Difference between revisions of "October 11, 2011 Security Conference Call"
(3 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
*[[Security| Meeting Information]] | *[[Security| Meeting Information]] | ||
+ | |||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
− | ==Attendees== | + | ==Attendees== |
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent | * [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent | ||
* [mailto:bbraithwaite@anakam.com Bill Braithwaite, MD] | * [mailto:bbraithwaite@anakam.com Bill Braithwaite, MD] | ||
* [mailto:Kathleen_Connor@comcast.net Kathleen Connor] | * [mailto:Kathleen_Connor@comcast.net Kathleen Connor] | ||
− | + | * [mailto:ecoyne@hpti.com Ed Coyne] | |
− | * [mailto: | ||
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair | * [mailto:mike.davis@va.gov Mike Davis] Security Co-chair | ||
* [mailto:farmer@apelon.com Jon Farmer] | * [mailto:farmer@apelon.com Jon Farmer] | ||
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair | * [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair | ||
− | |||
* [mailto:robert.horn@agfa.com Rob Horn] | * [mailto:robert.horn@agfa.com Rob Horn] | ||
− | |||
− | |||
* [mailto:glen@grok-a-lot.com Glen Marshalll] | * [mailto:glen@grok-a-lot.com Glen Marshalll] | ||
− | |||
− | |||
* [mailto:milan.petkovic@phillips.com Milan Petkovic] | * [mailto:milan.petkovic@phillips.com Milan Petkovic] | ||
− | |||
− | |||
− | |||
− | |||
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair | * [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair | ||
− | |||
− | |||
− | |||
* [mailto:weida@apelon.com Tony Weida] | * [mailto:weida@apelon.com Tony Weida] | ||
* [mailto:craig.winter@va.gov Craig Winter] | * [mailto:craig.winter@va.gov Craig Winter] | ||
Line 37: | Line 25: | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
+ | *[[Security| Meeting Information]] | ||
− | |||
− | |||
− | |||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
− | |||
− | |||
− | |||
==Agenda== | ==Agenda== | ||
Line 61: | Line 44: | ||
'''Roll Call, Approve previous meeting minutes, Accept Agenda''' | '''Roll Call, Approve previous meeting minutes, Accept Agenda''' | ||
− | + | '''Inclusion of International Security Members''' | |
− | '''Inclusion of International Security Members''' | + | |
+ | Add additional call or update one call a month to a more agreeable international time? | ||
+ | * '''Proposal 1''': add an additional call per month (or bi-weekly) | ||
+ | * '''Proposal 2''': or change one of the regularly call to a time that is more convenient for the international people | ||
+ | ** 9-10AM EST (Mike is looking at his notes on this) | ||
+ | * Doodle poll as to what are acceptable times? | ||
+ | |||
+ | |||
+ | '''ACTION ITEM: Mike will try to send a Doodle Poll out for members to vote on proposed suggestions. ''' | ||
+ | |||
+ | |||
+ | DISCUSSION: ''We will review the results of the doodle poll to see the most convenient time available/suggested—we may end up losing regular members if we decide to change one meeting a month, but there is consensus that we need to accommodate different times zones. We need to keep the two groups (regular Tuesday attendees and International members in sync. '' | ||
+ | QUESTION: What is the number of West Coast attendees vs. International people who might attend? ''We know we have Jaime (Spain), Bernd Blobel and others (Finland, Switzerland, Australia, Japan), so there are a fairly significant number of members that would be willing to attend if there was a better time scheduled'' | ||
+ | |||
+ | |||
+ | |||
+ | '''Security and Privacy Ontology work''' - Tony Weida | ||
+ | |||
+ | ''' ''to be added'' ''' | ||
+ | |||
+ | |||
+ | [http://www.HL7.org/v3ballot/html/dams/uvsec/Security_DAM_v1_r2.pdf Security DAM v1_r2] | ||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5442/6865/V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5391/6752/SecurityDAMValueSets.docx SecurityDAMValueSets.docx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5398/6779/SecurityDAMValueSets2.xlsx SecurityDAMValueSets2.xlsx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5399/6780/SecurityDAMValueSets2.docx SecurityDAMValueSets2.docx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5390/6751/SecurityDAMValueSets1.xlsx SecurityDAMValueSets1.xlsx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5315/6568/SecurityDAMUseCases.ppt SecurityDAMUseCases.ppt] | ||
+ | |||
+ | SecurityDAMDraft.doc | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5447/6879/HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/1938/3018/HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc HL7ProjectScopeStatement-SecurityDomainAnalysisModelpost2009.03.31mtg.docx] | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5351/6679/HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc] | ||
+ | |||
+ | HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc | ||
+ | |||
+ | HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc | ||
+ | |||
+ | [http://gforge.hl7.org/gf/download/docmanfileversion/5507/6988/HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx] | ||
− | |||
Line 71: | Line 99: | ||
*Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project) | *Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project) | ||
intended to be joint work between CBCC and Security.'' | intended to be joint work between CBCC and Security.'' | ||
+ | |||
*'''ACTION ITEM: ''' ''consider amending the refactor project scope or create a new project for the security portion. '' ''Where the obligations be carried will be different---they are a metadata of the transaction; further discussion (meta data vs. payload) needed. This piece is also missing from the Security-Privacy DAM. Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm. Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain. Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work. (ontology work—international or US realm? Currently restricting to US to start, but would like to expand to international) '' | *'''ACTION ITEM: ''' ''consider amending the refactor project scope or create a new project for the security portion. '' ''Where the obligations be carried will be different---they are a metadata of the transaction; further discussion (meta data vs. payload) needed. This piece is also missing from the Security-Privacy DAM. Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm. Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain. Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work. (ontology work—international or US realm? Currently restricting to US to start, but would like to expand to international) '' | ||
Latest revision as of 15:49, 25 October 2011
Security Working Group Meeting
Attendees
- Bernd Blobel Security Co-chair, absent
- Bill Braithwaite, MD
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Milan Petkovic
- Richard Thoreson CBCC Co-chair
- Tony Weida
- Craig Winter
Agenda
- Roll Call, Approve previous meeting minutes, Accept Agenda
- Inclusion of International Security Members Addition of call or updating one call a month to a more agreeable international time?
- Security and Privacy Ontology work Tony Weida, Ed Coyne (?)
- Increase active role in ‘’Refactor of Confidentiality Codes’’ a CBCC-sponsored project – Should this topic be discussed during the Security meeting or should discussions be limited to CBCC meetings? The project is intended to be joint work—CBCC is sponsor.
- EHR Functional Model Assistance requested in closing the Security-related comments on the EHR Functional Model ballot; on how they want their catalog to be used.
- S&I Framework Discussion of any overlap.
- Data Segmentation (note there is call overlap, John Moehrke will be attending this call)
Meeting Minutes
Roll Call, Approve previous meeting minutes, Accept Agenda
Inclusion of International Security Members
Add additional call or update one call a month to a more agreeable international time?
- Proposal 1: add an additional call per month (or bi-weekly)
- Proposal 2: or change one of the regularly call to a time that is more convenient for the international people
- 9-10AM EST (Mike is looking at his notes on this)
- Doodle poll as to what are acceptable times?
ACTION ITEM: Mike will try to send a Doodle Poll out for members to vote on proposed suggestions.
DISCUSSION: We will review the results of the doodle poll to see the most convenient time available/suggested—we may end up losing regular members if we decide to change one meeting a month, but there is consensus that we need to accommodate different times zones. We need to keep the two groups (regular Tuesday attendees and International members in sync.
QUESTION: What is the number of West Coast attendees vs. International people who might attend? We know we have Jaime (Spain), Bernd Blobel and others (Finland, Switzerland, Australia, Japan), so there are a fairly significant number of members that would be willing to attend if there was a better time scheduled
Security and Privacy Ontology work - Tony Weida
to be added
Security DAM v1_r2
V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx
SecurityDAMDraft.doc
HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc
HL7ProjectScopeStatement-SecurityDomainAnalysisModelpost2009.03.31mtg.docx
HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc
HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc
HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc
HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx
Increase active role in Refactor of Confidentiality Codes’’ a CBCC-sponsored project – Should this topic be discussed during the Security meeting or should discussions be limited to CBCC meetings? The project is intended to be joint work—CBCC is sponsor. We need to answer the question: How are implementers supposed to use this? (add link see Mike’s paper )
- Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project)
intended to be joint work between CBCC and Security.
- ACTION ITEM: consider amending the refactor project scope or create a new project for the security portion. Where the obligations be carried will be different---they are a metadata of the transaction; further discussion (meta data vs. payload) needed. This piece is also missing from the Security-Privacy DAM. Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm. Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain. Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work. (ontology work—international or US realm? Currently restricting to US to start, but would like to expand to international)
EHR Functional Model
Assistance requested in closing the Security-related comments on the EHR Functional Model ballot; on how they want their catalog to be used. John Moehrke is looking for volunteers to walk through the public comments--to assist EHR WG dispose of these comments. Entails a few meetings, accept/modify the comments and return information to the EHR WG with results. Please contact: John Moehrke (Kathleen has volunteered to assist)
- Meta-data for EHR functional model; project on meta-data criteria for HIE
Presented to EHR WG but unsure if a formal project has been established. (Relation to HHS-ONC…xxx information.)
S&I Framework – (discussion item) overview report to make sure we are all on the same page with other work going on. Discussion of any overlap.
Data Segmentation (note there is call overlap, John Moehrke will be attending this call)