This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 26, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 71: Line 71:
 
# ''(5 min)'' '''Privacy Impact Assessment Cookbook Update''' - Rick
 
# ''(5 min)'' '''Privacy Impact Assessment Cookbook Update''' - Rick
 
# ''(10 min)'' '''Privacy & Security by Design - new project?''' - Mike
 
# ''(10 min)'' '''Privacy & Security by Design - new project?''' - Mike
 +
# ''(5 min)'' '''Healthcare Access Control Catalog''' - Mike/Suzanne/Rick
 
# ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
 
# ''( 5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
 
# ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana
 
# ''( 5 min)'' '''Joint Vocabulary Alignment Update''' - Diana
Line 104: Line 105:
  
 
-Privacy & Security by Design - new project? - Mike
 
-Privacy & Security by Design - new project? - Mike
 +
 +
-Healthcare Access Control Catalog
 +
 +
Approval to move forward with publication request made in CBCC meeting. See [[April_26,_2016_CBCC_Conference_Call]] 
  
 
-PASS Access Control Services Conceptual Model - Diana
 
-PASS Access Control Services Conceptual Model - Diana
 +
-There is only one negative vote
 +
-Diana sent Alex a message to withdraw his negative vote
 +
-Ballot Reconciliation package has all of Alex's comments and responses (located under Sept 2015 Ballot Package)
 +
-Changes will not be made until we confirm he is okay with the reconciliation
 +
-Action Item: Alex will reach out to him tomorrow
 +
-Action Item: Diana will send the direct link to Alex for the September 2015 Ballot Package.
 +
*Pass access control conception model:
 +
-Susan reached out, and DoD participant withdrew his negative vote
 +
-Only one negative vote remains outstanding (under Sept 2015 Ballot Package)
 +
-In the Reconciliation Package has all comments and responses with his negative vote
 +
-Diane will send Alex the direct link regarding the negative ballot
  
-Joint Vocabulary Alignment Update - Diana, Mike
+
Hot Topic: Joint Vocabulary Alignment Update - Diana, Mike
-Reid cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support
+
-Reed cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support
 
-Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity
 
-Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity
 +
-Mike proposed to Reed to look at the material we produced/capture to date and wrap up in one package and endorse that work between EHR and Security ( Work such as Definition life cycle event-terms, UNL Model with its link to providence and Security, and input on 1089 etc)
 +
-We would then be able to see what is useful for FHIR out of the material we currently completed
 +
-We should establish our position prior to the working group meeting with EHR
 +
 +
 +
*PASS Audit Conceptual Model – Diana
 +
-All the main work group SLA and sponsors with the PSS approved the final PSS
 +
-Daian sent to Paul Matt for the presentation to the steering division so it can become a final project
 +
  
-PASS Audit Conceptual Model – Diana
 
*Pass access control conception model
 
*Susan reached out, and DoD participant withdrew his negative vote
 
*Only one negative vote remains outstanding (under Sept 2015 Ballot Package)
 
*In the Reconciliation Package has all comments and responses with his negative vote
 
*Diane will send Alex the direct link regarding the negative ballot
 
  
( 5 min) FHIR Security report out - John
+
*FHIR Security report out - John
 +
-Described the difference between security label and purpose of use
 +
-Current Audit event stand as is
 +
-Kathleen has been working on vocabulary across resources and how it relates to current activities
 +
-

Latest revision as of 16:44, 2 June 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve Security WG April 19, 2016 Minutes
  3. (15 min) Security WGM Agenda May 2016 Montreal
  4. (5 min) Privacy Impact Assessment Cookbook Update - Rick
  5. (10 min) Privacy & Security by Design - new project? - Mike
  6. (5 min) Healthcare Access Control Catalog - Mike/Suzanne/Rick
  7. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  8. ( 5 min) Joint Vocabulary Alignment Update - Diana
  9. ( 5 min) PASS Audit Conceptual Model – Diana
  10. ( 5 min) FHIR Security report out - John

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

Chaired by Kathleen Connor - Approved Security WG April 19, 2016 Minutes (approved)

  • amended Diana section

- Security WGM Agenda May 2016 Montreal

    • Trust Framework, propose to discuss activities in the U.S.
  • HHS moved to discuss trust framework and issued a report
  • Trust framework activity involved numerous states in the U.S.
  • We have put together some concept around trust framework such as pass access control (not yet complete)
  • Would like to obtain opinions from Security WKG
  • The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains

-they want to communicate between Domains and share information between Domains -Policies for the communication between domains must be conveyed -if FHIR is useful it can be conveyed during run time -what is signed in advanced is an agreement to use the framework - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards

-Privacy Impact Assessment Cookbook Update - Rick

  • During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor
  • next step is to move to domain experts for their approval

-Privacy & Security by Design - new project? - Mike

-Healthcare Access Control Catalog

Approval to move forward with publication request made in CBCC meeting. See April_26,_2016_CBCC_Conference_Call

-PASS Access Control Services Conceptual Model - Diana -There is only one negative vote -Diana sent Alex a message to withdraw his negative vote -Ballot Reconciliation package has all of Alex's comments and responses (located under Sept 2015 Ballot Package) -Changes will not be made until we confirm he is okay with the reconciliation -Action Item: Alex will reach out to him tomorrow -Action Item: Diana will send the direct link to Alex for the September 2015 Ballot Package.

  • Pass access control conception model:

-Susan reached out, and DoD participant withdrew his negative vote -Only one negative vote remains outstanding (under Sept 2015 Ballot Package) -In the Reconciliation Package has all comments and responses with his negative vote -Diane will send Alex the direct link regarding the negative ballot

Hot Topic: Joint Vocabulary Alignment Update - Diana, Mike -Reed cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity -Mike proposed to Reed to look at the material we produced/capture to date and wrap up in one package and endorse that work between EHR and Security ( Work such as Definition life cycle event-terms, UNL Model with its link to providence and Security, and input on 1089 etc) -We would then be able to see what is useful for FHIR out of the material we currently completed -We should establish our position prior to the working group meeting with EHR


  • PASS Audit Conceptual Model – Diana

-All the main work group SLA and sponsors with the PSS approved the final PSS -Daian sent to Paul Matt for the presentation to the steering division so it can become a final project


  • FHIR Security report out - John

-Described the difference between security label and purpose of use -Current Audit event stand as is -Kathleen has been working on vocabulary across resources and how it relates to current activities -