Difference between revisions of "June 12, 2012 Security Working Group Conference Call"
| Line 27: | Line 27: | ||
Roll Call, Approve Minutes & Accept Agenda | Roll Call, Approve Minutes & Accept Agenda | ||
| − | '''Presentation on Healthcare Privacy and Security Classification System''' Mike Davis explained the genesis of the adapting industry classification schemes such as those used by the postal service and intelligence community to healthcare. He noted that the restructuring of the HL7 Security and Privacy vocabulary, which was prompted by the analysis done for the HL7 Confidentiality Code Refactoring project, resulted in | + | '''Presentation on Healthcare Privacy and Security Classification System''' Mike Davis explained the genesis of the adapting industry classification schemes such as those used by the postal service and intelligence community to healthcare. He noted that the restructuring of the HL7 Security and Privacy vocabulary, which was prompted by the analysis done for the HL7 Confidentiality Code Refactoring project, resulted in development of guidance on how that vocabulary should be used at various security layers. These layers or "envelopes" are encrypted encapsulation of metadata required by authorized receivers to perform routing and access control of the contents within each envelope. The outer envelopes do not reveal the protected information. Authorized receivers of protected content may have to assert entitlement to the protected information and commit to complying with obligations and policies governing how the protected information is to be used in order to access the decryption key. Arnon raised a number of questions about the utility of the "envelope" metaphor when senders should ensure that receivers are authorized to access the protected information before sending it. Mike explained the requirement in terms of a healthcare staff person being able to request protected information but not being entitled to access the content, which would only be made available to authorized clinicians by the the healthcare enterprise access control system. |
''(15 min)'' *Items Agreed upon for Harmonization: | ''(15 min)'' *Items Agreed upon for Harmonization: | ||
Revision as of 18:17, 12 June 2012
Contents
Security Working Group Meeting
Attendees
- Arnon Rosenthal
- Braithwaite
- Kathleen Connor
- Mike Davis Security Co-chair
- Erin Fitzsimmons
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Proposed Health Care Privacy and Security Classification System BallotPresentation Kathleen Connor
- (15 min) HL7 Security Service Oriented Architecture Domain Analysis Model (SSOA DAM) and approval of HL7 Security SOA Architecture Project Scope Statement Kathleen Connor
- New Conference Call Time - Doodle Poll
- (15 min) Item3
- (5 min) Other Business
Meeting Minutes DRAFT
Roll Call, Approve Minutes & Accept Agenda
Presentation on Healthcare Privacy and Security Classification System Mike Davis explained the genesis of the adapting industry classification schemes such as those used by the postal service and intelligence community to healthcare. He noted that the restructuring of the HL7 Security and Privacy vocabulary, which was prompted by the analysis done for the HL7 Confidentiality Code Refactoring project, resulted in development of guidance on how that vocabulary should be used at various security layers. These layers or "envelopes" are encrypted encapsulation of metadata required by authorized receivers to perform routing and access control of the contents within each envelope. The outer envelopes do not reveal the protected information. Authorized receivers of protected content may have to assert entitlement to the protected information and commit to complying with obligations and policies governing how the protected information is to be used in order to access the decryption key. Arnon raised a number of questions about the utility of the "envelope" metaphor when senders should ensure that receivers are authorized to access the protected information before sending it. Mike explained the requirement in terms of a healthcare staff person being able to request protected information but not being entitled to access the content, which would only be made available to authorized clinicians by the the healthcare enterprise access control system.
(15 min) *Items Agreed upon for Harmonization:
Revised presentation on HL7 Security WG July Harmonization Proposals]
New Conference Call Time - Doodle Poll
Item3
(5 min) Other Business
