This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 11, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(5 intermediate revisions by 3 users not shown)
Line 9: Line 9:
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
|-
 
|-
Line 37: Line 37:
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
+
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
|-
 
|-
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
Line 66: Line 66:
  
 
==Minutes==
 
==Minutes==
TBD Chaired
+
* John Chaired
Chaired by Kathleen Connor
+
* approval of agenda - Kathleen/Suzanne - unanimous
+
+
* approval of minutes of 4th - Glen/Rick - unanimous
TBD Chaired
+
* not approving minutes from 13th as they are not done yet
+
* Review PSS - Document Sharing  
*Minutes:
+
** Motion to approve co-sponsorship - Glen/Kathleen - unanimous
+
+
** Security WKG is co-sponsor
*Agenda .
+
** Smart on FHIR comes with Apendix (Grahm)
+
** Each member organization needs harmonization
+
** As co-sponsor we can help harmonize which OATH will work
+
+
** We are to provide landscape analysis of bridging concerns (Kathleen)
*Minutes: Sept. 13th Minutes are missing, so review/approval
+
** Security WKG role is to review all concerns of competing parties
+
* PSAF Ballot- Mike Davis
+
** NTR
+
+
* Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
+
**Need approval of initial submission
Agenda Approved
+
** Due Nov 14th
+
+
** Intially completed and submitted in July, but was pulled out to see if it is too granular
+
** There are two codes for purpose of use, one is used for eHealth exchange.
+
** Next step: to meet Friday Nov 14th
+
 
 
-Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex)
 
+
 
 
 
+
 
 
(10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
 
+
 
 
 
+
 
 
 
+
 
 
*PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
 
+
 
 
- Comments have been updated to PSAF Policy Model
 
+
 
 
- Alex Comments:  
 
+
 
 
- Modeling not consistant with PMAK or Security Domain
 
 
- More than one Security Domain are not consistant with policy breaching
 
  
- Concerned that policy can never be a contract
+
* Review Vocabulary proposal from Kathleen
+
** Concern with expansion of PurposeOfUse
Kathleen Comment:
+
*** Are these values specific enough?
+
*** are they intended to be categories? ==> Categories
- Policy and contract are the same, as policy (HE) is a result of contract
+
** Mike recommends we schedule a specific meeting to go deeper.
+
** the Vetting of Vocab WKG is approved
Diana Comments:
+
** Recommendation to make clinical Trial a parent rather than a lease for health care Biomedical research
+
** Specific Branches should be specific (profiles) such as Cancer or inherited disease
- Submitted Walters comments on PKAK in the architecture of PSAF
+
** Some patients prefer not to share all health care info for research
+
** Comment: Mohammad: There is no clear semantics on what constitutes as research
- Trust info Model is part of PSAF
+
***Patient consent is not the only place where purpose of use is needed
+
***Vocab having a hierarchy can help make it more granular
- Protective Health info is under HIPPA only in U.S. (42CFR)
+
*** Some patients may opt out for example genetic research
+
**Comment Glen: This is Policy Level vs. Operational level
- Many states do not use protective health
+
*** The consent created is to group different types of studies to different types of consent
 
+
*** Action: Kathleen to schedule focused call
+
** John indicates that we should look to propose new signature types from Kathleen comment on FHIR
+
+
* FHIR Security meeting will be held
+
* Adjourned
* Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen
 
 
- Data segmentation in standards all need to include confidentiality coded on CCDA's
 
 
-ONC has a risk on cofidentiality code that has a hard N.
 
 
 
PASS Audit Conceptual Model – Diana
 
+
 
 
* FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
 
 
 
- Policy advisory committee is going through new restructuring and advisory
 
 
- Has dependencies on security patterns and is requesting for assistance for Security and Privacy
 
 
 
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana)  
 
 
-  XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group
 
+
 
 
- There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags
 
+
 
 
- Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion
 
 
 
- Trust Governance group is creating Stadnards on how to express consent
 
 
-Consent must use audit to send, they also use paper Auth (Kathleen)
 
+
 
 
-Any Choice Provider can send a paper or signed consent
 
 
 
 
 
 
*Meeting adjourned.
 

Latest revision as of 15:05, 28 October 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS . Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi . Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson . Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . Paul Petronelli , Mobile Health . Russell McDonell

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
  3. (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
  4. (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
  5. (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
  6. (5 min) PASS Audit Conceptual Model – Diana
  7. (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John

FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda

Minutes

  • John Chaired
  • approval of agenda - Kathleen/Suzanne - unanimous
  • approval of minutes of 4th - Glen/Rick - unanimous
  • not approving minutes from 13th as they are not done yet
  • Review PSS - Document Sharing
    • Motion to approve co-sponsorship - Glen/Kathleen - unanimous
    • Security WKG is co-sponsor
    • Smart on FHIR comes with Apendix (Grahm)
    • Each member organization needs harmonization
    • As co-sponsor we can help harmonize which OATH will work
    • We are to provide landscape analysis of bridging concerns (Kathleen)
    • Security WKG role is to review all concerns of competing parties
  • PSAF Ballot- Mike Davis
    • NTR
  • Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
    • Need approval of initial submission
    • Due Nov 14th
    • Intially completed and submitted in July, but was pulled out to see if it is too granular
    • There are two codes for purpose of use, one is used for eHealth exchange.
    • Next step: to meet Friday Nov 14th
  • Review Vocabulary proposal from Kathleen
    • Concern with expansion of PurposeOfUse
      • Are these values specific enough?
      • are they intended to be categories? ==> Categories
    • Mike recommends we schedule a specific meeting to go deeper.
    • the Vetting of Vocab WKG is approved
    • Recommendation to make clinical Trial a parent rather than a lease for health care Biomedical research
    • Specific Branches should be specific (profiles) such as Cancer or inherited disease
    • Some patients prefer not to share all health care info for research
    • Comment: Mohammad: There is no clear semantics on what constitutes as research
      • Patient consent is not the only place where purpose of use is needed
      • Vocab having a hierarchy can help make it more granular
      • Some patients may opt out for example genetic research
    • Comment Glen: This is Policy Level vs. Operational level
      • The consent created is to group different types of studies to different types of consent
      • Action: Kathleen to schedule focused call
    • John indicates that we should look to propose new signature types from Kathleen comment on FHIR
  • FHIR Security meeting will be held
  • Adjourned