Bernd’s negative vote, will reach out to Alex.
  3. PASS Audit Conceptual Model – Diana: Functional Model is available. New material: We have detailed requirements on high level audit requirements surrounding the service

1. FHIR Security report out - John

  • Approvals of CP's
  • Approved CPS are updates
  • Signature is now in discussion