This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "June 7, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
|-
 
|-
||  x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
+
||  .|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
||||x|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
+
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
|-
 
|-
||  .|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
+
||  X|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
Line 27: Line 27:
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
||||.|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
+
||||X|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
  
 
|-
 
|-
||  x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
+
||  .|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
 
||||.|| [mailto:robert.horn@agfa.com Rob Horn]  
 
||||.|| [mailto:robert.horn@agfa.com Rob Horn]  
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
Line 42: Line 42:
 
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
 
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
|-
 
|-
  
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
+
||||x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
 
|-
 
|-
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
Line 81: Line 81:
  
 
==Minutes==
 
==Minutes==
 +
Chaired by John
  
 +
-ApproveSecurity WG May 31, 2016 Minutes (deferred to next meeting)
  
*Approved-Security WG May 31, 2016 Minutes (John, Diana) (2/0/0)
 
*Minutes Approval (Diana, Kathleen, Mike Abstained) (2/1/0) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.
 
  
*Update on the PSAF Security Policy model - Mike
 
-Privacy policy representation shared
 
-methodology main model has privacy policy connected to composite policy
 
-Has authority rule consent directive--> Jurisdictional organization---> consent grantee-->consent Grantor
 
-Next Step: Continue developing the model, the text will continue to be in PSAF, and we will continue to develop the content with the trust relationships
 
 
*Standards Privacy Impact Assessment Cookbook - Rick
 
*Standards Privacy Impact Assessment Cookbook - Rick
-Continued work on diagrams align with other HL7 publications
+
-After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7.
-Working on diagrams to ensure they are easy to follow
+
Edited PSS to be shown to Security WG. CBCC voted to approve edited version on their 06/07/16 call.
-Will likely have complete by end of week
+
-PSS Advanced to technical steering committee to HL7 for e-vote
-Waiting on TSC for formal approval of PSS
+
-During the call they informed Rick they were concerned with the language in the scope section
(After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7.
+
-Concern it may impose a new requirement
Edited PSS to be shown to Security WG and vote requested to approve the edits.)
+
-Rick edited with new language (using Encouraged in the scope) the section of concern so it can appear more of a Guide
*PASS Access Control Services Conceptual Model - Diana
+
-Clarified the out of scope section to CBCC that it is up to the individual implementer to determine how to deal with the Privacy aspects
-On the Pass Access control service we are updating it with the comments
+
-Provided CBCC with references on Privacy design work of  OASIS Privacy design work, W3C, IETF, and ISO Privacy framework Standard
(3 min) PASS Audit Conceptual Model – Diana
 
-Waiting of TSC approval
 
 
 
*FHIR Security Call - John
 
- will be included next week
 
-FMG sent a questionair where do you think the maturity model resources is in need in the marketplace
 
-There are resources that are not maturing outside of committee. If we have resources that are not maturing, we are to notify FMG                                                                                                                                                                                                                                                                                                                         
 
- Kathleen: We have one issue with the entity agent
 
 
 
-Sending out a email to group to see who will participate in writing the pass audit services document, and will set up a call
 
*Action Items, next call agenda, adjornment
 

Latest revision as of 19:02, 14 June 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
. Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
X John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
x Mike Davis . Ioana Singureanu X Mohammed Jafari
. Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker x Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
. Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) ApproveSecurity WG May 31, 2016 Minutes
  3. (20 min) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.
  4. (20 min) Update on the PSAF Security Policy model - Mike
  5. (10 min) Standards Privacy Impact Assessment Cookbook - Rick
  • After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7.
  • Edited PSS to be shown to Security WG. CBCC voted to approve edited version on their 06/07/16 call.
  1. (3 min) PASS Access Control Services Conceptual Model - Diana
  2. (3 min) PASS Audit Conceptual Model – Diana
  3. (2 min) Action Items, next call agenda, adjornment

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

Chaired by John

-ApproveSecurity WG May 31, 2016 Minutes (deferred to next meeting)


  • Standards Privacy Impact Assessment Cookbook - Rick

-After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7. Edited PSS to be shown to Security WG. CBCC voted to approve edited version on their 06/07/16 call. -PSS Advanced to technical steering committee to HL7 for e-vote -During the call they informed Rick they were concerned with the language in the scope section -Concern it may impose a new requirement -Rick edited with new language (using Encouraged in the scope) the section of concern so it can appear more of a Guide -Clarified the out of scope section to CBCC that it is up to the individual implementer to determine how to deal with the Privacy aspects -Provided CBCC with references on Privacy design work of OASIS Privacy design work, W3C, IETF, and ISO Privacy framework Standard