This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 19, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 69: Line 69:
 
# ''( 5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=April_12,_2016_Security_Conference_Call Security WG April 12, 2016 Minutes]
 
# ''( 5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=April_12,_2016_Security_Conference_Call Security WG April 12, 2016 Minutes]
 
# ''( 15 min)'' '''Discuss Lloyd's suggestion - See Discussion Items below.'''
 
# ''( 15 min)'' '''Discuss Lloyd's suggestion - See Discussion Items below.'''
# ''(10 min)'' '''Privacy & Security by Design/NOW Privacy Impact Assessment - update''' - Rick
+
# ''(10 min)'' '''Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook - update''' - Rick
#* Joint project meetings (ARB, CBCC, Security) held Tuesdays at 5 p.m. Eastern. [http://www.hl7.org/concalls/CallDetails.aspx?concall=30475 Meeting information and invite]
 
 
# ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
 
# ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
 
# ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana
 
# ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana
Line 78: Line 77:
 
Note that there will be a FHIR Security call at 2pm PT/5pm ET
 
Note that there will be a FHIR Security call at 2pm PT/5pm ET
 
See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-26-05 FHIR Security Agenda]
 
See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-26-05 FHIR Security Agenda]
 +
 
==Minutes==
 
==Minutes==
  

Revision as of 13:50, 19 April 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve Security WG April 12, 2016 Minutes
  3. ( 15 min) Discuss Lloyd's suggestion - See Discussion Items below.
  4. (10 min) Privacy & Security by Design/NOW Privacy Impact Assessment Cookbook - update - Rick
  5. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  6. ( 5 min) Joint Vocabulary Alignment Update - Diana
  7. ( 5 min) PASS Audit Conceptual Model – Diana
  8. ( 5 min) FHIR Security report out - John

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

Discussion Items

Suggestion from Lloyd on capturing potential Privacy and Security issues in FHIR: "One thing we could do is add a QA rule expecting a "Security & Privacy Considerations" section in the Notes area for each resource. It would be a "warning" rule, meaning that work groups could ask for it to be suppressed for a given resource if they determine that there are none. That would help prompt work groups to think about it and also ensure a consistent place for it to appear. (General security considerations about the use of FHIR, including the passages Kathleen highlighted should be handled in the "Security" section of FHIR, I think rather than interspersed on all of the different pages.) If the security WG thinks this is a good idea, perhaps they could put together some bullet points highlighting the types of considerations they'd like work groups to consider when filling out the section. My leaning would be to make this an FMM 3 issue as it probably makes sense for the resource design to stabilize a bit before expecting WGs to go through a full security/privacy analysis."

Minutes