Difference between revisions of "May 23, 2017 Security Conference Call"
(→Agenda) |
|||
(6 intermediate revisions by 2 users not shown) | |||
Line 60: | Line 60: | ||
# ''(15 min)'' '''Madrid Debrief - Review of Minutes, presentations - cochairs''' | # ''(15 min)'' '''Madrid Debrief - Review of Minutes, presentations - cochairs''' | ||
*[[HL7 WGM MAY 2017 - Madrid Spain Minutes]] | *[[HL7 WGM MAY 2017 - Madrid Spain Minutes]] | ||
− | #''(10 min)'' '''[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202017/ballotcomments_V3_PSAF_R1_I2_2017MAY%20Amalgamated.xls TF4FA Ballot | + | #''(10 min)'' '''[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202017/ballotcomments_V3_PSAF_R1_I2_2017MAY%20Amalgamated.xls TF4FA Ballot Reconciliation] - Kathleen |
− | #''(10 min)'' '''PASS Audit Ballot | + | #''(10 min)'' '''PASS Audit Ballot Reconciliation - Diana |
# ''(5 min)'' '''FHIR Security Call - [http://build.fhir.org/secpriv-module.html Please review front matter]''' - John Moehrke | # ''(5 min)'' '''FHIR Security Call - [http://build.fhir.org/secpriv-module.html Please review front matter]''' - John Moehrke | ||
*[http://www.hl7.org/search/viewSearchResult.cfm?search_id=393442&search_result_url=%2Fdocumentcenter%2Fpublic%2Fwg%2Fsecure%2FHL7%20Emergency%20Access%2Edoc Healthcare Requirements for Emergency Access by Mike Davis VA] | *[http://www.hl7.org/search/viewSearchResult.cfm?search_id=393442&search_result_url=%2Fdocumentcenter%2Fpublic%2Fwg%2Fsecure%2FHL7%20Emergency%20Access%2Edoc Healthcare Requirements for Emergency Access by Mike Davis VA] | ||
Line 76: | Line 76: | ||
=='''Minutes'''== | =='''Minutes'''== | ||
+ | |||
+ | *Chaired by Kathleen | ||
+ | |||
+ | *Agenda Approval | ||
+ | |||
+ | *Approved of Security WG Call Minutes April 25, 2017 | ||
+ | * Madrid Debrief - Review of Minutes, presentations - cochairs | ||
+ | * (Kathleen) | ||
+ | * Highlights from Madrid Meeting: | ||
+ | ** (1) David Pikes: Privilage Management Access Control ISO 2600 | ||
+ | ** based on our Security Privacy Domain Analysis Model (Modeling Domains | ||
+ | ** His main audience was the clinical modeling Information initiative | ||
+ | ** He presented on the European Data Protection Regulation (More regulated than the U.S.) | ||
+ | ** It may have possible interoprability issues with storing between European and American Health info | ||
+ | ** (2) The Trusted eHealth project | ||
+ | ** part of it is option national health exchange scheme | ||
+ | *** Free to consumer | ||
+ | *** It provides healthcare delivery to consumer available | ||
+ | *** (3) Clinical Decision Support ( Kathleen, John) | ||
+ | *** Discussed Hooking up EHR's to apps external to EHR | ||
+ | *** Drug Drug interactions | ||
+ | *** How to secure CDS hooks | ||
+ | *(John) | ||
+ | ** (4) Held a meeting with SMART on FHIR team | ||
+ | ** Came to understanding what users it covers | ||
+ | ** Came up with other patterns that SMART may not cover such as server to server communication | ||
+ | ** Discussed Testing security and privacy resources | ||
+ | ** We sent out an opportunity for other work groups to work together on their security needs | ||
+ | ** Gary and Kathleen came up with a proposal on test scripts on provenance | ||
+ | HL7 WGM MAY 2017 - Madrid Spain Minutes | ||
+ | * TF4FA Ballot Reconciliation - Kathleen | ||
+ | ** Completed spreadsheet | ||
+ | ** proposed disposition of the DoD comments (Dr. Mark kramer) | ||
+ | ** He raised the need for discussion on how negotiations take place, to include in the next version | ||
+ | ** ISO 600 has a tutorial how to build policy bridging, can be a starting place of behavioral models of different component used for composite policy (How to compose Composition Policy ) | ||
+ | ** He asserts basic policy should have nested policy | ||
+ | |||
+ | * PASS Audit Ballot Reconciliation - Diana | ||
+ | ** Comments (97-129) reviews for vote | ||
+ | ** #97 withdrawn | ||
+ | ** Comment 98 (accepted | ||
+ | ** comment 99 accepted | ||
+ | ** Comment 100 persuasive with mod ( Accepted) | ||
+ | ** RC-3881 was removed as a reference | ||
+ | ** Comment 103 and 104 accepted | ||
+ | ** Redundancy and consolidation was made to 104 (Accepted) | ||
+ | ** The word disclosure was added to comment 106 (Accepted) | ||
+ | ** ISO standard definition is added to 107 (Accepted) | ||
+ | ** Comment 108 (Accepted) | ||
+ | ** Comment 110- | ||
+ | Comment 112-113 to make vocab consistency (Accepting | ||
+ | ** Comment 114 formatting issues (accepted) | ||
+ | ** Comment 117 accepted | ||
+ | ** Comment 118 was repeated, reworded (Accepted) | ||
+ | ** Comment 121 was repeat in previous comment | ||
+ | ** Comment 123 is considered for future use, but moved to persuasive and Accepted based on the following: | ||
+ | *** Has to do with Audit Archive service for the functional Model | ||
+ | *** Comment: (Mike Davis) Archive is part of Audit | ||
+ | *** Moved to persuasive and approved ( accepted ) | ||
+ | ** Is not a retrieve archive capability | ||
+ | ** Comment 124 was repeat in previous comment | ||
+ | ** Comment 125 accepted | ||
+ | ** Comment 128 Agreed with Persuasive with MOD | ||
+ | ** Comment 129 Accepted | ||
+ | ** Motion to Approve 97-129 (Diana, Mike Davis) |
Latest revision as of 18:59, 13 June 2017
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes April 25, 2017
- (15 min) Madrid Debrief - Review of Minutes, presentations - cochairs
- (10 min) TF4FA Ballot Reconciliation - Kathleen
- (10 min) PASS Audit Ballot Reconciliation - Diana
- (5 min) FHIR Security Call - Please review front matter - John Moehrke
- Healthcare Requirements for Emergency Access by Mike Davis VA
- Veterans Choice Program FAQ
- Bernd Blobel Madrid Presentations
- HIMSS 2017 Patient Choice on FHIR
Tuesday Security WG Session: Kevin Skekleton and Josh Mandel presented on FHIR CDS Hooks CDS-Hooks uses SMART on FHIR to specify services to create vendor-independent “substitutable apps” that can be plugged into a variety of EHR and other systems. The services equips a native EHR with an event model, triggering calls to remote CDS services when specific user activities occur (e.g., "prescribe a drug", or "open a patient record"). These CDS Hook services can respond with advice, alternative suggestions, and in-context app launch links that can be presented to the user in accordance with explicit user experience guidelines. The following videos provide excellent presentations on CDS Hooks:
- Josh Mandel CDS Hooks Video
- Kevin Skekleton [Cerner Presentations]
- Remote Decision Support with CDS Hooks Kevin Skekleton
This CDS-Hook services might be an approach for creating “break glass” alerts for e.g., drug-drug interactions where the treating provider did not have clearance to view the entire record – e.g., where a patient has not consented for this provider to access sensitive information. The SLS would provide the CDS with unmasked record while permitting the treating provider to only access the masked record until provider executed break glass based on the CDS alert.
Minutes
- Chaired by Kathleen
- Agenda Approval
- Approved of Security WG Call Minutes April 25, 2017
- Madrid Debrief - Review of Minutes, presentations - cochairs
- (Kathleen)
- Highlights from Madrid Meeting:
- (1) David Pikes: Privilage Management Access Control ISO 2600
- based on our Security Privacy Domain Analysis Model (Modeling Domains
- His main audience was the clinical modeling Information initiative
- He presented on the European Data Protection Regulation (More regulated than the U.S.)
- It may have possible interoprability issues with storing between European and American Health info
- (2) The Trusted eHealth project
- part of it is option national health exchange scheme
- Free to consumer
- It provides healthcare delivery to consumer available
- (3) Clinical Decision Support ( Kathleen, John)
- Discussed Hooking up EHR's to apps external to EHR
- Drug Drug interactions
- How to secure CDS hooks
- (John)
- (4) Held a meeting with SMART on FHIR team
- Came to understanding what users it covers
- Came up with other patterns that SMART may not cover such as server to server communication
- Discussed Testing security and privacy resources
- We sent out an opportunity for other work groups to work together on their security needs
- Gary and Kathleen came up with a proposal on test scripts on provenance
HL7 WGM MAY 2017 - Madrid Spain Minutes
- TF4FA Ballot Reconciliation - Kathleen
- Completed spreadsheet
- proposed disposition of the DoD comments (Dr. Mark kramer)
- He raised the need for discussion on how negotiations take place, to include in the next version
- ISO 600 has a tutorial how to build policy bridging, can be a starting place of behavioral models of different component used for composite policy (How to compose Composition Policy )
- He asserts basic policy should have nested policy
- PASS Audit Ballot Reconciliation - Diana
- Comments (97-129) reviews for vote
- #97 withdrawn
- Comment 98 (accepted
- comment 99 accepted
- Comment 100 persuasive with mod ( Accepted)
- RC-3881 was removed as a reference
- Comment 103 and 104 accepted
- Redundancy and consolidation was made to 104 (Accepted)
- The word disclosure was added to comment 106 (Accepted)
- ISO standard definition is added to 107 (Accepted)
- Comment 108 (Accepted)
- Comment 110-
Comment 112-113 to make vocab consistency (Accepting
- Comment 114 formatting issues (accepted)
- Comment 117 accepted
- Comment 118 was repeated, reworded (Accepted)
- Comment 121 was repeat in previous comment
- Comment 123 is considered for future use, but moved to persuasive and Accepted based on the following:
- Has to do with Audit Archive service for the functional Model
- Comment: (Mike Davis) Archive is part of Audit
- Moved to persuasive and approved ( accepted )
- Is not a retrieve archive capability
- Comment 124 was repeat in previous comment
- Comment 125 accepted
- Comment 128 Agreed with Persuasive with MOD
- Comment 129 Accepted
- Motion to Approve 97-129 (Diana, Mike Davis)