This wiki has undergone a migration to Confluence found Here
Difference between revisions of "February 7, 2017 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 40: | Line 40: | ||
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
− | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
Line 68: | Line 68: | ||
* Chaired by Alex | * Chaired by Alex | ||
* Agenda Approved (Kathleen, Ioana) | * Agenda Approved (Kathleen, Ioana) | ||
+ | * Security WG Call Minutes January 31, 2017 (Approved) | ||
+ | * TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen | ||
+ | **Spreadsheet reviewed | ||
+ | ** Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet | ||
+ | ** Motion approved comments as persuasive 1-25 (Beth, Alex) | ||
+ | ** Reviewed of line 26-Protective Health Information comments- Beth | ||
+ | *** Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth) | ||
+ | ** Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset | ||
+ | *** Trust Framework is specific to healthcare (Mike Davis) | ||
+ | *** Sensitive information shared by security labels, Protective Health is inclusive of sensitive information | ||
+ | *** Protective Information can encompass Protective Health Information | ||
+ | *** It is not persuasive to change to Protected Information, and should be more specific as Protective Health Information (Mike Davis) | ||
+ | *** This is based on Security and Privacy information model for health care (Mike Davis) | ||
+ | *** Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent | ||
+ | ** Reviewed Comment: Footnoting Federated Authorization Domain:(Beth) | ||
+ | *** Suggested it should be defined in a footnote or explained | ||
+ | *** Mike David concurs on defining in footnote | ||
+ | ** Next Step: | ||
+ | ** Look to either to remove Protected information in the Documents needs to changed to Protective Health Information, or create a Definition for Protected Information and revisit next call | ||
+ | ** Update the information Model, to draft a information Model | ||
+ | |||
+ | * gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane | ||
+ | **Reviewing Johns Comments that are considered non-persuasive: | ||
+ | ** Note: John was not present at call | ||
+ | ** The following comments by John were reviewed: | ||
+ | ** Figure shows audit trail export mediating recording and analysis | ||
+ | *** Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through | ||
+ | *** Johns comment on Audit Trail Export is deemed non-persuasive | ||
+ | **Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates. | ||
+ | ** Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO? | ||
+ | ** Mike provided an explanation on difference between Alarm Reporting and ISO reporting: | ||
+ | *** Alarm reporting is event reporting (As the event occurs with Analysis and is reported in real time) | ||
+ | *** The Audit Analysis are sent after a period of time (based on requirement of reporting after analysis is done over a period of time) | ||
+ | ** Comment (John) on Abstract Model republishes the Framework ISO 10181-7 and reinvent HL7 standard | ||
+ | *** Response (Diana): It is taken from 10181-7 but also input from security working group | ||
+ | *** Motion to accept John's Comments 20-35 approved (Mike, Diana) | ||
+ | |||
+ | *** Call Adjourned |
Latest revision as of 19:41, 7 March 2017
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Security WG Call Minutes January 31, 2017
- (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- (10 min) WGM Minutes Review and Approval - Kathleen
- (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- (5 min) Security Labeling Service Revision Update - Diana
- (5 min) 21st Century Cures Act Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- Chaired by Alex
- Agenda Approved (Kathleen, Ioana)
- Security WG Call Minutes January 31, 2017 (Approved)
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- Spreadsheet reviewed
- Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet
- Motion approved comments as persuasive 1-25 (Beth, Alex)
- Reviewed of line 26-Protective Health Information comments- Beth
- Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth)
- Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset
- Trust Framework is specific to healthcare (Mike Davis)
- Sensitive information shared by security labels, Protective Health is inclusive of sensitive information
- Protective Information can encompass Protective Health Information
- It is not persuasive to change to Protected Information, and should be more specific as Protective Health Information (Mike Davis)
- This is based on Security and Privacy information model for health care (Mike Davis)
- Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent
- Reviewed Comment: Footnoting Federated Authorization Domain:(Beth)
- Suggested it should be defined in a footnote or explained
- Mike David concurs on defining in footnote
- Next Step:
- Look to either to remove Protected information in the Documents needs to changed to Protective Health Information, or create a Definition for Protected Information and revisit next call
- Update the information Model, to draft a information Model
- gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- Reviewing Johns Comments that are considered non-persuasive:
- Note: John was not present at call
- The following comments by John were reviewed:
- Figure shows audit trail export mediating recording and analysis
- Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through
- Johns comment on Audit Trail Export is deemed non-persuasive
- Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates.
- Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO?
- Mike provided an explanation on difference between Alarm Reporting and ISO reporting:
- Alarm reporting is event reporting (As the event occurs with Analysis and is reported in real time)
- The Audit Analysis are sent after a period of time (based on requirement of reporting after analysis is done over a period of time)
- Comment (John) on Abstract Model republishes the Framework ISO 10181-7 and reinvent HL7 standard
- Response (Diana): It is taken from 10181-7 but also input from security working group
- Motion to accept John's Comments 20-35 approved (Mike, Diana)
- Call Adjourned