This wiki has undergone a migration to Confluence found Here
Difference between revisions of "June 6, 2017 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 55: | Line 55: | ||
=='''Agenda'''== | =='''Agenda'''== | ||
#''(2 min)'' '''Roll Call, Agenda Approval''' | #''(2 min)'' '''Roll Call, Agenda Approval''' | ||
| − | #''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title= | + | #''(4 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title=May_3,_2017_Security_Conference_Call Security WG Call Minutes May 23, 2017]''' ''Note that the May 30 call was adjourned early because no cochair could attend.'' |
#''(15 min)'' '''[http://wiki.hl7.org/index.php?title=HL7_WGM_MAY_2017_-_Madrid_Spain_Minutes Review and approval of Madrid Minutes]''' Chair | #''(15 min)'' '''[http://wiki.hl7.org/index.php?title=HL7_WGM_MAY_2017_-_Madrid_Spain_Minutes Review and approval of Madrid Minutes]''' Chair | ||
# ''(30 min)'' '''[http://wiki.hl7.org/index.php?title=HIMSS_2017_Patient_Choice HIMSS 2017 Debrief] - Mike Davis | # ''(30 min)'' '''[http://wiki.hl7.org/index.php?title=HIMSS_2017_Patient_Choice HIMSS 2017 Debrief] - Mike Davis | ||
| Line 62: | Line 62: | ||
== Minutes == | == Minutes == | ||
| + | # Chaired by Alex | ||
| + | # Agenda Approved | ||
| + | # Review and Approval of [http://wiki.hl7.org/index.php?title=May 23,_2017_Security_Conference_Call, deferred to next call Security WG Call Minutes May 23, 2017]''' ''Note that the May 30 call was adjourned early because no cochair could attend.'' | ||
| + | # Approved (Alex, Mike) [http://wiki.hl7.org/index.php?title=HL7_WGM_MAY_2017_-_Madrid_Spain_Minutes Review and approval of Madrid Minutes] | ||
| + | |||
| + | # [http://wiki.hl7.org/index.php?title=HIMSS_2017_Patient_Choice HIMSS 2017 Debrief] - Mike Davis | ||
| + | * Power Point was presented and the following were reviewed | ||
| + | * Three sets of Files of the HIMMS 2017 demonstration (based on Jan FHIR Connectathon were presented on behalf of HL7 (Shared with group, editable to add content) | ||
| + | * HIMMS definition of interaprability and vocabulary reviewed: | ||
| + | * FHIR on a foundation level (Cyber Security) allows data exchange | ||
| + | * Structural interporability is the structure of the data | ||
| + | * Cantara UMA and Java are included in the transport section | ||
| + | * Audit Providence are included in the resource description | ||
| + | * Health Care classification system provides the ability to input the security and privacy labels on the data | ||
| + | * CDA high level confidentiality restricted code/content based on HL7 Code set is included | ||
| + | * Obligations and Prohibition or re-disclosure of information is included | ||
| + | * Security standards of CBC groups relevent to FHIR included | ||
| + | * Soon trust framework will be able to be added | ||
| + | * Attribute based Access control should be used when defining role based access | ||
| + | * Rule is included to define the rules and the rules are managed by a rules engine | ||
| + | * Link to a youtube video is also provided in presentation to describe the presentation | ||
| + | * This year we showed how Patients can take control of their data | ||
| + | * Patients want choice, and HIPPA Auth allows patients to grant their choices and direct the covered entity and delivered it to requested location | ||
| + | * Part of the HIPPA law does not allow the patient to choose where to send their encrypted healthcare data | ||
| + | * OATH autherization server allows for provisions for the patient by providing the requesting organization with a token to grant access to patient data | ||
| + | * Kathleen shared the link of use cases to Duane to review prior to sharing with Security Work group ( Approved by Mike to share Demo) | ||
| + | * Clinical support system is able to read the protective conditions (eg: drug drug interactions), data is masked not redacted | ||
| + | * Security labeling Service allows searching and labeling feature for the patients conditions, and create privacy protective service of masking data | ||
| + | * (use case) Patient Consent on Research goes to a genomic data base and data warehouse | ||
| + | * Kathleen will schedule time for Duane to demonstrate to group | ||
| + | * Duane comment: Several organization participating in clinical workflow, | ||
| + | ** Three organizations discussed in the demo | ||
| + | ** VHA is the primary custodian | ||
| + | ** MyHIN | ||
| + | **Veteran for Research (patient provides informed consent for genomic research), research organization can identify treatment, and informed consent can also be generated for the treatment | ||
| + | ** Lab test can be seen and other data can be seen through the cascading OATH | ||
| + | ** More will be discussed next week | ||
| + | |||
| + | * call adjourned | ||
Latest revision as of 18:35, 13 June 2017
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
- (15 min) Review and approval of Madrid Minutes Chair
- (30 min) HIMSS 2017 Debrief - Mike Davis
- (5 min) TF4FA Ballot Reconciliation update
- (5 min) FHIR Security Call - Please review front matter - John Moehrke
Minutes
- Chaired by Alex
- Agenda Approved
- Review and Approval of 23,_2017_Security_Conference_Call, deferred to next call Security WG Call Minutes May 23, 2017 Note that the May 30 call was adjourned early because no cochair could attend.
- Approved (Alex, Mike) Review and approval of Madrid Minutes
- HIMSS 2017 Debrief - Mike Davis
- Power Point was presented and the following were reviewed
- Three sets of Files of the HIMMS 2017 demonstration (based on Jan FHIR Connectathon were presented on behalf of HL7 (Shared with group, editable to add content)
- HIMMS definition of interaprability and vocabulary reviewed:
- FHIR on a foundation level (Cyber Security) allows data exchange
- Structural interporability is the structure of the data
- Cantara UMA and Java are included in the transport section
- Audit Providence are included in the resource description
- Health Care classification system provides the ability to input the security and privacy labels on the data
- CDA high level confidentiality restricted code/content based on HL7 Code set is included
- Obligations and Prohibition or re-disclosure of information is included
- Security standards of CBC groups relevent to FHIR included
- Soon trust framework will be able to be added
- Attribute based Access control should be used when defining role based access
- Rule is included to define the rules and the rules are managed by a rules engine
- Link to a youtube video is also provided in presentation to describe the presentation
- This year we showed how Patients can take control of their data
- Patients want choice, and HIPPA Auth allows patients to grant their choices and direct the covered entity and delivered it to requested location
- Part of the HIPPA law does not allow the patient to choose where to send their encrypted healthcare data
- OATH autherization server allows for provisions for the patient by providing the requesting organization with a token to grant access to patient data
- Kathleen shared the link of use cases to Duane to review prior to sharing with Security Work group ( Approved by Mike to share Demo)
- Clinical support system is able to read the protective conditions (eg: drug drug interactions), data is masked not redacted
- Security labeling Service allows searching and labeling feature for the patients conditions, and create privacy protective service of masking data
- (use case) Patient Consent on Research goes to a genomic data base and data warehouse
- Kathleen will schedule time for Duane to demonstrate to group
- Duane comment: Several organization participating in clinical workflow,
- Three organizations discussed in the demo
- VHA is the primary custodian
- MyHIN
- Veteran for Research (patient provides informed consent for genomic research), research organization can identify treatment, and informed consent can also be generated for the treatment
- Lab test can be seen and other data can be seen through the cascading OATH
- More will be discussed next week
- call adjourned
