This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "August 14, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
==Attendees==
 
==Attendees==
+
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
Line 8: Line 8:
 
|-
 
|-
 
||  .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
 
||  .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
+
||||.|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
 
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
Line 15: Line 15:
 
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:mike.davis@va.gov Mike Davis]
 
||||x|| [mailto:mike.davis@va.gov Mike Davis]
||||.|| [mailto:david.staggs@bookzurman.com David Staggs]
+
||||x|| [mailto:david.staggs@bookzurman.com David Staggs]
 
   
 
   
 
|-
 
|-
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
 
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
||||.|| [mailto:joe.lamy@aegis.net Joe Lamy]
+
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy]
 
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
 
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
 
|-
 
|-
Line 40: Line 40:
 
|-
 
|-
 
|}
 
|}
 +
 +
Joe L, Mike, chris shawn dave s, david stags, diana, Francisco, jim K
  
 
=='''Agenda'''==
 
=='''Agenda'''==
Line 45: Line 47:
 
#''(5 min)'' Review and Approval of:   
 
#''(5 min)'' Review and Approval of:   
 
#* [http://wiki.hl7.org/index.php?title=August_07,_2018_Security_Conference_Call August 07, 2018 Security Conference Call]
 
#* [http://wiki.hl7.org/index.php?title=August_07,_2018_Security_Conference_Call August 07, 2018 Security Conference Call]
#* http://wiki.hl7.org/index.php?title=Jul_31,_2018_Security_Conference_Call
 
#* ''Meeting Minutes (in process)'' [http://wiki.hl7.org/index.php?title=Jul_17,_2018_Security_Conference_Call July 17, 2018 Security Call]
 
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' update -  Alex, John, Kathleen
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' update -  Alex, John, Kathleen
 
#''(5 min)'' '''PSS Review and Vote''' [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/Cross%20Paradigm%20Interoperable%20Implementation%20IG/HL7%20Project%20Scope%20Statement%20Cross%20Paradigm%20Extension08022018a%20.docx Cross Paradigm Interoperable Implementation IG PSS]
 
#''(5 min)'' '''PSS Review and Vote''' [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/Cross%20Paradigm%20Interoperable%20Implementation%20IG/HL7%20Project%20Scope%20Statement%20Cross%20Paradigm%20Extension08022018a%20.docx Cross Paradigm Interoperable Implementation IG PSS]
Line 65: Line 65:
 
Chair: Chris Shawn
 
Chair: Chris Shawn
  
Roll taken
+
Roll taken, no additions made to agenda
 +
 
 +
'''GDPR whitepaper on FHIR update'''
 +
* Link to Rene Spronk's GDPR presentation: https://vimeo.com/267769545 password GDPR (4 capitals) approx. 30 min long.
 +
* highly recommended by Mike Davis
 +
 
 +
'''PSS'''
 +
MOTION made:  For Security to be a co-sponsor for PSS linked as presented (Suzanne/MIke)
 +
objections: none; abstentions: none; motion approved: 10
 +
 
 +
'''TF4FA Ballot reconciliation'''
 +
MOTION: To approve block of TF4FA ballot comments 25-41 (Suzanne/Mike)
 +
objections: none; abstentions: none; motion approved: 10
 +
 
 +
* Sub-Groups meeting earlier on Tuesdays,
 +
*  Comments 42-51 ballot resolutions completed today
 +
 
 +
'''PASS Audit''' document update
 +
* No update on AUDIT
 +
 
 +
'''TF4FA Trust Framework - Volume 3'''
 +
* Met this week to discuss; understand that there is a great deal of interested in Provenance
 +
* reviewed by Kathleen with complements
 +
* plan to present document update at the September WGM, balloting in January
 +
* added to WGM, Security-CBCP Q3/Q4 MON joint session
 +
* Document will be put out to Security and CBCP listserve as soon as we can for review (pre-ballot)
 +
* presented major graphics at the Security WG, its a matter of filling in the content
 +
* no questions
 +
 
 +
'''Privacy Obsolete'''
 +
* Plan to present results at the WGM,(added to the joint agenda CBCP-Security MON Q3/Q4 joint meeting)
 +
* there is a tremendous amount of information being gathered (enough for 3+ years)
 +
** trying to narrow it down and make resources available
 +
** We have to make some tables that summarize the principal vectors that we were looking at
 +
*** i.e. technology, policy viewpoints
 +
** we will most likely not have a definitive conclusion, but information can be evaluated, its very specific to what country you're living (i.e.US:good luck, EU:better, etc)
 +
* Mike does not feel that its obsolete--that's what the paper will draw out, that there are a lot of challenges
 +
** PPT given at May 2018 meeting which will be very close to where we are at
 +
 
 +
'''Baltimore WGM Agenda'''
 +
* Added to TUE Q4 - Update TO PSAF Working Session to PSAF/TF4FA Volume 3 Working Session)
 +
** (Move from TUE Q1 (TF4FA - Volume 3) for additional discussion time)
 +
* DISCUSSIONS on major changes in FHIR (from experts) ; full quarter desired for overview discussion
 +
** discussion/report out of changes expected to see. Something in between FHIR for DUMMIES and FHIR for TECHNICAL discussion
 +
** Drill down of activities 
 +
* suggest to add to (TUE Q3 entire quarter)
 +
 
 +
'''NEW AGENDA ITEM'''
 +
* Mike mentioned that a few folk have been close to the TEFCA;
 +
** add discussion around TEFCA; anticipating that ONC will put something out/next version (suggested:
 +
** TEFCA update; more than what does TEFCA and its acronym mean...
 +
*** in the US the Feds have been involved in their own Working Group to make TEFCA recommendations and express concerns
 +
*** if we have an opportunity to talk to that; (more than 10 minutes)
 +
** schedule a Q on TEFCA; invite ONC, VA, IHS, CMS, SSA, DoD (US Federal Agencies)
 +
*** issues around the TEFCA that is of interest to HL7
 +
# finishing up of POU; current  TEFCA has defined POU, but is different.... some states have need for Emergency access/not currently authorized, which is not part of TEFCA; HL7 needs to do a better job of promoting...making TEFCA standards based and not 'made up' by verticles (TEFCA has its own, VA has its own, DURSA has its own); we want to coax ONC into adopting the HL7 standards;
 +
* because we are very willing to put into th voca into the vertical; Sequoa, CommenWell or whomever
 +
 
 +
'''NEW AGENDA ITEM'''
 +
* OASIS Update to XSPA-SAML (add to Q3 Q4 joint) as part of international standards
 +
 
 +
Motion to Adjourn: (Suzanne)
 +
Meeting adjourned at 1234 Arizona Time  --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:35, 14 August 2018 (EDT)

Latest revision as of 20:47, 28 August 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair . Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Diana Proud-Madruga x Francisco Jauregui x Joe Lamy . Greg Linden
. Rhonna Clark . Grahame Grieve . Johnathan Coleman . [mailto: Matt Blackman, Sequoia]
. Mohammed Jafari x Jim Kretz . Peter Bachman x Dave Silver
. Beth Pumo . Bo Dagnall . Riki Merrick . [mailto: Julie Maas]

Joe L, Mike, chris shawn dave s, david stags, diana, Francisco, jim K

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of:
  3. (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
  4. (5 min) PSS Review and Vote Cross Paradigm Interoperable Implementation IG PSS
  5. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  6. (10 min) PASS Audit post ballot reconciliation document update - Mike
  7. (05 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
  8. Is Privacy Obsolete - Mike
  9. (05 min) Placeholder: HL7 WGM Baltimore planning

Back to Security Main Page

Meeting Minutes (DRAFT)

Chair: Chris Shawn

Roll taken, no additions made to agenda

GDPR whitepaper on FHIR update

  • Link to Rene Spronk's GDPR presentation: https://vimeo.com/267769545 password GDPR (4 capitals) approx. 30 min long.
  • highly recommended by Mike Davis

PSS MOTION made: For Security to be a co-sponsor for PSS linked as presented (Suzanne/MIke) objections: none; abstentions: none; motion approved: 10

TF4FA Ballot reconciliation MOTION: To approve block of TF4FA ballot comments 25-41 (Suzanne/Mike) objections: none; abstentions: none; motion approved: 10

  • Sub-Groups meeting earlier on Tuesdays,
  • Comments 42-51 ballot resolutions completed today

PASS Audit document update

  • No update on AUDIT

TF4FA Trust Framework - Volume 3

  • Met this week to discuss; understand that there is a great deal of interested in Provenance
  • reviewed by Kathleen with complements
  • plan to present document update at the September WGM, balloting in January
  • added to WGM, Security-CBCP Q3/Q4 MON joint session
  • Document will be put out to Security and CBCP listserve as soon as we can for review (pre-ballot)
  • presented major graphics at the Security WG, its a matter of filling in the content
  • no questions

Privacy Obsolete

  • Plan to present results at the WGM,(added to the joint agenda CBCP-Security MON Q3/Q4 joint meeting)
  • there is a tremendous amount of information being gathered (enough for 3+ years)
    • trying to narrow it down and make resources available
    • We have to make some tables that summarize the principal vectors that we were looking at
      • i.e. technology, policy viewpoints
    • we will most likely not have a definitive conclusion, but information can be evaluated, its very specific to what country you're living (i.e.US:good luck, EU:better, etc)
  • Mike does not feel that its obsolete--that's what the paper will draw out, that there are a lot of challenges
    • PPT given at May 2018 meeting which will be very close to where we are at

Baltimore WGM Agenda

  • Added to TUE Q4 - Update TO PSAF Working Session to PSAF/TF4FA Volume 3 Working Session)
    • (Move from TUE Q1 (TF4FA - Volume 3) for additional discussion time)
  • DISCUSSIONS on major changes in FHIR (from experts) ; full quarter desired for overview discussion
    • discussion/report out of changes expected to see. Something in between FHIR for DUMMIES and FHIR for TECHNICAL discussion
    • Drill down of activities
  • suggest to add to (TUE Q3 entire quarter)

NEW AGENDA ITEM

  • Mike mentioned that a few folk have been close to the TEFCA;
    • add discussion around TEFCA; anticipating that ONC will put something out/next version (suggested:
    • TEFCA update; more than what does TEFCA and its acronym mean...
      • in the US the Feds have been involved in their own Working Group to make TEFCA recommendations and express concerns
      • if we have an opportunity to talk to that; (more than 10 minutes)
    • schedule a Q on TEFCA; invite ONC, VA, IHS, CMS, SSA, DoD (US Federal Agencies)
      • issues around the TEFCA that is of interest to HL7
  1. finishing up of POU; current TEFCA has defined POU, but is different.... some states have need for Emergency access/not currently authorized, which is not part of TEFCA; HL7 needs to do a better job of promoting...making TEFCA standards based and not 'made up' by verticles (TEFCA has its own, VA has its own, DURSA has its own); we want to coax ONC into adopting the HL7 standards;
  • because we are very willing to put into th voca into the vertical; Sequoa, CommenWell or whomever

NEW AGENDA ITEM

  • OASIS Update to XSPA-SAML (add to Q3 Q4 joint) as part of international standards

Motion to Adjourn: (Suzanne) Meeting adjourned at 1234 Arizona Time --Suzannegw (talk) 15:35, 14 August 2018 (EDT)