This wiki has undergone a migration to Confluence found Here
Difference between revisions of "June 21, 2016 Security Conference Call"
Jump to navigation
Jump to search
(Created page with "Back to Security Work Group Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! |- ...") |
|||
(7 intermediate revisions by 3 users not shown) | |||
Line 15: | Line 15: | ||
||||.|| [mailto:aaron.seib@2311.net Aaron Seib] | ||||.|| [mailto:aaron.seib@2311.net Aaron Seib] | ||
|- | |- | ||
− | || | + | || .|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair |
||||.|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | ||||.|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | ||
||||.|| [mailto:cbrown@socialcare.com Christopher D Brown] TX | ||||.|| [mailto:cbrown@socialcare.com Christopher D Brown] TX | ||
Line 22: | Line 22: | ||
|| .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | || .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||
− | |||| | + | ||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver] |
|- | |- | ||
Line 31: | Line 31: | ||
|- | |- | ||
|| x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb] | || x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb] | ||
− | |||| | + | ||||x|| [mailto:robert.horn@agfa.com Rob Horn] |
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||
Line 40: | Line 40: | ||
|- | |- | ||
− | || | + | || .|| [mailto:rgrow@technatomy.com Rick Grow] |
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
− | |||| | + | ||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | || x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | ||
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||
− | |||| | + | ||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] |
|- | |- | ||
|| .|| [mailto:oliver@lawless.co Oliver Lawless] | || .|| [mailto:oliver@lawless.co Oliver Lawless] | ||
− | |||| | + | ||||x|| [mailto:grahameg@gmail.com Grahame Grieve] |
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||
|- | |- | ||
Line 68: | Line 68: | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 14, 2016 Minutes] | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 14, 2016 Minutes] | ||
− | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=May_31,_2016_Security_Conference_Call Security WG | + | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=May_31,_2016_Security_Conference_Call Security WG May 31, 2016 Minutes] |
− | # ''(10 min)'' '''Update on FHIR Test Scripts Discussion with Aegis''' -John | + | # ''(10 min)'' '''Update on FHIR Test Scripts Discussion with Aegis''' - Update from John. Kathleen to report on FM/Payer Connectathon Track proposals to include these. |
# ''(20 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike | # ''(20 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike | ||
# ''(10 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick | # ''(10 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick | ||
# ''(3 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | # ''(3 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | ||
− | # ''(3 min)'' '''PASS Audit Conceptual Model''' – Diana ''Kathleen | + | # ''(3 min)'' '''PASS Audit Conceptual Model''' – Diana ''Kathleen asks whether review of audit in ISTPA and various Privacy Frameworks, FIPPs, EU Data Protection Regulation etc. such as [http://xml.coverpages.org/ISTPA-PrivacyManagementReferenceModelV20.pdf Privacy Management |
− | Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] | + | Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] and [http://xml.coverpages.org/ISTPA-AnalysisOfPrivacyPrinciplesV2.pd ISTPA Analysis of Privacy Principles: Making Privacy Operational] have been added to landscape review.'' |
# ''(2 min)'' '''Action Items, next call agenda, adjornment''' | # ''(2 min)'' '''Action Items, next call agenda, adjornment''' | ||
Line 81: | Line 81: | ||
==Minutes== | ==Minutes== | ||
+ | ** Chaired by John | ||
+ | * Continued discussion from CBCC call on FHIR Consent. | ||
+ | ** See http://wiki.hl7.org/index.php?title=FHIR_Consent_-_Grahame%27s_model#signature | ||
+ | ** Conversation continues on the FHIR 'chat' tool at https://chat.fhir.org/#narrow/stream/implementers/topic/Consent | ||
+ | ** The base policy autherizes nothing, but can assemble exceptions to authorize data (John) | ||
+ | ** The Autherization is Opt in Opt out with restrictions or Opt out with Exceptions (Would be a permission) | ||
+ | ** The Base policy is the Null policy (John) | ||
+ | ** It is based on XAML |
Latest revision as of 18:57, 28 June 2016
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
X | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Dave Silver | |||
x | Mike Davis | . | Ioana Singureanu | X | Mohammed Jafari | |||
x | Suzanne Gonzales-Webb | x | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
. | Rick Grow | . | Paul Knapp | . | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | x | Grahame Grieve | . | Serafina Versaggi | |||
. | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG June 14, 2016 Minutes
- (3 min) Approve Security WG May 31, 2016 Minutes
- (10 min) Update on FHIR Test Scripts Discussion with Aegis - Update from John. Kathleen to report on FM/Payer Connectathon Track proposals to include these.
- (20 min) Update on the PSAF Security Policy model - Mike
- (10 min) Standards Privacy Impact Assessment Cookbook - Rick
- (3 min) PASS Access Control Services Conceptual Model - Diana
- (3 min) PASS Audit Conceptual Model – Diana Kathleen asks whether review of audit in ISTPA and various Privacy Frameworks, FIPPs, EU Data Protection Regulation etc. such as [http://xml.coverpages.org/ISTPA-PrivacyManagementReferenceModelV20.pdf Privacy Management
Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] and ISTPA Analysis of Privacy Principles: Making Privacy Operational have been added to landscape review.
- (2 min) Action Items, next call agenda, adjornment
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
- Chaired by John
- Continued discussion from CBCC call on FHIR Consent.
- See http://wiki.hl7.org/index.php?title=FHIR_Consent_-_Grahame%27s_model#signature
- Conversation continues on the FHIR 'chat' tool at https://chat.fhir.org/#narrow/stream/implementers/topic/Consent
- The base policy autherizes nothing, but can assemble exceptions to authorize data (John)
- The Autherization is Opt in Opt out with restrictions or Opt out with Exceptions (Would be a permission)
- The Base policy is the Null policy (John)
- It is based on XAML