This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "September 5, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 66: Line 66:
 
*[https://www.healthit.gov/buzz-blog/state-hie/hie-bright-spots-adt-messages-support-care-coordination-part-ii/ HIE Bright Spots: How ADT Messages Support Care Coordination – Part II]
 
*[https://www.healthit.gov/buzz-blog/state-hie/hie-bright-spots-adt-messages-support-care-coordination-part-ii/ HIE Bright Spots: How ADT Messages Support Care Coordination – Part II]
 
*[http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTcwNjEzLjc0NTU2MDQxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE3MDYxMy43NDU1NjA0MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDIzNDA3JmVtYWlsaWQ9a2F0aGxlZW5fY29ubm9yQGNvbWNhc3QubmV0JnVzZXJpZD1rYXRobGVlbl9jb25ub3JAY29tY2FzdC5uZXQmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&104&&&https://www.healthit.gov/policy-researchers-implementers/reports The Regional ADT Exchange Network Infrastructure Models Brief]
 
*[http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTcwNjEzLjc0NTU2MDQxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE3MDYxMy43NDU1NjA0MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDIzNDA3JmVtYWlsaWQ9a2F0aGxlZW5fY29ubm9yQGNvbWNhc3QubmV0JnVzZXJpZD1rYXRobGVlbl9jb25ub3JAY29tY2FzdC5uZXQmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&104&&&https://www.healthit.gov/policy-researchers-implementers/reports The Regional ADT Exchange Network Infrastructure Models Brief]
*[https://www.healthit.gov/playbook/pdf/learning-guide-executive-summary-adt-alerts.pdf
+
*[https://www.healthit.gov/playbook/pdf/learning-guide-executive-summary-adt-alerts.pdf Executive Summary on HIEs using ADT]
The nine communities that provided in depth information about their experiences for this Learning Guide are: Bangor Beacon (Maine), Crescent City Beacon (Louisiana), Greater Cincinnati Beacon (Ohio), Keystone Beacon (Pennsylvania), Rhode Island Beacon (Rhode Island), San Diego Beacon (California), Southeast Minnesota Beacon (Minnesota), Tulsa Beacon (Oklahoma), and Western New York Beacon (New York)]
+
*The nine communities that provided in depth information about their experiences for this Learning Guide are: Bangor Beacon (Maine), Crescent City Beacon (Louisiana), Greater Cincinnati Beacon (Ohio), Keystone Beacon (Pennsylvania), Rhode Island Beacon (Rhode Island), San Diego Beacon (California), Southeast Minnesota Beacon (Minnesota), Tulsa Beacon (Oklahoma), and Western New York Beacon (New York)]
 
*[https://www.healthit.gov/sites/default/files/onc-beacon-lg1-adt-alerts-for-toc-and-care-coord.pdf The Full Learning Guide: Improving Hospital transitions and care coordination using ADT alerts]
 
*[https://www.healthit.gov/sites/default/files/onc-beacon-lg1-adt-alerts-for-toc-and-care-coord.pdf The Full Learning Guide: Improving Hospital transitions and care coordination using ADT alerts]
 
*[http://www.cihie.org/webinar/Central Illinois Webinar about ADT Messaging as mainstay HIE transaction]
 
*[http://www.cihie.org/webinar/Central Illinois Webinar about ADT Messaging as mainstay HIE transaction]

Revision as of 03:38, 4 September 2017

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes August 29, 2017
  3. (15 min) San Diego Sept WGM Agenda - Kathleen
  4. (15 min) Security Labels for HL7v.2 See Links below for background - Kathleen
  5. (5 min) Security WG Interim Health Metrics - presiding cochair
  6. (5 min) ONC Trusted Exchange Common Agreement Framework Comments - Kathleen
  7. (5 min) FHIR Security call -

News and Review Material

Understanding Digital

  • Identity proofing is the process used to verify a subject’s association with their real-world

identity, establishing that a subject is who they claim to be.

  • An authenticator is something the subject possesses and controls (typically, a cryptographic

module or password) that is used to authenticate the subject’s identity.

  • Digital authentication is the process of determining the validity of one or more authenticators

used to claim a digital identity. Authentication establishes that a subject attempting to access a digital service is in control of the technologies used to authenticate. Successful authentication provides reasonable risk-based assurances that the subject accessing the service today is the same that previously accessed the service.

  • Federation is when the relying party (RP) and identity provider (IdP) are not a single entity or

not under common administration. Federation enables an IdP to proof and authenticate an individual and provide identity assertions that RPs can accept and trust. How has SP 800-63-3 evolved? Since the last revision of this document in 2013, NIST SP 800-63-2, digital identity components have evolved substantially. To better align with market-driven business models and innovation, the new revision replaces levels of assurance (LOAs) with ordinals for individual parts of the digital identity flow, providing implementers with more flexibility in their design and operations:

    • Identity Assurance Level (IAL): the identity proofing process and the binding between one or

more authenticators and the records pertaining to a specific subscriber;

  • Authenticator Assurance Level (AAL): the authentication process, including how additional

factors and authentication mechanisms can impact risk mitigation; and

  • Federation Assurance Level (FAL): the assertion used in a federated environment to

communicate authentication and attribute information to a RP.

  • SP 800-63 is a suite of four documents: SP 800-63-3 (the parent document; your starting point for all things digital identity and risk) and three additional documents – SP 800-63A, 800-63B, and 800-63C –which cover the various components of a digital identity system. These documents are described below:
  • SP 800-63-3, Digital Identity Guidelines, provides an overview of general identity frameworks,

guidance regarding use of authenticators, credentials, and assertions together in a digital system, and a risk-based process of selecting assurance levels;