This wiki has undergone a migration to Confluence found Here
Difference between revisions of "April 3, 2018 Security Conference Call"
Jump to navigation
Jump to search
(Created page with "Back to Security Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Membe...") |
|||
| Line 12: | Line 12: | ||
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||
|-. | |-. | ||
| − | || | + | || x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair |
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||
||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||
| Line 18: | Line 18: | ||
|- | |- | ||
| − | || | + | || .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] |
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||
| − | |||| | + | ||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] |
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden] | ||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden] | ||
|- | |- | ||
| Line 41: | Line 41: | ||
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||
||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||
| − | ||||.|| | + | ||||.|| [mailto: Matt Blackman, Sequoia] |
|- | |- | ||
| Line 65: | Line 65: | ||
*[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/HIMSS%20GDPR%20Webinar%20-%20final%203-20-2018.pdf HIMSS - What Healthcare Organizations need to know about the GDPR] and [https://himss.webex.com/ec3100/eventcenter/recording/recordAction.do?theAction=poprecord&siteurl=himss&entappname=url3100&internalRecordTicket=4832534b000000049e667bcc7b800ce86914021b02caba29afc46ecff27ca74c0cf33e5cbdb77664&renewticket=0&isurlact=true&format=short&rnd=1200686872&RCID=d8fdf672a7c2486c83b5644a70c0ccf3&rID=127858932&needFilter=false&recordID=127858932&apiname=lsr.php&AT=pb&actappname=ec3100&&SP=EC&entactname=%2FnbrRecordingURL.do&actname=%2Feventcenter%2Fframe%2Fg.do HIMSS Presentation recording] | *[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/HIMSS%20GDPR%20Webinar%20-%20final%203-20-2018.pdf HIMSS - What Healthcare Organizations need to know about the GDPR] and [https://himss.webex.com/ec3100/eventcenter/recording/recordAction.do?theAction=poprecord&siteurl=himss&entappname=url3100&internalRecordTicket=4832534b000000049e667bcc7b800ce86914021b02caba29afc46ecff27ca74c0cf33e5cbdb77664&renewticket=0&isurlact=true&format=short&rnd=1200686872&RCID=d8fdf672a7c2486c83b5644a70c0ccf3&rID=127858932&needFilter=false&recordID=127858932&apiname=lsr.php&AT=pb&actappname=ec3100&&SP=EC&entactname=%2FnbrRecordingURL.do&actname=%2Feventcenter%2Fframe%2Fg.do HIMSS Presentation recording] | ||
*[http://www.bbc.com/news/world-europe-43496739 Dutch referendum: Spy tapping powers 'rejected'] | *[http://www.bbc.com/news/world-europe-43496739 Dutch referendum: Spy tapping powers 'rejected'] | ||
| + | |||
| + | |||
| + | Meeting Minutes (DRAFT) | ||
| + | Role Call, Agenda review, meeting minutes approval | ||
| + | |||
| + | Meeting Minutes for 3/27/2018 approved | ||
| + | Motion to approve: (Suzanne/JohnM) | ||
| + | objections: none; abstentions: none approval: | ||
| + | |||
| + | '''TF4FA Normative Ballot''' - Mike/Kathleen | ||
| + | * ballot submitted - Mike/Kathleen | ||
| + | * No comments | ||
| + | * need to confirm this is what intended for the v3 ballot package | ||
| + | ** short discussion of the document included | ||
| + | ** this goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package) | ||
| + | ** note that CBCP co-chair are listed as co-sponsors | ||
| + | * Kathleen will confirm for the WG that it is ready to go | ||
| + | |||
| + | PSAF weekly calls are cancelled at this time and may be restarted once reconciliation starts | ||
| + | |||
| + | FHIR Securty Updates | ||
| + | * call just completed - new time is attracting more people | ||
| + | * ZULIP chat is security and privacy stream, additional stream so that only pertinent security and privacy information will be conveyed | ||
| + | * Johnathan was able to join, reviewed the key consideration of the ONC white paper | ||
| + | ** recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2 | ||
| + | ** discussion around input validation and vulnerability assessment an dfuture improvement opportuntiites | ||
| + | |||
| + | Add information from FHIR Security Call | ||
| + | |||
| + | Connectathon - | ||
| + | FHIR Connectathon track - hopefully, take GDPR as a set of requirement and take the S&P capabilities in and around FHIR--can we show a relationship between them | ||
| + | * 'hey we have provenancne resournce, can it aid with clase 243 and 398, etc | ||
| + | * without goingtinto too much detail, just showing relathiopi, showing how scenarios provie it.. themore we get done the better | ||
| + | *setting the bar low, trying to get a cross-reference with the S&P items we have | ||
| + | * in that level we can see that we have a gaping hole that we need to add ... if such a thing exisits | ||
| + | |||
| + | * the toerh is a less forma, grahame is stinterested in standing up a hyperledgerinfranstructiure (general purpose - ''block chair infrastrucutre'') tofor block-chain | ||
| + | * call out in zulip chat, in developing asenario around that type of infrastructure... three different proposes but no fis onteh hook | ||
| + | * | ||
| + | |||
| + | Agenda for Cologne Agenda;;; | ||
| + | patterns on FHIR | ||
| + | |||
| + | Kathleen received xx from Rene Spronk | ||
| + | * he is working on a '''gdpr presentation on healthcare data interoperability''' - on vocab we might need, | ||
| + | * longer than what we can use for the Q3/Q4 MOnday joint, | ||
| + | * Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint | ||
| + | ** Rene goes through security lables an dmain parts of gdpr which is required in an authomated fashion | ||
| + | |||
| + | * possible new codes for v3 | ||
| + | ** have server which can deal with security labels | ||
| + | **mayb ebe able to mock up POU, certain kinds of actions, involving gdpr | ||
| + | ** use cases featuring gdpr, SL, etc (suggested) | ||
| + | |||
| + | Next week - kathleen should have something to present in regard to the Cologne agenda | ||
| + | reminder: one of th ethoguhts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who wouldn't normally find us...can find us | ||
| + | * johnM is trying to find what those times areas might be... (for cologne agenda) | ||
| + | * l*block of time...would be great to have input from the FHIR WG... risk management an ditems like that | ||
| + | *suggesteions requested for topic areas...we can determine where our priorities line up. | ||
| + | |||
| + | |||
| + | |||
| + | Additional items? | ||
| + | ''' | ||
| + | in materials, kathleen adds salient information to meeting minutes - | ||
| + | * take a look at changes to .. so that you have a navigating | ||
| + | privacy obsolete - added links, to breahes, breaches to be considered in court, suveince techniques, etc. related to privacy issues | ||
| + | the HIMSS presentation on GDPR is excellent if you wanto have a sense on what US entities might be interested on... may have interest | ||
| + | |||
| + | meeting call adjorned at 1228 Arizona time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:26, 3 April 2018 (EDT) | ||
Revision as of 19:26, 3 April 2018
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| . | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | Theresa Connor | ||||
| . | Mohammed Jafari | . | Ioana Singureanu | . | Rob Horn | . | [mailto: Matt Blackman, Sequoia] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of March 27, 2018 minutes
- (5 min) TF4FA Normative Ballot submitted - Mike
- (15 min) FHIR Security Updates - John
- (15 min) Security Cologne May WGM Agenda
Meeting Minutes DRAFT
Roll Call, Agenda Approval Kathleen chair
Meeting Materials
- Trust Framework for Federated Authorization presentation
- TF4FA Vol. 2Behavioral Model May Ballot
- Is Privacy Obsolete Study Group news from EU
- HIMSS - What Healthcare Organizations need to know about the GDPR and HIMSS Presentation recording
- Dutch referendum: Spy tapping powers 'rejected'
Meeting Minutes (DRAFT)
Role Call, Agenda review, meeting minutes approval
Meeting Minutes for 3/27/2018 approved Motion to approve: (Suzanne/JohnM) objections: none; abstentions: none approval:
TF4FA Normative Ballot - Mike/Kathleen
- ballot submitted - Mike/Kathleen
- No comments
- need to confirm this is what intended for the v3 ballot package
- short discussion of the document included
- this goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package)
- note that CBCP co-chair are listed as co-sponsors
- Kathleen will confirm for the WG that it is ready to go
PSAF weekly calls are cancelled at this time and may be restarted once reconciliation starts
FHIR Securty Updates
- call just completed - new time is attracting more people
- ZULIP chat is security and privacy stream, additional stream so that only pertinent security and privacy information will be conveyed
- Johnathan was able to join, reviewed the key consideration of the ONC white paper
- recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2
- discussion around input validation and vulnerability assessment an dfuture improvement opportuntiites
Add information from FHIR Security Call
Connectathon - FHIR Connectathon track - hopefully, take GDPR as a set of requirement and take the S&P capabilities in and around FHIR--can we show a relationship between them
- 'hey we have provenancne resournce, can it aid with clase 243 and 398, etc
- without goingtinto too much detail, just showing relathiopi, showing how scenarios provie it.. themore we get done the better
- setting the bar low, trying to get a cross-reference with the S&P items we have
- in that level we can see that we have a gaping hole that we need to add ... if such a thing exisits
- the toerh is a less forma, grahame is stinterested in standing up a hyperledgerinfranstructiure (general purpose - block chair infrastrucutre) tofor block-chain
- call out in zulip chat, in developing asenario around that type of infrastructure... three different proposes but no fis onteh hook
Agenda for Cologne Agenda;;; patterns on FHIR
Kathleen received xx from Rene Spronk
- he is working on a gdpr presentation on healthcare data interoperability - on vocab we might need,
- longer than what we can use for the Q3/Q4 MOnday joint,
- Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint
- Rene goes through security lables an dmain parts of gdpr which is required in an authomated fashion
- possible new codes for v3
- have server which can deal with security labels
- mayb ebe able to mock up POU, certain kinds of actions, involving gdpr
- use cases featuring gdpr, SL, etc (suggested)
Next week - kathleen should have something to present in regard to the Cologne agenda reminder: one of th ethoguhts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who wouldn't normally find us...can find us
- johnM is trying to find what those times areas might be... (for cologne agenda)
- l*block of time...would be great to have input from the FHIR WG... risk management an ditems like that
- suggesteions requested for topic areas...we can determine where our priorities line up.
Additional items? in materials, kathleen adds salient information to meeting minutes -
- take a look at changes to .. so that you have a navigating
privacy obsolete - added links, to breahes, breaches to be considered in court, suveince techniques, etc. related to privacy issues the HIMSS presentation on GDPR is excellent if you wanto have a sense on what US entities might be interested on... may have interest
meeting call adjorned at 1228 Arizona time --Suzannegw (talk) 15:26, 3 April 2018 (EDT)
