Difference between revisions of "April 26, 2016 Security Conference Call"
(Created page with "Back to Security Work Group Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! |- ...") |
|||
(8 intermediate revisions by 3 users not shown) | |||
Line 67: | Line 67: | ||
==Agenda '''DRAFT'''== | ==Agenda '''DRAFT'''== | ||
# ''( 5 min)'' '''Roll Call, Agenda Approval''' | # ''( 5 min)'' '''Roll Call, Agenda Approval''' | ||
− | ''( 5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=April_19,_2016_Security_Conference_Call Security WG April 19, 2016 Minutes] | + | # ''( 5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=April_19,_2016_Security_Conference_Call Security WG April 19, 2016 Minutes] |
− | # ''(10 min)'' '''Privacy & Security by Design - | + | # ''(15 min)'' '''[http://wiki.hl7.org/index.php?title=May_2016_Montreal_WGM_-_Security_Agenda Security WGM Agenda May 2016 Montreal]''' |
− | # | + | # ''(5 min)'' '''Privacy Impact Assessment Cookbook Update''' - Rick |
+ | # ''(10 min)'' '''Privacy & Security by Design - new project?''' - Mike | ||
+ | # ''(5 min)'' '''Healthcare Access Control Catalog''' - Mike/Suzanne/Rick | ||
# ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | # ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | ||
# ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana | # ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana | ||
Line 77: | Line 79: | ||
Note that there will be a FHIR Security call at 2pm PT/5pm ET | Note that there will be a FHIR Security call at 2pm PT/5pm ET | ||
See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-26-05 FHIR Security Agenda] | See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-26-05 FHIR Security Agenda] | ||
+ | |||
+ | == Minutes == | ||
+ | Chaired by Kathleen Connor | ||
+ | - Approved Security WG April 19, 2016 Minutes (approved) | ||
+ | *amended Diana section | ||
+ | - Security WGM Agenda May 2016 Montreal | ||
+ | **Trust Framework, propose to discuss activities in the U.S. | ||
+ | *HHS moved to discuss trust framework and issued a report | ||
+ | *Trust framework activity involved numerous states in the U.S. | ||
+ | *We have put together some concept around trust framework such as pass access control (not yet complete) | ||
+ | *Would like to obtain opinions from Security WKG | ||
+ | *The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains | ||
+ | -they want to communicate between Domains and share information between Domains | ||
+ | -Policies for the communication between domains must be conveyed | ||
+ | -if FHIR is useful it can be conveyed during run time | ||
+ | -what is signed in advanced is an agreement to use the framework | ||
+ | - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. | ||
+ | -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange | ||
+ | -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime | ||
+ | -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards | ||
+ | |||
+ | -Privacy Impact Assessment Cookbook Update - Rick | ||
+ | *During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor | ||
+ | *next step is to move to domain experts for their approval | ||
+ | |||
+ | -Privacy & Security by Design - new project? - Mike | ||
+ | |||
+ | -Healthcare Access Control Catalog | ||
+ | |||
+ | Approval to move forward with publication request made in CBCC meeting. See [[April_26,_2016_CBCC_Conference_Call]] | ||
+ | |||
+ | -PASS Access Control Services Conceptual Model - Diana | ||
+ | -There is only one negative vote | ||
+ | -Diana sent Alex a message to withdraw his negative vote | ||
+ | -Ballot Reconciliation package has all of Alex's comments and responses (located under Sept 2015 Ballot Package) | ||
+ | -Changes will not be made until we confirm he is okay with the reconciliation | ||
+ | -Action Item: Alex will reach out to him tomorrow | ||
+ | -Action Item: Diana will send the direct link to Alex for the September 2015 Ballot Package. | ||
+ | *Pass access control conception model: | ||
+ | -Susan reached out, and DoD participant withdrew his negative vote | ||
+ | -Only one negative vote remains outstanding (under Sept 2015 Ballot Package) | ||
+ | -In the Reconciliation Package has all comments and responses with his negative vote | ||
+ | -Diane will send Alex the direct link regarding the negative ballot | ||
+ | |||
+ | Hot Topic: Joint Vocabulary Alignment Update - Diana, Mike | ||
+ | -Reed cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support | ||
+ | -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity | ||
+ | -Mike proposed to Reed to look at the material we produced/capture to date and wrap up in one package and endorse that work between EHR and Security ( Work such as Definition life cycle event-terms, UNL Model with its link to providence and Security, and input on 1089 etc) | ||
+ | -We would then be able to see what is useful for FHIR out of the material we currently completed | ||
+ | -We should establish our position prior to the working group meeting with EHR | ||
+ | |||
+ | |||
+ | *PASS Audit Conceptual Model – Diana | ||
+ | -All the main work group SLA and sponsors with the PSS approved the final PSS | ||
+ | -Daian sent to Paul Matt for the presentation to the steering division so it can become a final project | ||
+ | |||
+ | |||
+ | |||
+ | *FHIR Security report out - John | ||
+ | -Described the difference between security label and purpose of use | ||
+ | -Current Audit event stand as is | ||
+ | -Kathleen has been working on vocabulary across resources and how it relates to current activities | ||
+ | - |
Latest revision as of 16:44, 2 June 2016
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
Mike Davis | . | Ioana Singureanu | . | Mohammed Jafari | ||||
x | Suzanne Gonzales-Webb | . | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
x | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | . | [mailto | . | Serafina Versaggi | |||
x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve Security WG April 19, 2016 Minutes
- (15 min) Security WGM Agenda May 2016 Montreal
- (5 min) Privacy Impact Assessment Cookbook Update - Rick
- (10 min) Privacy & Security by Design - new project? - Mike
- (5 min) Healthcare Access Control Catalog - Mike/Suzanne/Rick
- ( 5 min) PASS Access Control Services Conceptual Model - Diana
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PASS Audit Conceptual Model – Diana
- ( 5 min) FHIR Security report out - John
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
Chaired by Kathleen Connor - Approved Security WG April 19, 2016 Minutes (approved)
- amended Diana section
- Security WGM Agenda May 2016 Montreal
- Trust Framework, propose to discuss activities in the U.S.
- HHS moved to discuss trust framework and issued a report
- Trust framework activity involved numerous states in the U.S.
- We have put together some concept around trust framework such as pass access control (not yet complete)
- Would like to obtain opinions from Security WKG
- The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains
-they want to communicate between Domains and share information between Domains -Policies for the communication between domains must be conveyed -if FHIR is useful it can be conveyed during run time -what is signed in advanced is an agreement to use the framework - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards
-Privacy Impact Assessment Cookbook Update - Rick
- During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor
- next step is to move to domain experts for their approval
-Privacy & Security by Design - new project? - Mike
-Healthcare Access Control Catalog
Approval to move forward with publication request made in CBCC meeting. See April_26,_2016_CBCC_Conference_Call
-PASS Access Control Services Conceptual Model - Diana -There is only one negative vote -Diana sent Alex a message to withdraw his negative vote -Ballot Reconciliation package has all of Alex's comments and responses (located under Sept 2015 Ballot Package) -Changes will not be made until we confirm he is okay with the reconciliation -Action Item: Alex will reach out to him tomorrow -Action Item: Diana will send the direct link to Alex for the September 2015 Ballot Package.
- Pass access control conception model:
-Susan reached out, and DoD participant withdrew his negative vote -Only one negative vote remains outstanding (under Sept 2015 Ballot Package) -In the Reconciliation Package has all comments and responses with his negative vote -Diane will send Alex the direct link regarding the negative ballot
Hot Topic: Joint Vocabulary Alignment Update - Diana, Mike -Reed cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity -Mike proposed to Reed to look at the material we produced/capture to date and wrap up in one package and endorse that work between EHR and Security ( Work such as Definition life cycle event-terms, UNL Model with its link to providence and Security, and input on 1089 etc) -We would then be able to see what is useful for FHIR out of the material we currently completed -We should establish our position prior to the working group meeting with EHR
- PASS Audit Conceptual Model – Diana
-All the main work group SLA and sponsors with the PSS approved the final PSS -Daian sent to Paul Matt for the presentation to the steering division so it can become a final project
- FHIR Security report out - John
-Described the difference between security label and purpose of use -Current Audit event stand as is -Kathleen has been working on vocabulary across resources and how it relates to current activities -