This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "July 12, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(15 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
|-
 
|-
||  || [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
+
||  x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
 
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
|-
 
|-
||  X|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
+
||  x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
Line 22: Line 22:
 
||  .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||  .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson]
 
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson]
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
+
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
      
 
      
 
|-
 
|-
Line 42: Line 42:
 
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
 
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
|-
 
|-
  
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
+
||||x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
 
|-
 
|-
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
Line 53: Line 53:
 
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
 
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
 
|-
 
|-
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
+
||  x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:russell.mcdonell@c-cost.com Russell McDonell]
 
||||.|| [mailto:russell.mcdonell@c-cost.com Russell McDonell]
 
||||.|| [mailto:paul.petronelli@gmail.com Paul Petronelli ], Mobile Health
 
||||.|| [mailto:paul.petronelli@gmail.com Paul Petronelli ], Mobile Health
Line 59: Line 59:
 
||  .|| [mailto:cdoss@ncat.edu Christopher Doss]
 
||  .|| [mailto:cdoss@ncat.edu Christopher Doss]
 
||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
||||.|| [mailto: TBD ]
+
||||x|| [mailto: David Staggs ]
 
|-
 
|-
 
|}
 
|}
Line 66: Line 66:
 
==Agenda '''DRAFT'''==
 
==Agenda '''DRAFT'''==
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 28, 2016 Minutes]
+
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 28, 2016 Minutes]  
 
# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike
 
# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike
# ''(10 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick
+
# ''(5 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick
# ''(3 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
+
# ''(5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana
# ''(3 min)'' '''PASS Audit Conceptual Model''' – Diana  
+
# ''(5 min)'' '''PASS Audit Conceptual Model''' – Diana  
 +
# ''(10 min)'' '''[http://wiki.hl7.org/index.php?title=Trust_Label#Block_Chaining HL7 Trust wiki Blockchain]''' updates and new '''[https://kantarainitiative.org/confluence/display/BSC/Home Kantara Blockchain & Smart Contracts Discussion Group]''', which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps.  [https://kantarainitiative.org/confluence/display/BSC/Calendar call information]
 
# ''(2 min)'' '''Action Items, next call agenda, adjournment'''
 
# ''(2 min)'' '''Action Items, next call agenda, adjournment'''
  
Line 77: Line 78:
  
 
==Minutes==
 
==Minutes==
 +
* Chaired by John Moehrke
 +
* Approve Security WG June 28, 2016 Minutes (Approved: Mike, Suzanne)
 +
* Update on the PSAF Security Policy model - Mike, Dave
 +
- Presentation was shared during the call:
 +
- Dave Sliver, Chris Shawn, and Mike Davis continued work on PSAF
 +
- Main Level includes Privacy Security material beginning with High level Trust Framework Policy
 +
- This Expand trust framework introducing trust policies, level assurance, trust certificates, and remainder modeling
 +
-Input Policies are dependent on Harmonization policy
 +
-Trust Framework would establish the elements of Trust supported by the contract
 +
- Could have two or more Domain names, each domain would have its own set of policies
 +
- Through Trust Framework there is a harmonization between each Domain
 +
-
 +
* Standards Privacy Impact Assessment Cookbook - Rick
 +
- The PSS was approved the TFC
 +
- Updating document Ballot based on comments from SW and CBCC
 +
- Document will be send out to both groups to review and comment and send back by Thursday COB
 +
- New comments will be incorporated to send out by Sunday Deadline to HL7
 +
 +
* PASS Access Control Services Conceptual Model - Diana
 +
- Completed all updates
 +
- reviewing doc
 +
- Expect to complete at the end of the week, will send out for final review to group
 +
- Obtain final confirmation from Barrett to withdraw negative vote
 +
-seeking to seeking publication by the end of July
 +
 +
* PASS Audit Conceptual Model – Diana
 +
- We have meetings on Wednesdays
 +
- Sent out Meeting invite to SOA, CBCC, and Security list serve
 +
- Set up a wiki site and in process of loading supporting docs in wiki and Gforge
 +
- Ken Ruben (SOA) sent out email to cochairs on cloud Survey
 +
 +
* HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information
 +
* Kathleen/Blockchain:
 +
- We've been following different Trust Framework
 +
- We have a Wiki page with the list of Trust Framework and efforts on Blockchain
 +
- ONC sent out a challenge/White Paper for Blockchain with implications on Health
 +
- New Kantara looking at usecases related to Health and Trust
 +
- New effort on patience owning data control
 +
- Smart contracts to enable health care consumers negotiating consent with providers and none covered    entities
 +
- Canada has a group that developed tools for Canadians to obtain info from different entities based
 +
- Monitoring these efforts and emerging approach to Trust and Provenance and Health information on validation and access
 +
- David: If you not a U.S. Federal Agency , you can still register a paper on Blockchain through the ONC announcement
 +
* Mike Davis Comments: It is a Providence approach, and would like to see how FHIR would be factored in the approach.
 +
- It is not like a digital signature, but rather verifying the info is correct and all the parties involved in the chain can verify he info is correct.
 +
- All Participants are responsible in the sharing of Data integrity
 +
- No one can change the record without all the approval of all stakeholders
 +
* John Moehrke's Comments: Once a Block chain has been signed, it would prevent any change in the Blockchain, much like digital signature. It is a public measure by the set of peers, who would explain what their signature means or what they agree or not agree with in the chain.
 +
- John has a White paper on the topic of Blockchain and included link in the chat, Kathleen will link it to the Trust link
 +
 +
Approvals:
 +
 +
* John: we received confirmation we are to approve cochairs for FTFP of Paul Map (John, and Kathleen approved)
 +
*  Kathleen:  Mike and Dave have been updating the policy driven architecture on Domain Analysis.  a paper by Sunday on PSAF
 +
- I submitted the PSAF document to on Sunday for September Ballot, waiting on confirmation
 +
- (Kathleen and Mike Approved)

Latest revision as of 19:16, 19 July 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
x Mike Davis . Ioana Singureanu X Mohammed Jafari
x Suzanne Gonzales-Webb x Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
. Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker x Christopher Shawn
. Oliver Lawless x Grahame Grieve . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya x [mailto: David Staggs ]

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Approve Security WG June 28, 2016 Minutes
  3. (10 min) Update on the PSAF Security Policy model - Mike
  4. (5 min) Standards Privacy Impact Assessment Cookbook - Rick
  5. (5 min) PASS Access Control Services Conceptual Model - Diana
  6. (5 min) PASS Audit Conceptual Model – Diana
  7. (10 min) HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information
  8. (2 min) Action Items, next call agenda, adjournment

Note that there will be a FHIR Security call at 5pm ET See agenda at FHIR Security Agenda

Minutes

  • Chaired by John Moehrke
  • Approve Security WG June 28, 2016 Minutes (Approved: Mike, Suzanne)
  • Update on the PSAF Security Policy model - Mike, Dave

- Presentation was shared during the call: - Dave Sliver, Chris Shawn, and Mike Davis continued work on PSAF - Main Level includes Privacy Security material beginning with High level Trust Framework Policy - This Expand trust framework introducing trust policies, level assurance, trust certificates, and remainder modeling -Input Policies are dependent on Harmonization policy -Trust Framework would establish the elements of Trust supported by the contract - Could have two or more Domain names, each domain would have its own set of policies - Through Trust Framework there is a harmonization between each Domain -

  • Standards Privacy Impact Assessment Cookbook - Rick

- The PSS was approved the TFC - Updating document Ballot based on comments from SW and CBCC - Document will be send out to both groups to review and comment and send back by Thursday COB - New comments will be incorporated to send out by Sunday Deadline to HL7

  • PASS Access Control Services Conceptual Model - Diana

- Completed all updates - reviewing doc - Expect to complete at the end of the week, will send out for final review to group - Obtain final confirmation from Barrett to withdraw negative vote -seeking to seeking publication by the end of July

  • PASS Audit Conceptual Model – Diana

- We have meetings on Wednesdays - Sent out Meeting invite to SOA, CBCC, and Security list serve - Set up a wiki site and in process of loading supporting docs in wiki and Gforge - Ken Ruben (SOA) sent out email to cochairs on cloud Survey

  • HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information
  • Kathleen/Blockchain:

- We've been following different Trust Framework - We have a Wiki page with the list of Trust Framework and efforts on Blockchain - ONC sent out a challenge/White Paper for Blockchain with implications on Health - New Kantara looking at usecases related to Health and Trust - New effort on patience owning data control - Smart contracts to enable health care consumers negotiating consent with providers and none covered entities - Canada has a group that developed tools for Canadians to obtain info from different entities based - Monitoring these efforts and emerging approach to Trust and Provenance and Health information on validation and access - David: If you not a U.S. Federal Agency , you can still register a paper on Blockchain through the ONC announcement

  • Mike Davis Comments: It is a Providence approach, and would like to see how FHIR would be factored in the approach.

- It is not like a digital signature, but rather verifying the info is correct and all the parties involved in the chain can verify he info is correct. - All Participants are responsible in the sharing of Data integrity - No one can change the record without all the approval of all stakeholders

  • John Moehrke's Comments: Once a Block chain has been signed, it would prevent any change in the Blockchain, much like digital signature. It is a public measure by the set of peers, who would explain what their signature means or what they agree or not agree with in the chain.

- John has a White paper on the topic of Blockchain and included link in the chat, Kathleen will link it to the Trust link

Approvals:

  • John: we received confirmation we are to approve cochairs for FTFP of Paul Map (John, and Kathleen approved)
  • Kathleen: Mike and Dave have been updating the policy driven architecture on Domain Analysis. a paper by Sunday on PSAF

- I submitted the PSAF document to on Sunday for September Ballot, waiting on confirmation - (Kathleen and Mike Approved)