This wiki has undergone a migration to Confluence found Here
Difference between revisions of "May 2, 2017 Security Conference Call"
Jump to navigation
Jump to search
(Created page with "Back to Security Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Membe...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 62: | Line 62: | ||
=='''Minutes'''== | =='''Minutes'''== | ||
| + | * Chaired by Kathleen | ||
| + | * Agenda Approved | ||
| + | * Minutes March 28, 2017 approved | ||
| + | * Trust Framework and SLS (Kathleen and Mike Davis) | ||
| + | * Issue: How to establish a Trust Framework with Applications (app) when patients share health information | ||
| + | ** Question: Can an app be trusted when patient shares health data with it? | ||
| + | ** It is not up to the providers to dictate who they will share with | ||
| + | ** Applications (Apps) are not considered providers | ||
| + | ** When patient shares with App from a Privacy point of view they are sharing the information with themselves | ||
| + | ** The Health Information is not protected | ||
| + | ** They are a transport which serve as a pass through | ||
| + | ** Patient information is not encrypted or protected when sharing with app | ||
| + | ** Controls should be established with app | ||
| + | ** SLS maybe a solution to implement Cascading OATH capabilities | ||
| + | ** From a privacy point of view if Patient info is sent to an application it would be treated as if Patient sent the info to themselvess | ||
| + | ** Organizations can take Privacy protection service | ||
| + | ** Comment (Beth): We should partner with Mobile Security for Mobile Health | ||
| + | ** Mobil Security Group will not be in the Madrid conference for the topic to be discussed on the agenda | ||
| + | ** Next Step: The Trust Framework Mobile App issue will be covered in the next iteration | ||
| + | |||
| + | * FHIR Security Call - Please review front matter - John Moehrke | ||
| + | ** NTR | ||
| + | ** John was not present on the call | ||
| + | * No call on May 2nd due to Madrid conference | ||
| + | * Call adjourned | ||
Latest revision as of 16:32, 2 May 2017
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes March 28, 2017
- (20 min) xxxxx - lead
- (5 min) FHIR Security Call - Please review front matter - John Moehrke
Minutes
- Chaired by Kathleen
- Agenda Approved
- Minutes March 28, 2017 approved
- Trust Framework and SLS (Kathleen and Mike Davis)
- Issue: How to establish a Trust Framework with Applications (app) when patients share health information
- Question: Can an app be trusted when patient shares health data with it?
- It is not up to the providers to dictate who they will share with
- Applications (Apps) are not considered providers
- When patient shares with App from a Privacy point of view they are sharing the information with themselves
- The Health Information is not protected
- They are a transport which serve as a pass through
- Patient information is not encrypted or protected when sharing with app
- Controls should be established with app
- SLS maybe a solution to implement Cascading OATH capabilities
- From a privacy point of view if Patient info is sent to an application it would be treated as if Patient sent the info to themselvess
- Organizations can take Privacy protection service
- Comment (Beth): We should partner with Mobile Security for Mobile Health
- Mobil Security Group will not be in the Madrid conference for the topic to be discussed on the agenda
- Next Step: The Trust Framework Mobile App issue will be covered in the next iteration
- FHIR Security Call - Please review front matter - John Moehrke
- NTR
- John was not present on the call
- No call on May 2nd due to Madrid conference
- Call adjourned
