This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "August 21, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 44: Line 44:
  
 
=='''Agenda'''==  
 
=='''Agenda'''==  
 +
 
Meeting Recording: https://fccdl.in/td2yp1GXTh (temporary)
 
Meeting Recording: https://fccdl.in/td2yp1GXTh (temporary)
  
Line 55: Line 56:
 
#* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29  TF4FA Ballot Reconciliation (wiki)]
 
#* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29  TF4FA Ballot Reconciliation (wiki)]
 
#* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline]  
 
#* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline]  
#** Comments 42-51 up for vote (review if necessary) ''' ''Suzanne to confirm''' ''
+
#** Comments 42-50 up for vote (review if necessary) '''
 
#''(10 min)'' '''PASS Audit ''' document update - Mike
 
#''(10 min)'' '''PASS Audit ''' document update - Mike
 
#* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services
 
#* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services
#''(05 min)'' '''TF4FA Trust Framework Volume 3''' (placeholder) - Mike, Chris
+
#''(05 min)'' '''TF4FA Trust Framework Volume 3''' - Mike, Chris
 
# Is Privacy Obsolete - Mike
 
# Is Privacy Obsolete - Mike
 
#* added to WGM agenda
 
#* added to WGM agenda
Line 72: Line 73:
 
Roll taken, agenda changes: none  
 
Roll taken, agenda changes: none  
  
 
+
Meeting minutes to approve:
Meeting minutes:  
+
* August 7, 2918 Motion for approval: (Suzanne / Kathleen)
August 7, 2918 Motion for approval: (Suzanne / Kathleen)
 
 
Opposed: none; abstentions: none approved 7
 
Opposed: none; abstentions: none approved 7
  
August 14, 2018 Motion for approval: (Suzanne / Kathleen)
+
* August 14, 2018 Motion for approval: (Suzanne / Kathleen)
 
Opposed: none; abstentions: none: approved: 7
 
Opposed: none; abstentions: none: approved: 7
If we are going talk to Federal Agencies, we should start the outreach now
+
Comment: ''If we are going talk to Federal Agencies, we should start the outreach now''
  
 
''''GDPR White Paper on FHIR'''
 
''''GDPR White Paper on FHIR'''
* talked about this subject on the FHIR-Securit
+
* talked about this subject on the FHIR-Security
 
** chat-a-ton tract at the upcoming FHIR Connectathon
 
** chat-a-ton tract at the upcoming FHIR Connectathon
* for people at the conenctathon to come in and have a discussion with 'us' regarding GDPR
+
* for people at the Connectathon to come in and have a discussion with 'us' regarding GDPR
* additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text tht has already been written
+
* additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text that has already been written
 
** there isn't significant work at the moment that has been completed, but hopefully more by WGM
 
** there isn't significant work at the moment that has been completed, but hopefully more by WGM
 
* is GDPR white paper for here? Internationally?
 
* is GDPR white paper for here? Internationally?
** white paper to expressto eexpress capabilies integrated into fhir which have anapplicability relative to GDPR for security and privacy
+
** white paper to express capabilities integrated into FHIR which have an applicability relative to GDPR for security and privacy
**suspect portabilytwill be touched upon, may integrate FHIRi but not much more to say about that now
+
**suspect portability will be touched upon, may integrate FHIRi but not much more to say about that now
 
** check, check no check the FHIR feature to security and Privacy?  (Answer: Yes)
 
** check, check no check the FHIR feature to security and Privacy?  (Answer: Yes)
* additional questions/commetns?  none brough forward
+
* additional questions/comments?  none brought forward
 
 
 
 
TF4FA Balot reconciliation
 
Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-51 (date dispositions completed 8/14) Suzanne/Mike
 
opposed: none; abstain: 1(Joe Lamy); approve: 6
 
  
Please review 51-57 for voting next week
+
'''TF4FA Ballot reconciliation'''
 +
Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-50 (date dispositions completed 8/14) Suzanne/Mike
 +
opposed: none; abstain: 1 (Joe Lamy); approve: 6
  
 +
Please review 51-57 for voting next week spreadsheet link: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)
  
PASS AUDIT post ballot document update
+
'''PASS AUDIT post ballot document update'''
 
* no update
 
* no update
  
TF4FA Volume 3 Audit - in progress (''its more about Provenance'' than anything else)… Volume 3 - Provenance
+
'''TF4FA Volume 3''' Audit - in progress (''it’s more about Provenance'' than anything else)… Volume 3 - Provenance
 
* Plan is to discuss during the September meeting, ballot in January
 
* Plan is to discuss during the September meeting, ballot in January
* because of work with both audit and trust fraemwok volumes 1,2 - we hav e a shortage of resources
+
* because of work with both audit and trust framework volumes 1,2 - we have a shortage of resources
* hoping we will have more aviaalbe beyond the already presented graphics
+
* hoping we will have more available beyond the already presented graphics
* general update at MON Q3/Q4 plus additional discussion during Secuirty-only call during WGM
+
* general update at MON Q3/Q4 plus additional discussion during Security-only call during WGM
  
'''Privacy Obsolete
+
'''Privacy Obsolete'''
 
* declaring victory and wrapping up
 
* declaring victory and wrapping up
 
** Facebook or Amazon or Twitter, the sage of GDPR is playing out
 
** Facebook or Amazon or Twitter, the sage of GDPR is playing out
Line 116: Line 114:
  
 
'''Baltimore WGM Agenda'''
 
'''Baltimore WGM Agenda'''
* not all engaged in FHIR Security; Mike would like JohnM to report out on the details/overview of FHIR-Securit and Privacy - time to cover in detail at another Q
+
* not all engaged in FHIR Security; Mike would like JohnM to report out on the details/overview of FHIR-Security and Privacy - time to cover in detail at another Q
** Monday Q3/Q4 - small segment, high level ''what is security privacy int he context of FHIR'' (not deep)
+
** Monday Q3/Q4 - small segment, high level ''what is security privacy in the context of FHIR'' (not deep)
** since Dave Pyke will not be avialalbe, the Tuesday Q3 will cover a deepter discussion of Security and Privacy FHIR capabilities, wit Q&A, move forward plan in the upcoming 6-months or so; changes since STU3
+
** since Dave Pyke will not be available, the Tuesday Q3 will cover a deeper discussion of Security and Privacy FHIR capabilities, with Q&A, move forward plan in the upcoming 6-months or so; changes since STU3
 
** may record (no indicated technical constraints for the Baltimore meeting)
 
** may record (no indicated technical constraints for the Baltimore meeting)
 
** John may be able to locate some FHIR Security (background) videos if anyone is interested
 
** John may be able to locate some FHIR Security (background) videos if anyone is interested
Line 125: Line 123:
 
* topics: Kathleen will outreach to Trish, Alex for topics
 
* topics: Kathleen will outreach to Trish, Alex for topics
  
Motion to adjorn (Kathleen)
+
Motion to adjourn (Kathleen)
Meeting adjorned at --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:39, 21 August 2018 (EDT) Arizona Time
+
Meeting adjourned at --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:39, 21 August 2018 (EDT) Arizona Time

Revision as of 20:11, 21 August 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Mohammed Jafari . Jim Kretz . Peter Bachman . [mailto: ]
. Beth Pumo . Bo Dagnall . [mailto: ] . [mailto: ]

Back to Security Main Page

Agenda

Meeting Recording: https://fccdl.in/td2yp1GXTh (temporary)

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of:
  3. (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
  4. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  5. (10 min) PASS Audit document update - Mike
  6. (05 min) TF4FA Trust Framework Volume 3 - Mike, Chris
  7. Is Privacy Obsolete - Mike
    • added to WGM agenda
  8. (05 min) Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland

Back to Security Main Page

Meeting Minutes (DRAFT)

Chair: Chris Shawn

Roll taken, agenda changes: none

Meeting minutes to approve:

  • August 7, 2918 Motion for approval: (Suzanne / Kathleen)

Opposed: none; abstentions: none approved 7

  • August 14, 2018 Motion for approval: (Suzanne / Kathleen)

Opposed: none; abstentions: none: approved: 7 Comment: If we are going talk to Federal Agencies, we should start the outreach now

'GDPR White Paper on FHIR

  • talked about this subject on the FHIR-Security
    • chat-a-ton tract at the upcoming FHIR Connectathon
  • for people at the Connectathon to come in and have a discussion with 'us' regarding GDPR
  • additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text that has already been written
    • there isn't significant work at the moment that has been completed, but hopefully more by WGM
  • is GDPR white paper for here? Internationally?
    • white paper to express capabilities integrated into FHIR which have an applicability relative to GDPR for security and privacy
    • suspect portability will be touched upon, may integrate FHIRi but not much more to say about that now
    • check, check no check the FHIR feature to security and Privacy? (Answer: Yes)
  • additional questions/comments? none brought forward

TF4FA Ballot reconciliation Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-50 (date dispositions completed 8/14) Suzanne/Mike opposed: none; abstain: 1 (Joe Lamy); approve: 6

Please review 51-57 for voting next week spreadsheet link: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)

PASS AUDIT post ballot document update

  • no update

TF4FA Volume 3 Audit - in progress (it’s more about Provenance than anything else)… Volume 3 - Provenance

  • Plan is to discuss during the September meeting, ballot in January
  • because of work with both audit and trust framework volumes 1,2 - we have a shortage of resources
  • hoping we will have more available beyond the already presented graphics
  • general update at MON Q3/Q4 plus additional discussion during Security-only call during WGM

Privacy Obsolete

  • declaring victory and wrapping up
    • Facebook or Amazon or Twitter, the sage of GDPR is playing out
    • at a point where we are not taking more input and write up what we have

Baltimore WGM Agenda

  • not all engaged in FHIR Security; Mike would like JohnM to report out on the details/overview of FHIR-Security and Privacy - time to cover in detail at another Q
    • Monday Q3/Q4 - small segment, high level what is security privacy in the context of FHIR (not deep)
    • since Dave Pyke will not be available, the Tuesday Q3 will cover a deeper discussion of Security and Privacy FHIR capabilities, with Q&A, move forward plan in the upcoming 6-months or so; changes since STU3
    • may record (no indicated technical constraints for the Baltimore meeting)
    • John may be able to locate some FHIR Security (background) videos if anyone is interested

Additional Agenda items? none added for WGM or Teleconference

  • topics: Kathleen will outreach to Trish, Alex for topics

Motion to adjourn (Kathleen) Meeting adjourned at --Suzannegw (talk) 15:39, 21 August 2018 (EDT) Arizona Time

Retrieved from "https://wiki.hl7.org/w/index.php?title=August_21,_2018_Security_Conference_Call&oldid=160220"