Difference between revisions of "April 19, 2011 Security Conference Call"
(→Agenda) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 13: | Line 13: | ||
* [mailto:robert.horn@agfa.com Rob Horn] | * [mailto:robert.horn@agfa.com Rob Horn] | ||
* [mailto:michelle.johnston2@va.gov Michelle Johnston] | * [mailto:michelle.johnston2@va.gov Michelle Johnston] | ||
| − | * [mailto: Jim Kretz] | + | * [mailto:jim.kretz@samhsa.hhs.gov Jim Kretz] |
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair | * [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair | ||
* [mailto:milan.petkovic@phillips.com Milan Petkovic] | * [mailto:milan.petkovic@phillips.com Milan Petkovic] | ||
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga] | * [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga] | ||
| − | |||
| − | |||
* [mailto:craig.winter@va.gov Craig Winter] | * [mailto:craig.winter@va.gov Craig Winter] | ||
| Line 29: | Line 27: | ||
#''(15 min)'' '''hData Risk Assessment''' | #''(15 min)'' '''hData Risk Assessment''' | ||
#''(15 min)'' '''HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”''' - John Moehrke | #''(15 min)'' '''HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”''' - John Moehrke | ||
| − | |||
| − | |||
| − | |||
| − | |||
==Meeting Minutes== | ==Meeting Minutes== | ||
| Line 39: | Line 33: | ||
I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”. | I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”. | ||
| − | [http://www.hhs.gov/news/press/2011pres/03/20110325a.html News Release] | + | * [http://www.hhs.gov/news/press/2011pres/03/20110325a.html News Release] |
| − | [http://healthit.hhs.gov/portal/server.pt/community/fed_health_it_strategic_plan/1211/home/15583 Home for Plan] | + | * [http://healthit.hhs.gov/portal/server.pt/community/fed_health_it_strategic_plan/1211/home/15583 Home for Federal Health IT Strategic Plan] |
| − | [http://healthit.hhs.gov/portal/server.pt/document/954074/federal_hit_strategic_plan_public_comment_period | + | * [http://healthit.hhs.gov/portal/server.pt/document/954074/federal_hit_strategic_plan_public_comment_period Strategic Plan Public Comment Period] |
| − | Specifically they have asked for our input on “Goal III: Inspire Confidence and Trust In Health IT”. I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations. | + | Specifically they have asked for our input on '''“Goal III: Inspire Confidence and Trust In Health IT” '''. I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations. |
| − | ''On Goal III: Inspire Confidence and Trust In Health IT, HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).'' | + | '' '''On Goal III: Inspire Confidence and Trust In Health IT,''' HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).'' |
'''ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.''' | '''ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.''' | ||
| Line 54: | Line 48: | ||
PS. I have responded to Goal III on [http://healthcaresecprivacy.blogspot.com/2011/03/thoughts-on-goal-iii-of-onc-healthit.html my blog]. I am happy to offer any of it that the WG feels is useful. | PS. I have responded to Goal III on [http://healthcaresecprivacy.blogspot.com/2011/03/thoughts-on-goal-iii-of-onc-healthit.html my blog]. I am happy to offer any of it that the WG feels is useful. | ||
| + | |||
| + | '''ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy''' | ||
| + | |||
| + | This list is under construction: | ||
| + | * HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25) | ||
| + | * Implementation Guide for CDA Release 2.0 Privacy Consent Directive | ||
| + | * RBAC Permissions Catalog | ||
| + | * SAIF - Privacy, Access and Security Services (PASS) | ||
| + | ** Access Control Service | ||
| + | ** Healthcare Audit Services | ||
| + | * EHR Functional Model | ||
| + | ** (TBD) | ||
| + | * Transport Specification | ||
| + | ** Transport Layer Security (TLS) | ||
==Action Items== | ==Action Items== | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
Latest revision as of 17:54, 19 April 2011
Contents
Security Working Group Meeting
Attendees
- Bill Braithwaite, MD
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Allen Hobbs
- Rob Horn
- Michelle Johnston
- Jim Kretz
- John Moehrke Security Co-chair
- Milan Petkovic
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) hData Risk Assessment
- (15 min) HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015” - John Moehrke
Meeting Minutes
USA “Federal Health IT Strategic Plan: 2011-2015 e-mail from John Moehrke to Security Listserve I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”.
Specifically they have asked for our input on “Goal III: Inspire Confidence and Trust In Health IT” . I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations.
On Goal III: Inspire Confidence and Trust In Health IT, HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).
ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.
Note: The Deadline for comments as been extended two weeks (from this Friday), the HL7 Policy Advisory Committee has requested that we get them our feedback by WEDNESDAY so that they have time to integrate it.
PS. I have responded to Goal III on my blog. I am happy to offer any of it that the WG feels is useful.
ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy
This list is under construction:
- HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
- Implementation Guide for CDA Release 2.0 Privacy Consent Directive
- RBAC Permissions Catalog
- SAIF - Privacy, Access and Security Services (PASS)
- Access Control Service
- Healthcare Audit Services
- EHR Functional Model
- (TBD)
- Transport Specification
- Transport Layer Security (TLS)
