This wiki has undergone a migration to Confluence found Here
Difference between revisions of "Talk:HL7 WGM SEPTEMBER 2014 - Chicago, Illinois USA Security WG"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (Created page with "Potential New Projects * Platform Consent-Decision service ** ask is for this to support FHIR, may support other. ** Would need to consider International mechanisms *** Might...") |
JohnMoehrke (talk | contribs) |
||
Line 1: | Line 1: | ||
− | Potential New Projects | + | =Potential New Projects= |
* Platform Consent-Decision service | * Platform Consent-Decision service | ||
** ask is for this to support FHIR, may support other. | ** ask is for this to support FHIR, may support other. | ||
Line 21: | Line 21: | ||
** Should we approach Safety to integrate safety risk too? | ** Should we approach Safety to integrate safety risk too? | ||
* | * | ||
+ | |||
+ | =Security (Privacy?) Tutorials/Webinars= | ||
+ | * Executing Privacy and Security Risk Assessment | ||
+ | ** Target: Facilitators, Co-Chairs | ||
+ | ** Focus on using our 'handbook' -- "Usefully" and be compliant to HL7 process | ||
+ | ** Potentially a Sunday Afternoon, or | ||
+ | ** Could we do 1 hour Q0? | ||
+ | * Policy Summit | ||
+ | ** Privacy Protected Patient Health Ecosystem | ||
+ | ** David | ||
+ | * Webinars | ||
+ | ** Lower impact, and easier to target audience | ||
+ | ** November -- Three | ||
+ | * Find what is needed | ||
+ | ** Send survey to whole HL7 community asking what they would like to see in tutorials/webinars | ||
+ | ** |
Latest revision as of 15:08, 18 September 2014
Potential New Projects
- Platform Consent-Decision service
- ask is for this to support FHIR, may support other.
- Would need to consider International mechanisms
- Might need to have alternatives: OAuth/UMA vs SAML/XACML
- Should be driven in Security WG, under SOA PASS Access Control
- Note IHE - Secure Document Retrieve supplement is similar, using SAML/ACML but bound to XDS
- Disclosure Event Recording
- Profile of SecurityEvent for recording specifically a Disclosure
- Based on PASS Audit
- Could also include Disclosure Reporting
- Could have Questionnaire
- Update Security Risk Assessment cookbook to include Privacy-By-Design -- Integrating carefully Privacy Impact Assessments with Security Risk Assessment.
- Need set of Privacy and Security Terms
- Need to make more useful for HL7 WG to use when building HL7 products
- Useful: We need to make this light weight, but effective.
- Need one procedure, that procedure should have a library of existing work (e.g. Genomics Security from ISO)
- Should we bring in a Functional specification (e.g. NIST 800-53 v4 which has security controls)? -- ISO-27799, Common Criteria,
- Note NIST also has Security Considerations, and another new one on Privacy Considerations
- Should we create an army of P&S Facilitators that know how to use the handbook and can aid workgroups on 'useful use'
- Should we approach Safety to integrate safety risk too?
Security (Privacy?) Tutorials/Webinars
- Executing Privacy and Security Risk Assessment
- Target: Facilitators, Co-Chairs
- Focus on using our 'handbook' -- "Usefully" and be compliant to HL7 process
- Potentially a Sunday Afternoon, or
- Could we do 1 hour Q0?
- Policy Summit
- Privacy Protected Patient Health Ecosystem
- David
- Webinars
- Lower impact, and easier to target audience
- November -- Three
- Find what is needed
- Send survey to whole HL7 community asking what they would like to see in tutorials/webinars