This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 11, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "Back to Security Work Group Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x...")
 
 
(11 intermediate revisions by 3 users not shown)
Line 9: Line 9:
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
|-
 
|-
Line 37: Line 37:
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
+
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
|-
 
|-
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
Line 58: Line 58:
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_4,_2016_Security_Conference_Call Security WG October 4, 2016 call minutes] and [http://wiki.hl7.org/index.php?title=September_13,_2016_Security_Conference_Call Security WG September 13, 2016 Minutes]if these are available.
 
# ''(5 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_4,_2016_Security_Conference_Call Security WG October 4, 2016 call minutes] and [http://wiki.hl7.org/index.php?title=September_13,_2016_Security_Conference_Call Security WG September 13, 2016 Minutes]if these are available.
*'''Approve [http://www.hl7.org/documentcenter/public/wg/secure/minutes/2016-09-22_SEC_WGM_Minutes.rtf Baltimore Security WGM September 2016]'''
+
# ''(10 min)'' '''PSS Document Sharing''' Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
  # ''(10 min)'' '''PSAF Ballot v.next''' Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
+
# ''(15 min)'' '''PSAF Ballot v.next''' Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
# ''(10 min)'''''[http://gforge.hl7.org/gf/download/docmanfileversion/9433/14780/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Purpose%20of%20Use.doc Nov Harmonization Proposal Review]''' Initial submission due date Nov. 14 - Kathleen
+
# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9433/14780/2016Nov%20HARM%20INTIALPROPOSAL%20SECURITY%20Additional%20Purpose%20of%20Use.doc Nov Harmonization Proposal Review]''' Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
 
# ''(5 min)'' '''PASS Audit Conceptual Model''' – Diana  
 
# ''(5 min)'' '''PASS Audit Conceptual Model''' – Diana  
# ''(10 min)'' '''FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder''' - John
+
# ''(5 min)'' '''FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder''' - John
 
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-10-11 FHIR Security Agenda]
 
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-10-11 FHIR Security Agenda]
  
 
==Minutes==
 
==Minutes==
TBD Chaired
+
* John Chaired
*Agenda .
+
* approval of agenda - Kathleen/Suzanne - unanimous
*Minutes: Sept. 13th Minutes are missing, so review/approval  
+
* approval of minutes of 4th - Glen/Rick - unanimous
*Meeting adjourned.
+
* not approving minutes from 13th as they are not done yet
 +
* Review PSS - Document Sharing
 +
** Motion to approve co-sponsorship - Glen/Kathleen - unanimous
 +
** Security WKG is co-sponsor
 +
** Smart on FHIR comes with Apendix (Grahm)
 +
** Each member organization needs harmonization
 +
** As co-sponsor we can help harmonize which OATH will work
 +
** We are to provide landscape analysis of bridging concerns (Kathleen)
 +
** Security WKG role is to review all concerns of competing parties
 +
* PSAF Ballot- Mike Davis
 +
** NTR
 +
* Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
 +
**Need approval of initial submission
 +
** Due Nov 14th
 +
** Intially completed and submitted in July, but was pulled out to see if it is too granular
 +
** There are two codes for purpose of use, one is used for eHealth exchange.  
 +
** Next step: to meet Friday Nov 14th
 +
 
 +
* Review Vocabulary proposal from Kathleen
 +
** Concern with expansion of PurposeOfUse
 +
*** Are these values specific enough?
 +
*** are they intended to be categories? ==> Categories
 +
** Mike recommends we schedule a specific meeting to go deeper.
 +
** the Vetting of Vocab WKG is approved
 +
** Recommendation to make clinical Trial a parent rather than a lease for health care Biomedical research
 +
** Specific Branches should be specific (profiles) such as Cancer or inherited disease
 +
** Some patients prefer not to share all health care info for research
 +
** Comment: Mohammad: There is no clear semantics on what constitutes as research
 +
***Patient consent is not the only place where purpose of use is needed
 +
***Vocab having a hierarchy can help make it more granular
 +
*** Some patients may opt out for example genetic research
 +
**Comment Glen: This is Policy Level vs. Operational level
 +
*** The consent created is to group different types of studies to different types of consent
 +
*** Action: Kathleen to schedule focused call
 +
** John indicates that we should look to propose new signature types from Kathleen comment on FHIR
 +
* FHIR Security meeting will be held
 +
* Adjourned

Latest revision as of 15:05, 28 October 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS . Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi . Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson . Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . Paul Petronelli , Mobile Health . Russell McDonell

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
  3. (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
  4. (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
  5. (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
  6. (5 min) PASS Audit Conceptual Model – Diana
  7. (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John

FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda

Minutes

  • John Chaired
  • approval of agenda - Kathleen/Suzanne - unanimous
  • approval of minutes of 4th - Glen/Rick - unanimous
  • not approving minutes from 13th as they are not done yet
  • Review PSS - Document Sharing
    • Motion to approve co-sponsorship - Glen/Kathleen - unanimous
    • Security WKG is co-sponsor
    • Smart on FHIR comes with Apendix (Grahm)
    • Each member organization needs harmonization
    • As co-sponsor we can help harmonize which OATH will work
    • We are to provide landscape analysis of bridging concerns (Kathleen)
    • Security WKG role is to review all concerns of competing parties
  • PSAF Ballot- Mike Davis
    • NTR
  • Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
    • Need approval of initial submission
    • Due Nov 14th
    • Intially completed and submitted in July, but was pulled out to see if it is too granular
    • There are two codes for purpose of use, one is used for eHealth exchange.
    • Next step: to meet Friday Nov 14th
  • Review Vocabulary proposal from Kathleen
    • Concern with expansion of PurposeOfUse
      • Are these values specific enough?
      • are they intended to be categories? ==> Categories
    • Mike recommends we schedule a specific meeting to go deeper.
    • the Vetting of Vocab WKG is approved
    • Recommendation to make clinical Trial a parent rather than a lease for health care Biomedical research
    • Specific Branches should be specific (profiles) such as Cancer or inherited disease
    • Some patients prefer not to share all health care info for research
    • Comment: Mohammad: There is no clear semantics on what constitutes as research
      • Patient consent is not the only place where purpose of use is needed
      • Vocab having a hierarchy can help make it more granular
      • Some patients may opt out for example genetic research
    • Comment Glen: This is Policy Level vs. Operational level
      • The consent created is to group different types of studies to different types of consent
      • Action: Kathleen to schedule focused call
    • John indicates that we should look to propose new signature types from Kathleen comment on FHIR
  • FHIR Security meeting will be held
  • Adjourned