This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 19, 2011 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 13: Line 13:
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
* [mailto: Jim Kretz]
+
* [mailto:jim.kretz@samhsa.hhs.gov Jim Kretz]
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
  
 
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga]
 
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga]
 
* [mailto:kenneth.salyards@samhsa.hhs.gov Ken Salyards]
 
 
* [mailto:craig.winter@va.gov Craig Winter]
 
* [mailto:craig.winter@va.gov Craig Winter]
  
Line 29: Line 27:
 
#''(15 min)'' '''hData Risk Assessment'''
 
#''(15 min)'' '''hData Risk Assessment'''
 
#''(15 min)'' '''HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”''' - John Moehrke
 
#''(15 min)'' '''HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”''' - John Moehrke
 
#''(5 min)'' '''Other Business'''
 
 
Security WG members,
 
  
 
==Meeting Minutes==  
 
==Meeting Minutes==  
Line 54: Line 48:
  
 
PS. I have responded to Goal III on [http://healthcaresecprivacy.blogspot.com/2011/03/thoughts-on-goal-iii-of-onc-healthit.html my blog]. I am happy to offer any of it that the WG feels is useful.
 
PS. I have responded to Goal III on [http://healthcaresecprivacy.blogspot.com/2011/03/thoughts-on-goal-iii-of-onc-healthit.html my blog]. I am happy to offer any of it that the WG feels is useful.
 +
 +
'''ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy'''
 +
 +
This list is under construction:
 +
* HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
 +
* Implementation Guide for CDA Release 2.0 Privacy Consent Directive
 +
* RBAC Permissions Catalog
 +
* SAIF - Privacy, Access and Security Services (PASS)
 +
** Access Control Service
 +
** Healthcare Audit Services
 +
* EHR Functional Model
 +
** (TBD)
 +
* Transport Specification
 +
** Transport Layer Security (TLS)
  
 
==Action Items==
 
==Action Items==
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Latest revision as of 17:54, 19 April 2011

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page


Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) hData Risk Assessment
  3. (15 min) HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015” - John Moehrke

Meeting Minutes

USA “Federal Health IT Strategic Plan: 2011-2015 e-mail from John Moehrke to Security Listserve I have been asked by the HL7 “Policy Advisory Committee” to help them prepare feedback on the USA “Federal Health IT Strategic Plan: 2011-2015”.

Specifically they have asked for our input on “Goal III: Inspire Confidence and Trust In Health IT” . I am sure if we have other appropriate HL7 Security WG comments we can submit them. They have already put together a draft from their discussions, which you can see is a good start but clearly not complete, and totally lacking recommendations.

On Goal III: Inspire Confidence and Trust In Health IT, HL7 believes that more work is needed in this area. HL7 recommends that ONC apply risk-based methodologies using existing standards-based approaches and frameworks. Risk analysis should be performed in an open and transparent fashion, engaging with existing standards work groups responsible for these frameworks, including the HL7 Security Work group. Results of the risk analysis should be widely available. One gap that has been noted is in the area of authentication and support for a certificate infrastructure appropriate for Healthcare IT. HL7 recommends … (specific actions and/or frameworks).

ACTION: Each member can comment directly, this is effort within HL7 should be from an HL7 perspective.

Note: The Deadline for comments as been extended two weeks (from this Friday), the HL7 Policy Advisory Committee has requested that we get them our feedback by WEDNESDAY so that they have time to integrate it.

PS. I have responded to Goal III on my blog. I am happy to offer any of it that the WG feels is useful.

ACTION: John will take a first draft of applying the following HL7 standards to the Goal III Strategy

This list is under construction:

  • HL7 ConfidentialityCode vocabulary (2.16.840.1.113883.5.25)
  • Implementation Guide for CDA Release 2.0 Privacy Consent Directive
  • RBAC Permissions Catalog
  • SAIF - Privacy, Access and Security Services (PASS)
    • Access Control Service
    • Healthcare Audit Services
  • EHR Functional Model
    • (TBD)
  • Transport Specification
    • Transport Layer Security (TLS)

Action Items

Back to Security Main Page