This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "May 31, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "Back to Security Work Group Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! |- ...")
 
 
(One intermediate revision by one other user not shown)
Line 67: Line 67:
 
==Agenda '''DRAFT'''==
 
==Agenda '''DRAFT'''==
 
# ''( 5 min)'' '''Roll Call, Agenda Approval'''
 
# ''( 5 min)'' '''Roll Call, Agenda Approval'''
# ''( 5 min)'' '''Approve deferred [http://wiki.hl7.org/index.php?title=April_26,_2016_Security_Conference_Call Security WG April 26, 2016 Minutes] and [http://wiki.hl7.org/index.php?title=May_3,_2016_Security_Conference_Call Security WG May 3, 2016 Minutes]  
+
# ''( 5 min)'' '''Approve deferred [http://wiki.hl7.org/index.php?title=May_24,_2016_Security_Conference_Call#Minutes Security WG May 24, 2016 Minutes]
 
# ''(05 min)'' '''Approval of [http://wiki.hl7.org/index.php?title=May_2016_Montreal_WGM_-_Security May 2016 Montreal WGM - Security Minutes]'''
 
# ''(05 min)'' '''Approval of [http://wiki.hl7.org/index.php?title=May_2016_Montreal_WGM_-_Security May 2016 Montreal WGM - Security Minutes]'''
 
# ''(20 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike
 
# ''(20 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike
Line 78: Line 78:
  
 
==Minutes==
 
==Minutes==
*TBD - Cochaired
+
*Approved-Security WG May 31, 2016 Minutes (John, Diana) (2/0/0)
*Agenda approved by consensus. Minutes approval deferred.
+
*Minutes Approval (Diana, Kathleen, Mike Abstained) (2/1/0) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.
 +
 
 +
*Update on the PSAF Security Policy model - Mike
 +
-Privacy policy representation shared
 +
-methodology main model has privacy policy connected to composite policy
 +
-Has authority rule consent directive--> Jurisdictional organization---> consent grantee-->consent Grantor
 +
-Next Step: Continue developing the model, the text will continue to be in PSAF, and we will continue to develop the content with the trust relationships
 +
*Standards Privacy Impact Assessment Cookbook - Rick
 +
-Continued work on diagrams align with other HL7 publications
 +
-Working on diagrams to ensure they are easy to follow
 +
-Will likely have complete by end of week
 +
-Waiting on TSC for formal approval of PSS
 +
(After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7.
 +
Edited PSS to be shown to Security WG and vote requested to approve the edits.)
 +
*PASS Access Control Services Conceptual Model - Diana
 +
-On the Pass Access control service we are updating it with the comments
 +
(3 min) PASS Audit Conceptual Model – Diana
 +
-Waiting of TSC approval
 +
 
 +
*FHIR Security Call - John
 +
- will be included next week
 +
-FMG sent a questionnaire where do you think the maturity model resources is in need in the marketplace
 +
-There are resources that are not maturing outside of committee. If we have resources that are not maturing, we are to notify FMG                                                                                                                                                                                                                                                                                                                         
 +
- Kathleen: We have one issue with the entity agent
 +
 
 +
-Sending out a email to group to see who will participate in writing the pass audit services document, and will set up a call
 +
*Action Items, next call agenda, adjournment

Latest revision as of 18:26, 14 June 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair x Duane DeCouteau . Chris Clark
. John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
x Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp . Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
. Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve deferred Security WG May 24, 2016 Minutes
  3. (05 min) Approval of May 2016 Montreal WGM - Security Minutes
  4. (20 min) Update on the PSAF Security Policy model - Mike
  5. (5 min) Privacy Impact Assessment Cookbook Update - Rick
  6. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  7. ( 5 min) PASS Audit Conceptual Model – Diana

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

  • Approved-Security WG May 31, 2016 Minutes (John, Diana) (2/0/0)
  • Minutes Approval (Diana, Kathleen, Mike Abstained) (2/1/0) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.
  • Update on the PSAF Security Policy model - Mike

-Privacy policy representation shared -methodology main model has privacy policy connected to composite policy -Has authority rule consent directive--> Jurisdictional organization---> consent grantee-->consent Grantor -Next Step: Continue developing the model, the text will continue to be in PSAF, and we will continue to develop the content with the trust relationships

  • Standards Privacy Impact Assessment Cookbook - Rick

-Continued work on diagrams align with other HL7 publications -Working on diagrams to ensure they are easy to follow -Will likely have complete by end of week -Waiting on TSC for formal approval of PSS (After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7. Edited PSS to be shown to Security WG and vote requested to approve the edits.)

  • PASS Access Control Services Conceptual Model - Diana

-On the Pass Access control service we are updating it with the comments (3 min) PASS Audit Conceptual Model – Diana -Waiting of TSC approval

  • FHIR Security Call - John

- will be included next week -FMG sent a questionnaire where do you think the maturity model resources is in need in the marketplace -There are resources that are not maturing outside of committee. If we have resources that are not maturing, we are to notify FMG - Kathleen: We have one issue with the entity agent

-Sending out a email to group to see who will participate in writing the pass audit services document, and will set up a call

  • Action Items, next call agenda, adjournment