This wiki has undergone a migration to Confluence found Here
Difference between revisions of "June 28, 2016 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
Line 68: | Line 68: | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
# ''(3 min)'' no minutes from last week as we continued CBCC topic on FHIR Consent | # ''(3 min)'' no minutes from last week as we continued CBCC topic on FHIR Consent | ||
+ | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=May_31,_2016_Security_Conference_Call Security WG May 31, 2016 Minutes] | ||
+ | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 14, 2016 Minutes] | ||
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_21,_2016_Security_Conference_Call#Minutes Security WG June 21, 2016 Minutes] | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_21,_2016_Security_Conference_Call#Minutes Security WG June 21, 2016 Minutes] | ||
# ''(15 min)'' '''Review and approval of [http://gforge.hl7.org/gf/download/docmanfileversion/9299/14461/2016Jul%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Purpose%20of%20Use.doc Initial July Additional POU code Harmonization Proposal]''' - Kathleen | # ''(15 min)'' '''Review and approval of [http://gforge.hl7.org/gf/download/docmanfileversion/9299/14461/2016Jul%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Purpose%20of%20Use.doc Initial July Additional POU code Harmonization Proposal]''' - Kathleen |
Revision as of 18:08, 28 June 2016
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
X | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Dave Silver | |||
x | Mike Davis | . | Ioana Singureanu | X | Mohammed Jafari | |||
x | Suzanne Gonzales-Webb | x | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
. | Rick Grow | . | Paul Knapp | . | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | x | Grahame Grieve | . | Serafina Versaggi | |||
. | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) no minutes from last week as we continued CBCC topic on FHIR Consent
- (3 min) Approve Security WG May 31, 2016 Minutes
- (3 min) Approve Security WG June 14, 2016 Minutes
- (3 min) Approve Security WG June 21, 2016 Minutes
- (15 min) Review and approval of Initial July Additional POU code Harmonization Proposal - Kathleen
- Already added to July Harmonization Update for VA use case [see link above]: Add HTEST [test health data] as a specializable code specializing HOPERAT [healthcare operations] Description: To perform one or more operations on information that is simulated or synthetic health data used for testing system capabilities outside of a production or operational system environment. Usage note: Data marked with a HTEST security label enables an access control system to permit interfacing systems or end users provisioned with a clearance, which includes a HTEST purpose of use attribute, to test, verify, or validate that a system or application will operate in production as intended based on design specifications.
- (15 min) Update on the PSAF Security Policy model - Mike
- (10 min) Standards Privacy Impact Assessment Cookbook - Rick
- (3 min) PASS Access Control Services Conceptual Model - Diana
- (3 min) PASS Audit Conceptual Model – Diana Kathleen asks whether review of audit in ISTPA and various Privacy Frameworks, FIPPs, EU Data Protection Regulation etc. such as [http://xml.coverpages.org/ISTPA-PrivacyManagementReferenceModelV20.pdf Privacy Management
- Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] and ISTPA Analysis of Privacy Principles: Making Privacy Operational have been added to landscape review.
- (10 min) How should 'test-data' be identified? Is this a legitimate use of security-tags?
- It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
- See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
- (10 min) De-Identification topics
- (2 min) Action Items, next call agenda, adjournment
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda