This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 WGM May 2015 - Paris, France - Security WG - Minutes"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
|||
(31 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Minutes from Security WG | Minutes from Security WG | ||
= Tuesday Q1 = | = Tuesday Q1 = | ||
− | * | + | *''' Attendees''' |
− | ** John Moehrke - Co-Chair | + | ** Chaired by John Moehrke - Co-Chair |
** Alex Mense - Co-Chair | ** Alex Mense - Co-Chair | ||
− | ** Miyohara | + | ** Hideyuki Miyohara |
** Jonathan Coleman | ** Jonathan Coleman | ||
** Clay Sebourn - Clay.Sebourn@emc.com | ** Clay Sebourn - Clay.Sebourn@emc.com | ||
** NOT! Princess Trish Williams - Co-Chair | ** NOT! Princess Trish Williams - Co-Chair | ||
− | + | * '''Agenda Reviewed''' [[HL7 WGM May 2015 - Paris, France - Security WG]] | |
− | * Agenda Reviewed [[HL7 WGM May 2015 - Paris, France - Security WG]] | ||
** Approved 4/0/0 | ** Approved 4/0/0 | ||
** Jonathan Coleman - Moved | ** Jonathan Coleman - Moved | ||
Line 19: | Line 18: | ||
** Jonathan Coleman - Moved | ** Jonathan Coleman - Moved | ||
** Alex - Second | ** Alex - Second | ||
− | * International Reportout | + | * '''International Reportout''' |
** ISO - Hideyuki | ** ISO - Hideyuki | ||
− | *** Presentation | + | *** [http://www.hl7.org/documentcenter/public/wg/secure/minutes/WG4_Report_to_Plenary_for_San_Francisco_v8.ppt Presentation given] |
** IHE - John | ** IHE - John | ||
*** ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter) | *** ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter) | ||
Line 28: | Line 27: | ||
= Tuesday Q2 = | = Tuesday Q2 = | ||
− | * | + | * '''Attendees''' |
− | ** John Moehrke - Co-Chair | + | ** Chaired by John Moehrke - Co-Chair |
** Alex Mense - Co-Chair | ** Alex Mense - Co-Chair | ||
− | ** Miyohara | + | ** Hideyuki Miyohara |
** Jonathan Coleman | ** Jonathan Coleman | ||
** Clay Sebourn - Clay.Sebourn@emc.com | ** Clay Sebourn - Clay.Sebourn@emc.com | ||
Line 38: | Line 37: | ||
** Comelia Felder - comelia.felder@roche.com | ** Comelia Felder - comelia.felder@roche.com | ||
− | * Privacy on FHIR - Jonathan Coleman | + | * '''Privacy on FHIR''' - Jonathan Coleman |
+ | ** [http://www.hl7.org/documentcenter/public/wg/secure/minutes/HIMSS15_Privacy%20on%20FHIR%20r4.pdf Presentation given] | ||
** ONC and VA initiative to demonstrate Privacy on FHIR | ** ONC and VA initiative to demonstrate Privacy on FHIR | ||
** Not an effort to create standards or guidance documentation | ** Not an effort to create standards or guidance documentation | ||
** Using HCS, SLS, Ontology, DS4P, and consent | ** Using HCS, SLS, Ontology, DS4P, and consent | ||
** OpenID, OAuth2, UMA | ** OpenID, OAuth2, UMA | ||
− | * Data Provenance IG - Jonathan Coleman | + | * '''Data Provenance IG''' - Jonathan Coleman |
** comments resolved awaiting final DSTU soon | ** comments resolved awaiting final DSTU soon | ||
− | * FHIR Ballot triage | + | * '''FHIR Ballot triage''' |
= Tuesday Q3 = | = Tuesday Q3 = | ||
− | * FHIR Ballot triage | + | * '''FHIR Ballot triage''' continued |
=Tuesday Q4 = | =Tuesday Q4 = | ||
Line 55: | Line 55: | ||
=Wednesday Q2 = | =Wednesday Q2 = | ||
* Joint with SOA (hosted by SEC) | * Joint with SOA (hosted by SEC) | ||
− | * PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist. | + | |
+ | * '''Attendees''' | ||
+ | ** Chaired by Trish Williams - Co-Chair, | ||
+ | ** John Moehrke - Co-Chair, | ||
+ | ** Alex Mense - Co-Chair, | ||
+ | ** Hideyuki Miyohara, | ||
+ | ** Clay Sebourn - Clay.Sebourn@emc.com, | ||
+ | ** Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com, | ||
+ | ** Vince McCauley (SOA Co-chair), | ||
+ | ** Stefano Lotti (SOA Co-Chair), | ||
+ | ** Zachary Huynh, | ||
+ | |||
+ | * '''PASS Access Control.''' | ||
+ | ** Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist. | ||
* Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015. | * Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015. | ||
** Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought. | ** Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought. | ||
Line 65: | Line 78: | ||
* Security will find lead (from those working on the problem). The project will not be created until the people are found. | * Security will find lead (from those working on the problem). The project will not be created until the people are found. | ||
− | * PSS on Approved at TSC 12/05/2015 | + | * '''PSS on Approved''' at TSC 12/05/2015 |
** Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe']. | ** Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe']. | ||
− | Attendees | + | =Wednesday Q3 = |
− | + | * Attendees | |
− | + | ** Chaired by John Moehrke - Co-Chair, | |
− | Alex Mense - Co-Chair | + | ** Trish Williams - Co-Chair |
− | Miyohara, Hideyuki | + | ** Alex Mense - Co-Chair |
− | Clay Sebourn | + | ** Miyohara, Hideyuki |
− | + | ** Clay Sebourn | |
− | + | ** Kevin Shekleton | |
− | + | ** Grahame Grieve | |
− | + | ** Jonathon Coleman | |
+ | ** Josh Mandel | ||
+ | ** David Hay | ||
+ | ** Peter Bernhardt | ||
+ | ** Corey Spears | ||
+ | ** Michael Donnelly | ||
+ | ** Simone Heckmann | ||
− | |||
− | |||
− | + | '''Ballot reconciliation related to FHIR | |
− | + | ''' | |
− | |||
− | + | *'''Josh Mandel presented on Argonaut and SMART on FHIR''' | |
+ | ** Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these? | ||
+ | ** SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/ | ||
=Wednesday Q4 = | =Wednesday Q4 = | ||
− | Ballot | + | * '''Attendees''' |
+ | ** Chaired by Trish Williams - Co-Chair | ||
+ | ** John Moehrke - Co-Chair | ||
+ | ** Alex Mense - Co-Chair | ||
+ | ** Hideyuki Miyohara | ||
+ | ** Clay Sebourn | ||
+ | ** Jonathon Coleman | ||
+ | ** Ken Salyards | ||
+ | ** Frederic Laroche | ||
+ | ** Lloyd McKenzie | ||
+ | ** Grahame Grieve | ||
+ | ** Paul Knapp | ||
+ | ** Michelle Miller | ||
+ | ** Guillaum Rossiana | ||
+ | ** Benoit Schoeffler | ||
+ | ** Corey Spears | ||
+ | |||
+ | * '''Ballot reconciliation related to FHIR (continued)''' | ||
− | + | * '''Discussion on separation of consent from contract in FHIR''' to obtain clarity around how this will work. | |
+ | * CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share). | ||
+ | ** '''Disposition was voted on and approved'''. | ||
+ | |||
+ | =Thursday Q1 = | ||
+ | * '''Attendees''': | ||
+ | ** Chaired by John Moehrke | ||
+ | ** Trish Williams - Co-Chair | ||
+ | ** Alex Mense - Co-Chair | ||
+ | ** Hideyuki Miyohara | ||
+ | ** Clay Sebourn | ||
+ | ** David Hay | ||
+ | ** Michael Donnelly | ||
+ | ** Kevin Shekleton | ||
+ | ** Grahame Grieve | ||
+ | ** Comelia Felder | ||
+ | ** Paul Lomayesva | ||
+ | ** Sadamu Takasaka | ||
+ | ** Masaaki Hirai | ||
+ | ** Peter Bernhardt. | ||
+ | * '''Ballot comments related to FHIR (continued).''' | ||
− | Attendees: Trish Williams | + | * '''WG Administration and Health''' |
+ | ** Attendees: Trish Williams, Alex Mense, John Moehrke, Hideyuki Miyohara | ||
+ | ** WG Health in yellow with 4 outstanding items: M&C <2 yrs, SWOT < 3 yrs, Harmonisation participation, and 2014 TSC election. | ||
+ | *** Revised Mission and Charter (M&C). Proposal to accept Hideyuki Miyohara, seconded by Alex Mense. Approved 3/0/0 | ||
+ | *** Revised SWOT. Proposal to accept by Alex Mense, seconded by Trish Williams. Approved 3/0/0 | ||
+ | *** Harmonisation participation previously misnoted by call of Kathleen's attendance for SEC. Need to ensure at next meeting we email to give comments//no comment. | ||
+ | *** TSC election: We have been penalized all year for this. Next election in June-Aug - Co-chairs to ensure we cover and vote. TSC agreed to go to e-voting this next session. | ||
+ | *** Trish to manage notification to and approvals by HL7. M&C sent to FTSD 14/05/2015. SWOT sent to Anne Wizauer (HL7). | ||
+ | *** Weekly teleconference calls reconfirmed | ||
+ | *** Trish booked rooms for Oct WGM in Atlanta. Invited FHIR Wed Q3 and Thurs Q1. Accepted invites from CBCC for Mon Q3 & Q4. |
Latest revision as of 01:34, 8 June 2015
Minutes from Security WG
Contents
Tuesday Q1
- Attendees
- Chaired by John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Hideyuki Miyohara
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- NOT! Princess Trish Williams - Co-Chair
- Agenda Reviewed HL7 WGM May 2015 - Paris, France - Security WG
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- Minutes
- HL7 Security January 2015 WGM Minutes
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- International Reportout
- ISO - Hideyuki
- IHE - John
- ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter)
- Reminder about De-Identification Handbook as implementation guide on ISO Pseudonymization
Tuesday Q2
- Attendees
- Chaired by John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Hideyuki Miyohara
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- Trish Williams - Co-Chair
- Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com
- Comelia Felder - comelia.felder@roche.com
- Privacy on FHIR - Jonathan Coleman
- Presentation given
- ONC and VA initiative to demonstrate Privacy on FHIR
- Not an effort to create standards or guidance documentation
- Using HCS, SLS, Ontology, DS4P, and consent
- OpenID, OAuth2, UMA
- Data Provenance IG - Jonathan Coleman
- comments resolved awaiting final DSTU soon
- FHIR Ballot triage
Tuesday Q3
- FHIR Ballot triage continued
Tuesday Q4
lack of quorum, canceled
Wednesday Q2
- Joint with SOA (hosted by SEC)
- Attendees
- Chaired by Trish Williams - Co-Chair,
- John Moehrke - Co-Chair,
- Alex Mense - Co-Chair,
- Hideyuki Miyohara,
- Clay Sebourn - Clay.Sebourn@emc.com,
- Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com,
- Vince McCauley (SOA Co-chair),
- Stefano Lotti (SOA Co-Chair),
- Zachary Huynh,
- PASS Access Control.
- Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.
- Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- Under a Platform Specific Model this would require specification of the security token platform?
- RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes.
- For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this.
- PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc).
- Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. This is a clarifier of the Platform Specific Model(discussed above)
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- Security will find lead (from those working on the problem). The project will not be created until the people are found.
- PSS on Approved at TSC 12/05/2015
- Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].
Wednesday Q3
- Attendees
- Chaired by John Moehrke - Co-Chair,
- Trish Williams - Co-Chair
- Alex Mense - Co-Chair
- Miyohara, Hideyuki
- Clay Sebourn
- Kevin Shekleton
- Grahame Grieve
- Jonathon Coleman
- Josh Mandel
- David Hay
- Peter Bernhardt
- Corey Spears
- Michael Donnelly
- Simone Heckmann
Ballot reconciliation related to FHIR
- Josh Mandel presented on Argonaut and SMART on FHIR
- Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these?
- SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/
Wednesday Q4
- Attendees
- Chaired by Trish Williams - Co-Chair
- John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Hideyuki Miyohara
- Clay Sebourn
- Jonathon Coleman
- Ken Salyards
- Frederic Laroche
- Lloyd McKenzie
- Grahame Grieve
- Paul Knapp
- Michelle Miller
- Guillaum Rossiana
- Benoit Schoeffler
- Corey Spears
- Ballot reconciliation related to FHIR (continued)
- Discussion on separation of consent from contract in FHIR to obtain clarity around how this will work.
- CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share).
- Disposition was voted on and approved.
Thursday Q1
- Attendees:
- Chaired by John Moehrke
- Trish Williams - Co-Chair
- Alex Mense - Co-Chair
- Hideyuki Miyohara
- Clay Sebourn
- David Hay
- Michael Donnelly
- Kevin Shekleton
- Grahame Grieve
- Comelia Felder
- Paul Lomayesva
- Sadamu Takasaka
- Masaaki Hirai
- Peter Bernhardt.
- Ballot comments related to FHIR (continued).
- WG Administration and Health
- Attendees: Trish Williams, Alex Mense, John Moehrke, Hideyuki Miyohara
- WG Health in yellow with 4 outstanding items: M&C <2 yrs, SWOT < 3 yrs, Harmonisation participation, and 2014 TSC election.
- Revised Mission and Charter (M&C). Proposal to accept Hideyuki Miyohara, seconded by Alex Mense. Approved 3/0/0
- Revised SWOT. Proposal to accept by Alex Mense, seconded by Trish Williams. Approved 3/0/0
- Harmonisation participation previously misnoted by call of Kathleen's attendance for SEC. Need to ensure at next meeting we email to give comments//no comment.
- TSC election: We have been penalized all year for this. Next election in June-Aug - Co-chairs to ensure we cover and vote. TSC agreed to go to e-voting this next session.
- Trish to manage notification to and approvals by HL7. M&C sent to FTSD 14/05/2015. SWOT sent to Anne Wizauer (HL7).
- Weekly teleconference calls reconfirmed
- Trish booked rooms for Oct WGM in Atlanta. Invited FHIR Wed Q3 and Thurs Q1. Accepted invites from CBCC for Mon Q3 & Q4.