This wiki has undergone a migration to Confluence found Here
Difference between revisions of "September 2016 Baltimore WGM - Security WG Agenda"
Jump to navigation
Jump to search
(18 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
[[http://www.hl7.org/documentcenter/public/calendarofevents/Baltimore_Onsite_v7.pdf On-Site Meeting Schedule & Hotel Guide] | [[http://www.hl7.org/documentcenter/public/calendarofevents/Baltimore_Onsite_v7.pdf On-Site Meeting Schedule & Hotel Guide] | ||
− | Minutes: [September 2016 Baltimore WGM - Security | + | Minutes: [http://www.hl7.org/documentcenter/public/wg/secure/minutes/2016-09-22_SEC_WGM_Minutes.rtf September 2016 Baltimore WGM - Security] |
[[Security|Back to Security Meetings]] | [[Security|Back to Security Meetings]] | ||
Line 58: | Line 58: | ||
* Approval of agenda | * Approval of agenda | ||
* International Report outs | * International Report outs | ||
− | * | + | * [http://gforge.hl7.org/gf/download/docmanfileversion/9376/14661/2017%20Draft%20Interoperability%20Standards%20Advisory-HL7%20Response%20Draft%20-%2020160907%20-%20Markup.docx ONC ISA Comments] - Consider resending and requesting that ONC give rationale for what is or is not adopted. Forward to PAC for Board review. |
+ | * Liaison Reports: ISO, IHE, ONC (HEART) | ||
* HL7 Project status and updates: | * HL7 Project status and updates: | ||
** Standards Privacy Impact Assessment (formerly: ''Privacy Impact Assessment and P&SbD'') | ** Standards Privacy Impact Assessment (formerly: ''Privacy Impact Assessment and P&SbD'') | ||
Line 71: | Line 72: | ||
| ||||Q2||11:00-12:30 | | ||||Q2||11:00-12:30 | ||
||'''Trust Framework Work Session''' | ||'''Trust Framework Work Session''' | ||
− | * Review Current Trust Framework Efforts: | + | *Review Current Trust Framework Efforts tracked in [http://wiki.hl7.org/index.php?title=Trust_Label Security Trust Library] |
− | ** Trust Framework Governance initiatives | + | *[http://gforge.hl7.org/gf/download/docmanfileversion/9383/14677/MIT%20MedRec%20ONC%20Blockchain%20Challenge.pdf A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data] |
− | + | *Trust Framework Governance initiatives | |
− | ** Perspective on Trust Framework requirements from various jurisdictions | + | *Trust Framework established and emerging standards including blockchain and smart contracts for dynamic trust frameworks |
− | + | *Trust and POU: [http://gforge.hl7.org/gf/download/docmanfileversion/9377/14662/Purpose%20of%20Use-20160918%20JMD.docx Refocus on POU functions in Trust, Privacy, and Security Policies, and how to capture in PSAF] | |
+ | *Perspective on Trust Framework requirements from various jurisdictions | ||
+ | *Action Items - e.g., could Security develop requirements, functional model, vocabulary etc. as part of PSAF. Potential FHIR Trust Policy? | ||
||Security | ||Security | ||
||Columbia | ||Columbia | ||
Line 81: | Line 84: | ||
|-valign="top" | |-valign="top" | ||
| ||||Q3||1:45-3:00 | | ||||Q3||1:45-3:00 | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
||'''Security WG Project Meeting''' | ||'''Security WG Project Meeting''' | ||
* FHIR AuditEvent, Provenance Resource | * FHIR AuditEvent, Provenance Resource | ||
** Outstanding CP Review | ** Outstanding CP Review | ||
− | * | + | *[http://gforge.hl7.org/gf/download/docmanfileversion/9384/14678/PSAF_R1_O1Amalgamated%20ballotcomments%202016SEP.xls PSAF Ballot Reconciliation] |
− | |||
||Security | ||Security | ||
+ | ||Columbia | ||
+ | |- | ||
+ | |-valign="top" | ||
+ | | ||||Q4||3:30 -5:00 | ||
+ | ||'''CBCC FHIR-I Joint on FHIR ConsentDirective''' | ||
+ | *[http://hl7-fhir.github.io/pcd/consentdirective.html FHIR Consent Directive work, resolution and IG creation] | ||
+ | ||CBCC | ||
||Columbia | ||Columbia | ||
|- | |- | ||
Line 102: | Line 101: | ||
|WED||SEP 21||Q1||9:00-10:30 | |WED||SEP 21||Q1||9:00-10:30 | ||
||'''Joint w/ EHR, CBCC, FHIR, SOA, Security''' | ||'''Joint w/ EHR, CBCC, FHIR, SOA, Security''' | ||
− | * FHIR | + | * FHIR server with the capability to enforce patient consent via a third-party authorization server (UMA) as well as enforcing overarching organizational Security Labeling Service (SLS)/Privacy Protective Service (PPS) services. The server modifies and labels the outgoing bundles on a dynamic per-request basis based on applicable patient consents as well as the overarching SLS and PPS rules (including the high-watermark label on the bundle). |
− | * Security WG FHIR STU3 Server http:// | + | * Security WG FHIR STU3 Server http://mhs.edmondsci.com:8080/fhir-uma-client-demo/ |
+ | *[http://gforge.hl7.org/gf/download/docmanfileversion/9385/14679/FHIR-Consent-UMA-20160919.pptx VA ONC Patient Choice Pilot FHIR Consent UMA Connectathon] | ||
||Security | ||Security | ||
||Constellation C | ||Constellation C | ||
Line 112: | Line 112: | ||
* Tentative Agenda Items: | * Tentative Agenda Items: | ||
** PASS Audit topics (joint w Security, CBCC, SOA) | ** PASS Audit topics (joint w Security, CBCC, SOA) | ||
− | ** Privacy and Security Architecture Framework [PSAF]and SOA PASS Conceptual Models | + | ** Privacy and Security Architecture Framework [PSAF] and SOA PASS Conceptual Models |
||SOA | ||SOA | ||
||Frederick | ||Frederick | ||
Line 121: | Line 121: | ||
*Review of all FHIR Security and Consent related guidance to ensure alignment with Security and CBCC WG positions [http://hl7-fhir.github.io/secpriv-module.html FHIR STU3 Security and Privacy Module] as this material was not previously reviewed or approved by the WGs. | *Review of all FHIR Security and Consent related guidance to ensure alignment with Security and CBCC WG positions [http://hl7-fhir.github.io/secpriv-module.html FHIR STU3 Security and Privacy Module] as this material was not previously reviewed or approved by the WGs. | ||
*FHIR Security Label Guidance - Align with HCS, co-occurrence constraint on Confidentiality, include trust and integrity security label vocabulary | *FHIR Security Label Guidance - Align with HCS, co-occurrence constraint on Confidentiality, include trust and integrity security label vocabulary | ||
− | * FHIR Privacy Impact and Security Risk Assessments | + | *FHIR Privacy Impact and Security Risk Assessments |
** For Infrastructure - e.g., versioning, updates, history and impact on persistence of security labels if required by policy | ** For Infrastructure - e.g., versioning, updates, history and impact on persistence of security labels if required by policy | ||
** By Resources - optional Privacy and Security Notes | ** By Resources - optional Privacy and Security Notes | ||
Line 135: | Line 135: | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan] | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9155/14164/Security%20CBCC%20Products%20and%20Projects%20May%202016.xlsx Current Project/Product status] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9155/14164/Security%20CBCC%20Products%20and%20Projects%20May%202016.xlsx Current Project/Product status] | ||
− | ** [http://gforge.hl7.org/gf/download/docmanfileversion/ | + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9381/14666/HL7%20Baltimore%202016%20Security%20WGM%20Governance%20and%20Health.pptx Security Health Report] |
||Security | ||Security | ||
||Room TBA | ||Room TBA | ||
Line 149: | Line 149: | ||
| ||||Q2||11:00-12:30 | | ||||Q2||11:00-12:30 | ||
||'''Security WG Project Meeting''' | ||'''Security WG Project Meeting''' | ||
− | * | + | * Nov Harmonization Proposals |
+ | **New Obligation to render human readable notices, such as Part 2 Redisclosure w/o Consent Prohibition | ||
** POU additions - HTEST, Research Consent POUs | ** POU additions - HTEST, Research Consent POUs | ||
** Research Consent Refrains, Obligations | ** Research Consent Refrains, Obligations |
Latest revision as of 06:09, 4 October 2016
September 2016 Security Working Group Meeting - Baltimore Maryland USA
[On-Site Meeting Schedule & Hotel Guide
Minutes: September 2016 Baltimore WGM - Security
Day | Date | Qtr | Time | Event | Session Leader | Room |
SUN | SEP 18 | Q1 | 9:00-10:30 | . | No Meeting | . |
Q2 | 11:00-12:30 | . | No Meeting | . | ||
Q3 | 1:45 -3:00 | . | No Meeting | . | ||
Q4 | 3:30 -5:00 | . | No Meeting | . | ||
MON | SEP 19 | Q1 | 9:00-10:30 | . | No Meeting | . |
Q2 | 11:00-12:30 | . | No Meeting | . | ||
Q3 | 1:45 -3:00 | Joint CBCC - Security
|
CBCC | Constellation F | ||
Q4 | 3:30 -5:00 | Joint with CBCC – New discussion items and projects
|
CBCC | Constellation F | ||
TUE | SEP 20 | Q1 | 9:00-10:30 | Opening Security WG Meeting
|
Security | Columbia |
Q2 | 11:00-12:30 | Trust Framework Work Session
|
Security | Columbia | ||
Q3 | 1:45-3:00 | Security WG Project Meeting
|
Security | Columbia | ||
Q4 | 3:30 -5:00 | CBCC FHIR-I Joint on FHIR ConsentDirective | CBCC | Columbia | ||
WED | SEP 21 | Q1 | 9:00-10:30 | Joint w/ EHR, CBCC, FHIR, SOA, Security
|
Security | Constellation C |
Q2 | 11:00-12:30 | Joint w/ SOA
|
SOA | Frederick | ||
Q3 | 1:45 -3:00 | Security WG Prep for THURs Q1 CBCC FHIR-I Joint
|
Security | Room TBA | ||
Q4 | 3:30 -5:00 | Security WG Project Meeting
|
Security | Room TBA | ||
THU | SEP 22 | Q1 | 9:00-10:00 | Security Joint with FHIR-I
|
Security | Room TBA |
Q2 | 11:00-12:30 | Security WG Project Meeting
|
Security | Room TBA | ||
Q3 | 1:45 -3:00 | . | ||||
Q4 | 3:30 -5:00 | . | No Meeting | . | ||
FRI | SEP 23 | Q1 | 9:00-10:30 | . | No Meeting | . |
Q2 | 11:00-12:30 | . | No Meeting | . | ||
Q3 | 1:45 -3:00 | . | No Meeting | . | ||
Q4 | 3:30 -5:00 | . | No Meeting |
Back to Security Wiki Meetings
Session Type: