This wiki has undergone a migration to Confluence found Here
Difference between revisions of "July 12, 2016 Security Conference Call"
Jump to navigation
Jump to search
| (13 intermediate revisions by 2 users not shown) | |||
| Line 7: | Line 7: | ||
!x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! | !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !! | ||
|- | |- | ||
| − | || || [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair | + | || x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair |
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau] | ||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau] | ||
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | ||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | ||
|- | |- | ||
| − | || | + | || x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair |
||||.|| [mailto:jc@securityrs.com Johnathan Coleman] | ||||.|| [mailto:jc@securityrs.com Johnathan Coleman] | ||
||||.|| [mailto:aaron.seib@2311.net Aaron Seib] | ||||.|| [mailto:aaron.seib@2311.net Aaron Seib] | ||
| Line 22: | Line 22: | ||
|| .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | || .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||
| − | |||| | + | ||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] |
|- | |- | ||
| Line 42: | Line 42: | ||
|| .|| [mailto:rgrow@technatomy.com Rick Grow] | || .|| [mailto:rgrow@technatomy.com Rick Grow] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
| − | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | || x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | ||
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||
| − | |||| | + | ||||x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] |
|- | |- | ||
|| .|| [mailto:oliver@lawless.co Oliver Lawless] | || .|| [mailto:oliver@lawless.co Oliver Lawless] | ||
| Line 53: | Line 53: | ||
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||
|- | |- | ||
| − | || | + | || x|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
||||.|| [mailto:russell.mcdonell@c-cost.com Russell McDonell] | ||||.|| [mailto:russell.mcdonell@c-cost.com Russell McDonell] | ||
||||.|| [mailto:paul.petronelli@gmail.com Paul Petronelli ], Mobile Health | ||||.|| [mailto:paul.petronelli@gmail.com Paul Petronelli ], Mobile Health | ||
| Line 59: | Line 59: | ||
|| .|| [mailto:cdoss@ncat.edu Christopher Doss] | || .|| [mailto:cdoss@ncat.edu Christopher Doss] | ||
||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
| − | |||| | + | ||||x|| [mailto: David Staggs ] |
|- | |- | ||
|} | |} | ||
| Line 66: | Line 66: | ||
==Agenda '''DRAFT'''== | ==Agenda '''DRAFT'''== | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
| − | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 28, 2016 Minutes] | + | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_14,_2016_Security_Conference_Call#Minutes Security WG June 28, 2016 Minutes] |
# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike | # ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike | ||
# ''(5 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick | # ''(5 min)'' '''Standards Privacy Impact Assessment Cookbook''' - Rick | ||
# ''(5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | # ''(5 min)'' '''PASS Access Control Services Conceptual Model''' - Diana | ||
# ''(5 min)'' '''PASS Audit Conceptual Model''' – Diana | # ''(5 min)'' '''PASS Audit Conceptual Model''' – Diana | ||
| − | # ''(10 min)'' '''[http://wiki.hl7.org/index.php?title=Trust_Label#Block_Chaining HL7 Trust wiki Blockchain] updates and | + | # ''(10 min)'' '''[http://wiki.hl7.org/index.php?title=Trust_Label#Block_Chaining HL7 Trust wiki Blockchain]''' updates and new '''[https://kantarainitiative.org/confluence/display/BSC/Home Kantara Blockchain & Smart Contracts Discussion Group]''', which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. [https://kantarainitiative.org/confluence/display/BSC/Calendar call information] |
| + | # ''(2 min)'' '''Action Items, next call agenda, adjournment''' | ||
| − | = | + | Note that there will be a FHIR Security call at 5pm ET |
| + | See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_security_topics#Agenda_and_Minutes FHIR Security Agenda] | ||
| − | ( | + | ==Minutes== |
| + | * Chaired by John Moehrke | ||
| + | * Approve Security WG June 28, 2016 Minutes (Approved: Mike, Suzanne) | ||
| + | * Update on the PSAF Security Policy model - Mike, Dave | ||
| + | - Presentation was shared during the call: | ||
| + | - Dave Sliver, Chris Shawn, and Mike Davis continued work on PSAF | ||
| + | - Main Level includes Privacy Security material beginning with High level Trust Framework Policy | ||
| + | - This Expand trust framework introducing trust policies, level assurance, trust certificates, and remainder modeling | ||
| + | -Input Policies are dependent on Harmonization policy | ||
| + | -Trust Framework would establish the elements of Trust supported by the contract | ||
| + | - Could have two or more Domain names, each domain would have its own set of policies | ||
| + | - Through Trust Framework there is a harmonization between each Domain | ||
| + | - | ||
| + | * Standards Privacy Impact Assessment Cookbook - Rick | ||
| + | - The PSS was approved the TFC | ||
| + | - Updating document Ballot based on comments from SW and CBCC | ||
| + | - Document will be send out to both groups to review and comment and send back by Thursday COB | ||
| + | - New comments will be incorporated to send out by Sunday Deadline to HL7 | ||
| + | |||
| + | * PASS Access Control Services Conceptual Model - Diana | ||
| + | - Completed all updates | ||
| + | - reviewing doc | ||
| + | - Expect to complete at the end of the week, will send out for final review to group | ||
| + | - Obtain final confirmation from Barrett to withdraw negative vote | ||
| + | -seeking to seeking publication by the end of July | ||
| − | + | * PASS Audit Conceptual Model – Diana | |
| + | - We have meetings on Wednesdays | ||
| + | - Sent out Meeting invite to SOA, CBCC, and Security list serve | ||
| + | - Set up a wiki site and in process of loading supporting docs in wiki and Gforge | ||
| + | - Ken Ruben (SOA) sent out email to cochairs on cloud Survey | ||
| − | + | * HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information | |
| + | * Kathleen/Blockchain: | ||
| + | - We've been following different Trust Framework | ||
| + | - We have a Wiki page with the list of Trust Framework and efforts on Blockchain | ||
| + | - ONC sent out a challenge/White Paper for Blockchain with implications on Health | ||
| + | - New Kantara looking at usecases related to Health and Trust | ||
| + | - New effort on patience owning data control | ||
| + | - Smart contracts to enable health care consumers negotiating consent with providers and none covered entities | ||
| + | - Canada has a group that developed tools for Canadians to obtain info from different entities based | ||
| + | - Monitoring these efforts and emerging approach to Trust and Provenance and Health information on validation and access | ||
| + | - David: If you not a U.S. Federal Agency , you can still register a paper on Blockchain through the ONC announcement | ||
| + | * Mike Davis Comments: It is a Providence approach, and would like to see how FHIR would be factored in the approach. | ||
| + | - It is not like a digital signature, but rather verifying the info is correct and all the parties involved in the chain can verify he info is correct. | ||
| + | - All Participants are responsible in the sharing of Data integrity | ||
| + | - No one can change the record without all the approval of all stakeholders | ||
| + | * John Moehrke's Comments: Once a Block chain has been signed, it would prevent any change in the Blockchain, much like digital signature. It is a public measure by the set of peers, who would explain what their signature means or what they agree or not agree with in the chain. | ||
| + | - John has a White paper on the topic of Blockchain and included link in the chat, Kathleen will link it to the Trust link | ||
| − | + | Approvals: | |
| − | + | * John: we received confirmation we are to approve cochairs for FTFP of Paul Map (John, and Kathleen approved) | |
| − | + | * Kathleen: Mike and Dave have been updating the policy driven architecture on Domain Analysis. a paper by Sunday on PSAF | |
| − | + | - I submitted the PSAF document to on Sunday for September Ballot, waiting on confirmation | |
| − | ( | + | - (Kathleen and Mike Approved) |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 19:16, 19 July 2016
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
| x | Mike Davis | . | Ioana Singureanu | X | Mohammed Jafari | |||
| x | Suzanne Gonzales-Webb | x | Rob Horn | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
| . | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
| x | Glen Marshall, SRS | . | Bill Kleinebecker | x | Christopher Shawn | |||
| . | Oliver Lawless | x | Grahame Grieve | . | Serafina Versaggi | |||
| x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
| . | Christopher Doss | . | Kamalini Vaidya | x | [mailto: David Staggs ] |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG June 28, 2016 Minutes
- (10 min) Update on the PSAF Security Policy model - Mike
- (5 min) Standards Privacy Impact Assessment Cookbook - Rick
- (5 min) PASS Access Control Services Conceptual Model - Diana
- (5 min) PASS Audit Conceptual Model – Diana
- (10 min) HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information
- (2 min) Action Items, next call agenda, adjournment
Note that there will be a FHIR Security call at 5pm ET See agenda at FHIR Security Agenda
Minutes
- Chaired by John Moehrke
- Approve Security WG June 28, 2016 Minutes (Approved: Mike, Suzanne)
- Update on the PSAF Security Policy model - Mike, Dave
- Presentation was shared during the call: - Dave Sliver, Chris Shawn, and Mike Davis continued work on PSAF - Main Level includes Privacy Security material beginning with High level Trust Framework Policy - This Expand trust framework introducing trust policies, level assurance, trust certificates, and remainder modeling -Input Policies are dependent on Harmonization policy -Trust Framework would establish the elements of Trust supported by the contract - Could have two or more Domain names, each domain would have its own set of policies - Through Trust Framework there is a harmonization between each Domain -
- Standards Privacy Impact Assessment Cookbook - Rick
- The PSS was approved the TFC - Updating document Ballot based on comments from SW and CBCC - Document will be send out to both groups to review and comment and send back by Thursday COB - New comments will be incorporated to send out by Sunday Deadline to HL7
- PASS Access Control Services Conceptual Model - Diana
- Completed all updates - reviewing doc - Expect to complete at the end of the week, will send out for final review to group - Obtain final confirmation from Barrett to withdraw negative vote -seeking to seeking publication by the end of July
- PASS Audit Conceptual Model – Diana
- We have meetings on Wednesdays - Sent out Meeting invite to SOA, CBCC, and Security list serve - Set up a wiki site and in process of loading supporting docs in wiki and Gforge - Ken Ruben (SOA) sent out email to cochairs on cloud Survey
- HL7 Trust wiki Blockchain updates and new Kantara Blockchain & Smart Contracts Discussion Group, which meets 2 times a week for .5 hour to develop Blockchain, Smart Contracts, and Ledger Technologies use cases and briefing paper recommending next steps. call information
- Kathleen/Blockchain:
- We've been following different Trust Framework - We have a Wiki page with the list of Trust Framework and efforts on Blockchain - ONC sent out a challenge/White Paper for Blockchain with implications on Health - New Kantara looking at usecases related to Health and Trust - New effort on patience owning data control - Smart contracts to enable health care consumers negotiating consent with providers and none covered entities - Canada has a group that developed tools for Canadians to obtain info from different entities based - Monitoring these efforts and emerging approach to Trust and Provenance and Health information on validation and access - David: If you not a U.S. Federal Agency , you can still register a paper on Blockchain through the ONC announcement
- Mike Davis Comments: It is a Providence approach, and would like to see how FHIR would be factored in the approach.
- It is not like a digital signature, but rather verifying the info is correct and all the parties involved in the chain can verify he info is correct. - All Participants are responsible in the sharing of Data integrity - No one can change the record without all the approval of all stakeholders
- John Moehrke's Comments: Once a Block chain has been signed, it would prevent any change in the Blockchain, much like digital signature. It is a public measure by the set of peers, who would explain what their signature means or what they agree or not agree with in the chain.
- John has a White paper on the topic of Blockchain and included link in the chat, Kathleen will link it to the Trust link
Approvals:
- John: we received confirmation we are to approve cochairs for FTFP of Paul Map (John, and Kathleen approved)
- Kathleen: Mike and Dave have been updating the policy driven architecture on Domain Analysis. a paper by Sunday on PSAF
- I submitted the PSAF document to on Sunday for September Ballot, waiting on confirmation - (Kathleen and Mike Approved)
