This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 6, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 43: Line 43:
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconcilation is ready for upload]''' - Mike
+
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconciliation is ready for upload]''' - Mike
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
Line 58: Line 58:
 
Discussion/ updates to be made - add count to vote under DS4P
 
Discussion/ updates to be made - add count to vote under DS4P
 
(Suzanne / Joe L)
 
(Suzanne / Joe L)
Objection: none; Abstain: none Approval: 8
+
Vote: Objection: none; Abstain: none Approval: 8
  
  
Line 69: Line 69:
 
**Kathleen's understanding was we were waiting on updates to the document
 
**Kathleen's understanding was we were waiting on updates to the document
  
Harmonization proposals - tonight is final proposals nneed to be in
+
'''Harmonization proposals'''
 +
*Tonight is when final proposals need to be in
 
* We have reviewed them all earlier
 
* We have reviewed them all earlier
 
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
 
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
 
*** Only a slight variation/change is needed to correct
 
*** Only a slight variation/change is needed to correct
 
** Reviewed a spreadsheet instead of word document
 
** Reviewed a spreadsheet instead of word document
** It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are and  a differnt CUI marking is needed) as shown under 'Marking Multiple Pages'
+
** It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and  a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  
 
* Additional issue -
 
* Additional issue -
** under RoseTree, xml used in version 3 if you look at code system; under _ActCodeSystem
+
** under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
***SecurityPolicy(security Polcy)
+
***SecurityPolicy(Security Policy)
***adding privacy marker; one for CUI, second for security labeling mark - alked about last week.  These are marks that you display which may be in the descritipn (i.e. confidential, high water mark; 42CFR42, etc)
+
***adding privacy marker; one for CUI, second for security labeling mark - talked about last week.  These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)
  
 
<<add link to harmonization proposal>>
 
<<add link to harmonization proposal>>
Line 93: Line 94:
 
* Agreement during meeting that there is a difference in POU and purpose of processing
 
* Agreement during meeting that there is a difference in POU and purpose of processing
 
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
 
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
* Peter is trying to mesh of POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy?)
+
* Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
* (Kathleen) There is abranch that is not healthcare specific which may be helpful to look at
+
* (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - ''codes specifically not related to healthcare'' ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
* Peter ) something they need
+
* next GDPR call in two weeks - we will discuss proposal; come up with harmonized list.  Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
 +
*vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
 +
* In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
 +
** one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call ''care plan/care plan track''
 +
* next call on November 19 ''NEW TIME''- at noon Eastern on Monday
  
next GDPR call in two weeks - we will dsicss proposal; come up with harmonized list and send out to Security and European group to spread out to their organizations and get feeback
+
'''Upcoming Connectathon'''
*one of the use cases will be from national summary? (from Giorgio)
 
** one will be from John...(add description) ''care plan, care plan track''
 
 
 
* next call on NOvember 19 - at noon Eastern on Monday
 
 
 
Connectathon
 
 
* Note:  MiHIN is willing to join in the Montréal Connectathon  
 
* Note:  MiHIN is willing to join in the Montréal Connectathon  
 
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.  
 
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.  
  
Meeting adjorned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST)
+
Meeting adjourned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST)
https://fccdl.in/q8Ci7x2ZYP
+
 
 +
Temporary Recoding;  https://fccdl.in/q8Ci7x2ZYP
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Latest revision as of 18:52, 13 November 2018

Back to Security Main Page

Attendees

Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui . Joe Lamy
. Theresa Ardal Connor . Greg Linden . Grahame Grieve . Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes October 30, 2018
  3. (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
  4. (30 min) Review of Final Security Harmonization proposals
  1. (5 min) GDPR whitepaper on FHIR Update - Alex
  • No FHIR Security call update - John sends his regrets

Meeting Minutes

Meeting Chair - Kathleen

Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Vote: Objection: none; Abstain: none Approval: 8


PASS AUDIT Revision

  • Unknown if ballot reconciliation sheet was ever uploaded to ballot site
    • If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
    • Unsure if withdrawals have been requested
  • Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
    • DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
    • Kathleen's understanding was we were waiting on updates to the document

Harmonization proposals

  • Tonight is when final proposals need to be in
  • We have reviewed them all earlier
    • Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
      • Only a slight variation/change is needed to correct
    • Reviewed a spreadsheet instead of word document
    • It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  • Additional issue -
    • under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
      • SecurityPolicy(Security Policy)
      • adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)

<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.

  • VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
    • Opposed: none: abstention: none; Approve: 8
    • Kathleen will submit today (tonight) with additional CUI changes

GDPR White Paper

  • Low attendance, would like more people from EU
  • Peter started discussion with POU which fits very nicely with current POU vocabulary definition
  • Agreement during meeting that there is a difference in POU and purpose of processing
    • Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
  • Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
  • (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - codes specifically not related to healthcare ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
  • next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
  • vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
  • In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
    • one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call care plan/care plan track
  • next call on November 19 NEW TIME- at noon Eastern on Monday

Upcoming Connectathon

  • Note: MiHIN is willing to join in the Montréal Connectathon
  • finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.

Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST)

Temporary Recoding; https://fccdl.in/q8Ci7x2ZYP

Back to Security Main Page

Retrieved from "https://wiki.hl7.org/w/index.php?title=November_6,_2018_Security_Conference_Call&oldid=163369"