This wiki has undergone a migration to Confluence found Here
Difference between revisions of "March 21, 2017 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (→Agenda) |
|||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[Security|Back to Security Main Page]] | ||
==Attendees== | ==Attendees== | ||
Line 56: | Line 57: | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
# ''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title=March_7,_2017_Security_Conference_Call Security WG Call Minutes March 7, 2017] and [http://wiki.hl7.org/index.php?title=March_14,_2017_Security_Conference_Call Security WG Call Minutes March 14, 2017]''' | # ''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title=March_7,_2017_Security_Conference_Call Security WG Call Minutes March 7, 2017] and [http://wiki.hl7.org/index.php?title=March_14,_2017_Security_Conference_Call Security WG Call Minutes March 14, 2017]''' | ||
− | # ''(10 min)'' '''New meeting service - Transition to FreeConferenceCall.com (FCC) | + | # ''(10 min)'' '''New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com''' |
+ | *Online Meeting ID: security36 | ||
+ | *Dial-in Number: (515) 604-9567 Access Code: 880898 | ||
+ | Updated on Security Wiki home page top banner - K | ||
# ''(10 min)'' '''TF4FA May ballot development roadmap''' Submission Deadline + 3/26 | # ''(10 min)'' '''TF4FA May ballot development roadmap''' Submission Deadline + 3/26 | ||
− | # ''(10 min)'' '''Review [http://gforge.hl7.org/gf/project/security/docman/Security%20ONC% | + | # ''(10 min)'' '''Review [http://gforge.hl7.org/gf/project/security/docman/Security%20ONC%20projects/Draft_White_Paper_PGHD_Policy_Framework%20March%202017%20Comments-Consolidated.docx Draft HL7 Patient Generated Health Data (PGHD)Comments]'''- Diana |
# '' (2 min)'' '''[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20WG%20Administrative%20Documents/Security%20Project%20Scope%20Statements/HL7%20Project%20%20Scope%20Statement%20Medical%20Device%20Security.doc Project Scope Statement - Medical Devices Security] - deferring follow up of outreach to Medical Device WG until ballot recons are completed'''- Kathleen | # '' (2 min)'' '''[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20WG%20Administrative%20Documents/Security%20Project%20Scope%20Statements/HL7%20Project%20%20Scope%20Statement%20Medical%20Device%20Security.doc Project Scope Statement - Medical Devices Security] - deferring follow up of outreach to Medical Device WG until ballot recons are completed'''- Kathleen | ||
# ''(2 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update]''' - Diana | # ''(2 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update]''' - Diana | ||
# ''(2 min)'' '''Security Labeling Service Revision Update''' - Diana | # ''(2 min)'' '''Security Labeling Service Revision Update''' - Diana | ||
# ''(2 min)'' '''No FHIR Security Call this week - Please review front matter''' - http://build.fhir.org/secpriv-module.html | # ''(2 min)'' '''No FHIR Security Call this week - Please review front matter''' - http://build.fhir.org/secpriv-module.html | ||
+ | |||
+ | |||
+ | ==''' Minutes '''== | ||
+ | * Chaired by Kathleen | ||
+ | * Agenda Approved | ||
+ | * Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017 (Approved 7th and 14th minutes) | ||
+ | * New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com | ||
+ | Online Meeting ID: security36 | ||
+ | ** Information provided beginning March 28th Free Conference | ||
+ | Dial-in Number: (515) 604-9567 Access Code: 880898 | ||
+ | ** Updated on Security Wiki home page top banner - K | ||
+ | ** input security 36 to join meeting | ||
+ | * TF4FA May ballot development roadmap Submission Deadline + 3/26 (Mike Davis) | ||
+ | ** Updates will include comments for volume I to appear in May Ballot | ||
+ | ** Volume II Behavioral Model will be part of the informative Ballot for May | ||
+ | ** Volume II will be presented to group | ||
+ | ** Question (Dave): What is the deadline to submit? | ||
+ | ** Answer: next week 3/26, but may not be hard deadline prior to ballot. Kathleen Will check on the date with Lynn . (Mike Davis) | ||
+ | * Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana | ||
+ | ** Provided High level Summary: | ||
+ | ** Comments were made on PTHD definition | ||
+ | ** Patient right of access are asked to be addressed more specifically | ||
+ | ** Providence was asked to be addressed more specifically | ||
+ | ** Research challenges on control of sharing information | ||
+ | ** Does the patient have control over which Data can be shared? Are there controls? (Labeling or Masking Data) | ||
+ | ** Mike Davis Comment: VA is in the process of implementing an SLS to support patient needs | ||
+ | ** Does Patient Right of access, does it allow patient to say what data can be shared? eg: Vendors agree to create a portal to choose meaningful use data | ||
+ | ** Definition for Patient Generated Health Data was provided by Kathleen and was submitted (Diana) | ||
+ | * Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen | ||
+ | ** Skipped | ||
+ | * [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana | ||
+ | ** Comments from DoD were reviewed, 2 sets of comments (Duplicates) | ||
+ | ** Majority of comments were persuasive or persuasive with Mod | ||
+ | ** Only comment deemed not persuasive: In Pass Audit we have the Audit Functional Model with two capabilities, a third capability is recommended: | ||
+ | ** Recommendation: Audit Service should pin a Audit Client to determine the Audit is enabled | ||
+ | ** Mike Davis Comment: The Audit Client is configured with Audit On, if Audit is turned off it will send out a pin tot Audit service that it is off. It does not need to specified with a separate capability. (Non-persuasive with Mod) | ||
+ | ** Symantec Requirements were changed to Disclosure | ||
+ | ** Capability of Complete Audit Record is upto the implementer to determine if it is complete since there is no international standard | ||
+ | ** Motion Passed: 53-88 (Rick, Diana) | ||
+ | * Security Labeling Service Revision Update - Diana | ||
+ | ** NTR | ||
+ | * No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html |
Latest revision as of 18:57, 28 March 2017
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017
- (10 min) New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com
- Online Meeting ID: security36
- Dial-in Number: (515) 604-9567 Access Code: 880898
Updated on Security Wiki home page top banner - K
- (10 min) TF4FA May ballot development roadmap Submission Deadline + 3/26
- (10 min) Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana
- (2 min) Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- (2 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- (2 min) Security Labeling Service Revision Update - Diana
- (2 min) No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html
Minutes
- Chaired by Kathleen
- Agenda Approved
- Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017 (Approved 7th and 14th minutes)
- New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com
Online Meeting ID: security36
- Information provided beginning March 28th Free Conference
Dial-in Number: (515) 604-9567 Access Code: 880898
- Updated on Security Wiki home page top banner - K
- input security 36 to join meeting
- TF4FA May ballot development roadmap Submission Deadline + 3/26 (Mike Davis)
- Updates will include comments for volume I to appear in May Ballot
- Volume II Behavioral Model will be part of the informative Ballot for May
- Volume II will be presented to group
- Question (Dave): What is the deadline to submit?
- Answer: next week 3/26, but may not be hard deadline prior to ballot. Kathleen Will check on the date with Lynn . (Mike Davis)
- Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana
- Provided High level Summary:
- Comments were made on PTHD definition
- Patient right of access are asked to be addressed more specifically
- Providence was asked to be addressed more specifically
- Research challenges on control of sharing information
- Does the patient have control over which Data can be shared? Are there controls? (Labeling or Masking Data)
- Mike Davis Comment: VA is in the process of implementing an SLS to support patient needs
- Does Patient Right of access, does it allow patient to say what data can be shared? eg: Vendors agree to create a portal to choose meaningful use data
- Definition for Patient Generated Health Data was provided by Kathleen and was submitted (Diana)
- Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- Skipped
- [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- Comments from DoD were reviewed, 2 sets of comments (Duplicates)
- Majority of comments were persuasive or persuasive with Mod
- Only comment deemed not persuasive: In Pass Audit we have the Audit Functional Model with two capabilities, a third capability is recommended:
- Recommendation: Audit Service should pin a Audit Client to determine the Audit is enabled
- Mike Davis Comment: The Audit Client is configured with Audit On, if Audit is turned off it will send out a pin tot Audit service that it is off. It does not need to specified with a separate capability. (Non-persuasive with Mod)
- Symantec Requirements were changed to Disclosure
- Capability of Complete Audit Record is upto the implementer to determine if it is complete since there is no international standard
- Motion Passed: 53-88 (Rick, Diana)
- Security Labeling Service Revision Update - Diana
- NTR
- No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html