This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 19, 2011 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "=Security Working Group Meeting= * Meeting Information Back to Security Main Page ==Attendees== (expected) * [mailto:talbertson@inpriva.com Tabitha A...")
 
 
(6 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
==Attendees== (expected)
+
==Attendees==  
  
* [mailto:talbertson@inpriva.com Tabitha Albertson]
 
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent
 
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
* [mailto:Kathleen.Connor@microsoft.com Kathleen Connor]
 
 
* [mailto:thomas.davidson@ssa.gov Tom Davidson]
 
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
 
* [mailto:farmer@apelon.com Jon Farmer]
 
* [mailto:farmer@apelon.com Jon Farmer]
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
* [mailto:rhamm@gmail.com Russ Hamm]
+
* [mailto:allen.hobbs@kp.org Allen Hobbs]
 
 
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
* [mailto:djorgenson@inpriva.com Don Jorgenson]
+
* [mailto:jim.kretz@samhsa.hhs.gov Jim Kretz]
* [mailto:rmcclure@apelon.com Rob McClure]
 
 
 
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
* [mailto:ppyette@inpriva.com Pat Pyette]
+
 
 
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga]
 
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga]
* [mailto:scott.m.robertson@kp.org Scott Robertson]
 
* [mailto:kenneth.salyards@samhsa.hhs.gov Ken Salyards]
 
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
 
* [mailto:ioana@eversolve.com Ioana Singureanu]
 
* [mailto:david.staggs@va.gov David Staggs]
 
* [mailto:serafina@eversolve.com Serafina Versaggi]
 
* [mailto:weida@apelon.com Tony Weida]
 
 
* [mailto:craig.winter@va.gov Craig Winter]
 
* [mailto:craig.winter@va.gov Craig Winter]
  
Line 40: Line 25:
 
==Agenda==
 
==Agenda==
 
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda
 
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda
#''(15 min)'' '''Item1'''
+
#''(15 min)'' '''hData Risk Assessment'''
#''(15 min)'' '''Item2'''
+
#''(15 min)'' '''HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”''' - John Moehrke
#''(15 min)'' '''Item3'''  
+
 
#''(5 min)'' '''Other Business'''
+
==Meeting Minutes==
 +
'''USA “Federal Health IT Strategic Plan: 2011-2015'''
 +
''e-mail from John Moehrke to Security Listserve''  
 +
I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”.
 +
 
 +
* [http://www.hhs.gov/news/press/2011pres/03/20110325a.html News Release]
 +
 
 +
* [http://healthit.hhs.gov/portal/server.pt/community/fed_health_it_strategic_plan/1211/home/15583 Home for Federal Health IT Strategic Plan]
 +
 
 +
* [http://healthit.hhs.gov/portal/server.pt/document/954074/federal_hit_strategic_plan_public_comment_period Strategic Plan Public Comment Period]
 +
 
 +
Specifically they have asked for our input on '''“Goal III: Inspire Confidence and Trust In Health IT” '''. I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations. 
 +
 
 +
'' '''On Goal III: Inspire Confidence and Trust In Health IT,''' HL7 believes that more work is needed in this area.  HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks.  Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group.  Results of the risk analysis should be widely available.  One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT.  HL7 recommends  … (specific actions and/or frameworks).''
 +
 
 +
'''ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.'''
 +
 
 +
Note: The Deadline for comments as been extended two weeks (from this Friday), the HL7 Policy Advisory Committee has requested that we get them our feedback by WEDNESDAY so that they have time to integrate it.
 +
 
 +
PS. I have responded to Goal III on [http://healthcaresecprivacy.blogspot.com/2011/03/thoughts-on-goal-iii-of-onc-healthit.html my blog]. I am happy to offer any of it that the WG feels is useful.
 +
 
 +
'''ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy'''
 +
 
 +
This list is under construction:
 +
* HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
 +
* Implementation Guide for CDA Release 2.0 Privacy Consent Directive
 +
* RBAC Permissions Catalog
 +
* SAIF - Privacy, Access and Security Services (PASS)
 +
** Access Control Service
 +
** Healthcare Audit Services
 +
* EHR Functional Model
 +
** (TBD)
 +
* Transport Specification
 +
** Transport Layer Security (TLS)
  
 
==Action Items==
 
==Action Items==
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Latest revision as of 17:54, 19 April 2011

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page


Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) hData Risk Assessment
  3. (15 min) HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015” - John Moehrke

Meeting Minutes

USA “Federal Health IT Strategic Plan: 2011-2015 e-mail from John Moehrke to Security Listserve I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”.

Specifically they have asked for our input on “Goal III: Inspire Confidence and Trust In Health IT” . I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations.

On Goal III: Inspire Confidence and Trust In Health IT, HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).

ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.

Note: The Deadline for comments as been extended two weeks (from this Friday), the HL7 Policy Advisory Committee has requested that we get them our feedback by WEDNESDAY so that they have time to integrate it.

PS. I have responded to Goal III on my blog. I am happy to offer any of it that the WG feels is useful.

ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy

This list is under construction:

  • HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
  • Implementation Guide for CDA Release 2.0 Privacy Consent Directive
  • RBAC Permissions Catalog
  • SAIF - Privacy, Access and Security Services (PASS)
    • Access Control Service
    • Healthcare Audit Services
  • EHR Functional Model
    • (TBD)
  • Transport Specification
    • Transport Layer Security (TLS)

Action Items

Back to Security Main Page