This wiki has undergone a migration to Confluence found Here
Difference between revisions of "February 14, 2017 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
(4 intermediate revisions by 3 users not shown) | |||
Line 57: | Line 57: | ||
=='''Agenda'''== | =='''Agenda'''== | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
− | # ''(2 min)'' '''[http://wiki.hl7.org/index.php?title=February_7,_2017_Security_Conference_Call Security WG Call Minutes February 7, 2017]''' | + | # ''(2 min)'' '''[http://wiki.hl7.org/index.php?title=February_7,_2017_Security_Conference_Call Security WG Call Minutes February 7, 2017]''' postponed to next week |
− | # ''(20 min)'' '''[http://gforge.hl7.org/gf/ | + | # ''(20 min)'' '''[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Jan%202017/V3_PSAF_R1_I1_2017JAN_amalgamated.xls TF4FA Ballot Reconciliation Spreadsheet Disposition Review]and [http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Jan%202017/TF4FA%20Class%20Name%20for%20a%20Policy%20Target%20Object.docx TF4FA Class Name for a Policy Target Object]- Mike and Kathleen |
− | # ''(10 min)'' '''[http://gforge....Security WGM Minutes Review and Approval]''' - Kathleen | + | # ''(10 min)'' '''[http://gforge....Security WGM Minutes Review and Approval]''' - Kathleen, postponed to next week |
− | # ''(5 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update]''' - | + | # ''(5 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update]''' - Diana |
# ''(5 min)'' '''Security Labeling Service Revision Update''' - Diana | # ''(5 min)'' '''Security Labeling Service Revision Update''' - Diana | ||
# ''(5 min)'' '''Proposal to add new Trust subworkgroup call to handle detailed TF4FA development, collaborate with NIST on alignment with [https://pages.nist.gov/NISTIR-8112/NISTIR-8112.html NIST Internal Report 8112 A Proposed Schema for Enhancing Confidence in Federated Attributes] and analyze standards impacts of [http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Jan%202017/21st%20Century%20Cures.pdf 21st Century Cures Act] on TF4FA and other privacy and security standards (in collaboration with CBCC) for the Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee'''- Kathleen | # ''(5 min)'' '''Proposal to add new Trust subworkgroup call to handle detailed TF4FA development, collaborate with NIST on alignment with [https://pages.nist.gov/NISTIR-8112/NISTIR-8112.html NIST Internal Report 8112 A Proposed Schema for Enhancing Confidence in Federated Attributes] and analyze standards impacts of [http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Jan%202017/21st%20Century%20Cures.pdf 21st Century Cures Act] on TF4FA and other privacy and security standards (in collaboration with CBCC) for the Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee'''- Kathleen | ||
# ''(2 min)'' '''FHIR AuditEvent and Provenance ballot comments & FHIR Security Call''' | # ''(2 min)'' '''FHIR AuditEvent and Provenance ballot comments & FHIR Security Call''' | ||
+ | # '' 10 min)'' '''Project Scope Statement - Medical Devices - Mike Davis | ||
+ | =='''Minutes'''== | ||
+ | * Chaired by John | ||
+ | * Agenda approved | ||
+ | * Security WG Call Minutes February 7, 2017 postponed to next week | ||
− | + | ||
− | * | + | * TF4FA Ballot Reconciliation Spreadsheet Disposition Review and TF4FA Class Name for a Policy Target Object- Mike and Kathleen |
− | * | + | ** Does it align with Domain analysis model? Kathleen provided a link to the brief in detail in agenda |
+ | * Information Target of policy is defined as: | ||
+ | ** Information Reference- This class and it association specify the attributes of protected information by a policy | ||
+ | ***The target of the policy is named in the policy example HIV | ||
+ | **** HIV under HIPPA is not considered sensitive | ||
+ | **** HIV under title 38 is considered sensitive | ||
+ | ** Mike Davis concurs with definition of information referenced by the policy | ||
+ | *** Th Policies are limited to the space | ||
+ | **** The intent of the information is a Healthcare information policy for HL7 (Mike Davis) | ||
+ | **** It is also a Social Services and Healthcare policy (Kathleen) | ||
+ | *** Next Step: | ||
+ | *** Will make following changes: | ||
+ | ** None persuasive with modification | ||
+ | ** We will use the Domain analysis Model | ||
+ | ** Comments were kept at high level as a information model | ||
+ | ** Comments were editorial | ||
+ | ** Kathleen comment recommended digital ledger technology | ||
+ | ** Mike Davis recommends in the spreadsheet to clarify the initiation does not have to negotiate every instance of request | ||
+ | ** Next call we will review and move forward with voting | ||
+ | *** Updates of authors were made, and authors are requested to review updates to their comments | ||
+ | * WGM Minutes Review and Approval - Kathleen, postponed to next week | ||
+ | * gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana | ||
+ | ** John's non-persuasive comments: | ||
+ | ** FHIR specific implementation maybe out of scope | ||
+ | ** Diane will add FHIR specific implementation is out of scope as it is not integrated | ||
+ | ** John will send Diane link for XAML schema definition to Diana | ||
+ | ** Input from John would be needed in order to include FHIR specific implementation | ||
+ | ** comments: | ||
+ | ***Mike recommend to state that HL7 is working on FHIR specification | ||
+ | ***John does not feel we should point to draft standards | ||
+ | *** Both Mike and John agree the scope does not included Pass Audit to the scope of FHIR | ||
+ | *** Motion approved: (Block vote) Comments Comments 36 to 43 moved to resolution | ||
+ | |||
+ | ** Remaining Agenda was not discussed, moved to next meeting. | ||
+ | ** Call adjourned | ||
+ | |||
+ | * Security Labeling Service Revision Update - Diana | ||
+ | ** Moved to next call after HIMMS | ||
+ | |||
+ | (5 min) Proposal to add new Trust subworkgroup call to handle detailed TF4FA development, collaborate with NIST on alignment with NIST Internal Report 8112 A Proposed Schema for Enhancing Confidence in Federated Attributes and analyze standards impacts of 21st Century Cures Act on TF4FA and other privacy and security standards (in collaboration with CBCC) for the Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen | ||
+ | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call | ||
+ | * Project Scope Statement - Medical Devices - Mike Davis | ||
+ | ** |
Latest revision as of 19:38, 7 March 2017
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Security WG Call Minutes February 7, 2017 postponed to next week
- (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Reviewand TF4FA Class Name for a Policy Target Object- Mike and Kathleen
- (10 min) WGM Minutes Review and Approval - Kathleen, postponed to next week
- (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- (5 min) Security Labeling Service Revision Update - Diana
- (5 min) Proposal to add new Trust subworkgroup call to handle detailed TF4FA development, collaborate with NIST on alignment with NIST Internal Report 8112 A Proposed Schema for Enhancing Confidence in Federated Attributes and analyze standards impacts of 21st Century Cures Act on TF4FA and other privacy and security standards (in collaboration with CBCC) for the Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
- 10 min) Project Scope Statement - Medical Devices - Mike Davis
Minutes
- Chaired by John
- Agenda approved
- Security WG Call Minutes February 7, 2017 postponed to next week
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review and TF4FA Class Name for a Policy Target Object- Mike and Kathleen
- Does it align with Domain analysis model? Kathleen provided a link to the brief in detail in agenda
- Information Target of policy is defined as:
- Information Reference- This class and it association specify the attributes of protected information by a policy
- The target of the policy is named in the policy example HIV
- HIV under HIPPA is not considered sensitive
- HIV under title 38 is considered sensitive
- The target of the policy is named in the policy example HIV
- Mike Davis concurs with definition of information referenced by the policy
- Th Policies are limited to the space
- The intent of the information is a Healthcare information policy for HL7 (Mike Davis)
- It is also a Social Services and Healthcare policy (Kathleen)
- Next Step:
- Will make following changes:
- Th Policies are limited to the space
- None persuasive with modification
- We will use the Domain analysis Model
- Comments were kept at high level as a information model
- Comments were editorial
- Kathleen comment recommended digital ledger technology
- Mike Davis recommends in the spreadsheet to clarify the initiation does not have to negotiate every instance of request
- Next call we will review and move forward with voting
- Updates of authors were made, and authors are requested to review updates to their comments
- Information Reference- This class and it association specify the attributes of protected information by a policy
- WGM Minutes Review and Approval - Kathleen, postponed to next week
- gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- John's non-persuasive comments:
- FHIR specific implementation maybe out of scope
- Diane will add FHIR specific implementation is out of scope as it is not integrated
- John will send Diane link for XAML schema definition to Diana
- Input from John would be needed in order to include FHIR specific implementation
- comments:
- Mike recommend to state that HL7 is working on FHIR specification
- John does not feel we should point to draft standards
- Both Mike and John agree the scope does not included Pass Audit to the scope of FHIR
- Motion approved: (Block vote) Comments Comments 36 to 43 moved to resolution
- Remaining Agenda was not discussed, moved to next meeting.
- Call adjourned
- Security Labeling Service Revision Update - Diana
- Moved to next call after HIMMS
(5 min) Proposal to add new Trust subworkgroup call to handle detailed TF4FA development, collaborate with NIST on alignment with NIST Internal Report 8112 A Proposed Schema for Enhancing Confidence in Federated Attributes and analyze standards impacts of 21st Century Cures Act on TF4FA and other privacy and security standards (in collaboration with CBCC) for the Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
- Project Scope Statement - Medical Devices - Mike Davis