This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 14, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by one other user not shown)
Line 12: Line 12:
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
||||x|| [mailto:drs@securityrs.com David Staggs]
+
||||.|| [mailto:drs@securityrs.com David Staggs]
 
||||x|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
 
||||x|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
 
|-
 
|-
Line 54: Line 54:
 
==Agenda '''DRAFT'''==
 
==Agenda '''DRAFT'''==
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
*Purpose: Review 3 initial harmonization proposals for submission by  
+
*Purpose: Review and seek approval to submit 3 initial harmonization proposals by midnight ET today.
 
*Harmonization Schedule:
 
*Harmonization Schedule:
 
**Initial Proposals - Submissions due 10/14/2016, midnight Eastern  
 
**Initial Proposals - Submissions due 10/14/2016, midnight Eastern  
Line 61: Line 61:
 
*Proposal 2 - [http://gforge.hl7.org/gf/download/docmanfileversion/9441/14797/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Care%20Team%20Security%20Compartment%20Label%20Code.doc Five new Security Compartment Label Codes]
 
*Proposal 2 - [http://gforge.hl7.org/gf/download/docmanfileversion/9441/14797/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Care%20Team%20Security%20Compartment%20Label%20Code.doc Five new Security Compartment Label Codes]
 
*Proposal 3 - [http://gforge.hl7.org/gf/download/docmanfileversion/9443/14799/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Research%20Purpose%20of%20Use%20Codes.doc Additional Research Purpose of Use Codes]
 
*Proposal 3 - [http://gforge.hl7.org/gf/download/docmanfileversion/9443/14799/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Research%20Purpose%20of%20Use%20Codes.doc Additional Research Purpose of Use Codes]
 
  
 
==Minutes==
 
==Minutes==
* TBD Chaired
+
* Chairedby Kathleen
* approval of agenda -
 
 
* Discussion  
 
* Discussion  
[[Security|Back to Security Main Page]]
+
 
 +
 
 +
*Roll Call, Agenda Approval
 +
Purpose: Review and seek approval to submit 3 initial harmonization proposals by midnight ET today.
 +
 
 +
*Harmonization Schedule:
 +
Initial Proposals - Submissions due 10/14/2016, midnight Eastern
 +
** Comment- Glen: The Standardization appears to not be regulated.
 +
*** Is it possible to obtain a limited consent for research only?
 +
*** How is it presented? We should present the patient with choices, and how is it presented under what conditions?
 +
*** How do you stay in touch with patients to re-purpose of Data.
 +
*** How do we deal with expansive vocabulary? 
 +
** Kathleen Comment (Global Alliance work):
 +
*** They contributed to the original set of codes into HL7
 +
*** Question (John) : What is the relationship between Common Accord and HL7?
 +
*** Answer (Kathleen): Common Accord and HL7 is doing something similar to create smart contracts.
 +
** Working with Patient Choice (Kathleen)
 +
*** Patient choice is seeking technical solution
 +
*** There was a FHIR questionnaire on recent consent scenarios 
 +
*** Vocabulary Group accepted the proposal; however, Mike Davis would like to see more granularity
 +
*** Patient Choice (ONC Project) is looking on how to find standards for research consent. (Kathleen)
 +
*** Patient Choice is looking to see if FHIR consent can be used to collect consent
 +
*** On November 4, 2016 we have to have a final decision (Kathleen)
 +
 
 +
*Final Proposals - Submissions due 11/04/2016, midnight Eastern
 +
*Proposal 1- Incompetency override code specialization of ActConsentInformationAccessOverrideReason in ActReason code system
 +
** We have a set of override codes, concept from V2
 +
** One code is cased on Patient declining
 +
** Another is based on Patient incompetence (Incompetency Override)
 +
** Comment: The term incompetent appears insensitive and not an active assessment of the patient  (John)
 +
* Proposal 2 - Five new Security Compartment Label Codes
 +
** We can use compartments or workflow to better define purpose of use (ISO-2382-8)
 +
** It is a division of Data into isolated blocks with separate security controls
 +
** It is create a special compartment to financial management such as an offsite billing service (Patient Administration)
 +
** Comment (John): It reads as a structural role rather than a workflow or compartment
 +
** Mike Davis advised in the past that the compartments to be more granular
 +
** Is this Role based Access?
 +
**Comment Mike Davis: The security is for access control is too complex.
 +
*** Criteria recommendations: Is there a security or privacy use that supports authorization decision?
 +
*** Is the code needed to support introprability?
 +
*** Is the code needed beyond legal and privacy, and who would own this (expert party)?
 +
*** Is the code needed beyond Security and Privacy?
 +
* Next Step:
 +
** (John) would like to develop a methodology for compartment in healthcare.
 +
** (Glen & Mike Agree)- Compartments are to be more grounded in access control.
 +
 
 +
* Proposal 3 - Additional Research Purpose of Use Codes
 +
**  Call Adjourned

Latest revision as of 18:59, 18 October 2016

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb . David Staggs x Mohammed Jafari
x Glen Marshall, SRS . Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi . Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson . Dave Silver
x Rick Grow . William Kinsley . Paul Knapp . Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . Paul Petronelli , Mobile Health . Russell McDonell

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval

Minutes

  • Chairedby Kathleen
  • Discussion


  • Roll Call, Agenda Approval

Purpose: Review and seek approval to submit 3 initial harmonization proposals by midnight ET today.

  • Harmonization Schedule:

Initial Proposals - Submissions due 10/14/2016, midnight Eastern

    • Comment- Glen: The Standardization appears to not be regulated.
      • Is it possible to obtain a limited consent for research only?
      • How is it presented? We should present the patient with choices, and how is it presented under what conditions?
      • How do you stay in touch with patients to re-purpose of Data.
      • How do we deal with expansive vocabulary?
    • Kathleen Comment (Global Alliance work):
      • They contributed to the original set of codes into HL7
      • Question (John) : What is the relationship between Common Accord and HL7?
      • Answer (Kathleen): Common Accord and HL7 is doing something similar to create smart contracts.
    • Working with Patient Choice (Kathleen)
      • Patient choice is seeking technical solution
      • There was a FHIR questionnaire on recent consent scenarios
      • Vocabulary Group accepted the proposal; however, Mike Davis would like to see more granularity
      • Patient Choice (ONC Project) is looking on how to find standards for research consent. (Kathleen)
      • Patient Choice is looking to see if FHIR consent can be used to collect consent
      • On November 4, 2016 we have to have a final decision (Kathleen)
  • Final Proposals - Submissions due 11/04/2016, midnight Eastern
  • Proposal 1- Incompetency override code specialization of ActConsentInformationAccessOverrideReason in ActReason code system
    • We have a set of override codes, concept from V2
    • One code is cased on Patient declining
    • Another is based on Patient incompetence (Incompetency Override)
    • Comment: The term incompetent appears insensitive and not an active assessment of the patient (John)
  • Proposal 2 - Five new Security Compartment Label Codes
    • We can use compartments or workflow to better define purpose of use (ISO-2382-8)
    • It is a division of Data into isolated blocks with separate security controls
    • It is create a special compartment to financial management such as an offsite billing service (Patient Administration)
    • Comment (John): It reads as a structural role rather than a workflow or compartment
    • Mike Davis advised in the past that the compartments to be more granular
    • Is this Role based Access?
    • Comment Mike Davis: The security is for access control is too complex.
      • Criteria recommendations: Is there a security or privacy use that supports authorization decision?
      • Is the code needed to support introprability?
      • Is the code needed beyond legal and privacy, and who would own this (expert party)?
      • Is the code needed beyond Security and Privacy?
  • Next Step:
    • (John) would like to develop a methodology for compartment in healthcare.
    • (Glen & Mike Agree)- Compartments are to be more grounded in access control.
  • Proposal 3 - Additional Research Purpose of Use Codes
    • Call Adjourned