This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 11, 2011 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
*[[Security| Meeting Information]]
 
*[[Security| Meeting Information]]
 +
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
==Attendees== (expected)
+
==Attendees==
  
 
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent
 
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:Kathleen_Connor@comcast.net Kathleen Connor]
 
* [mailto:Kathleen_Connor@comcast.net Kathleen Connor]
 
+
* [mailto:ecoyne@hpti.com Ed Coyne]
* [mailto:thomas.davidson@ssa.gov Tom Davidson]
 
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
 
* [mailto:farmer@apelon.com Jon Farmer]
 
* [mailto:farmer@apelon.com Jon Farmer]
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
* [mailto:rhamm@gmail.com Russ Hamm]
 
  
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
* [mailto:robert.horn@agfa.com Rob Horn]
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
 
* [mailto:djorgenson@inpriva.com Don Jorgenson]
 
 
* [mailto:glen@grok-a-lot.com Glen Marshalll]
 
* [mailto:glen@grok-a-lot.com Glen Marshalll]
* [mailto:rmcclure@apelon.com Rob McClure]
 
  
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
* [mailto:ppyette@inpriva.com Pat Pyette]
 
* [mailto:diana.proud-madruga@va.gov Diana Proud-Madruga]
 
* [mailto:scott.m.robertson@kp.org Scott Robertson]
 
* [mailto:kenneth.salyards@samhsa.hhs.gov Ken Salyards]
 
 
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
 
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
* [mailto:ioana@eversolve.com Ioana Singureanu]
 
* [mailto:david.staggs@va.gov David Staggs]
 
* [mailto:serafina@eversolve.com Serafina Versaggi]
 
 
* [mailto:weida@apelon.com Tony Weida]
 
* [mailto:weida@apelon.com Tony Weida]
 
* [mailto:craig.winter@va.gov Craig Winter]
 
* [mailto:craig.winter@va.gov Craig Winter]
Line 37: Line 25:
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
 +
*[[Security| Meeting Information]]
  
=Security Working Group Meeting=
 
 
*[[Security| Meeting Information]]
 
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
==Attendees==
 
 
TBD
 
  
 
==Agenda==
 
==Agenda==
Line 61: Line 44:
 
'''Roll Call, Approve previous meeting minutes, Accept Agenda'''
 
'''Roll Call, Approve previous meeting minutes, Accept Agenda'''
  
Note: Italisized text is carried forward from 10/04/2011 meeting
+
'''Inclusion of International Security Members'''
'''Inclusion of International Security Members''' ''Addition of call or updating one call a month to a more agreeable international time? ''
+
 
 +
Add additional call or update one call a month to a more agreeable international time?  
 +
* '''Proposal 1''':  add an additional call per month (or bi-weekly)
 +
* '''Proposal 2''': or change one of the regularly call to a time that is more convenient for the international people
 +
** 9-10AM EST (Mike is looking at his notes on this)
 +
* Doodle poll as to what are acceptable times?
 +
 
 +
 
 +
'''ACTION ITEM:  Mike will try to send a Doodle Poll out for members to vote on proposed suggestions. '''
 +
 
 +
 
 +
DISCUSSION:  ''We will review the results of the doodle poll to see the most convenient time available/suggested—we may end up losing regular members if we decide to change one meeting a month, but there is consensus that we need to accommodate different times zones.  We need to keep the two groups (regular Tuesday attendees and International members in sync. ''
 +
QUESTION:  What is the number of West Coast attendees vs. International people who might attend?  ''We know we have Jaime (Spain), Bernd Blobel and others (Finland, Switzerland, Australia, Japan), so there are a fairly significant number of members that would be willing to attend if there was a better time scheduled''
 +
 
 +
 
 +
 
 +
'''Security and Privacy Ontology work''' - Tony Weida
 +
 
 +
''' ''to be added'' '''
 +
 
 +
 
 +
[http://www.HL7.org/v3ballot/html/dams/uvsec/Security_DAM_v1_r2.pdf Security DAM v1_r2]
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5442/6865/V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5391/6752/SecurityDAMValueSets.docx SecurityDAMValueSets.docx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5398/6779/SecurityDAMValueSets2.xlsx SecurityDAMValueSets2.xlsx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5399/6780/SecurityDAMValueSets2.docx SecurityDAMValueSets2.docx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5390/6751/SecurityDAMValueSets1.xlsx SecurityDAMValueSets1.xlsx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5315/6568/SecurityDAMUseCases.ppt SecurityDAMUseCases.ppt]
 +
 
 +
SecurityDAMDraft.doc
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5447/6879/HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/1938/3018/HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc HL7ProjectScopeStatement-SecurityDomainAnalysisModelpost2009.03.31mtg.docx]
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5351/6679/HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc]
 +
 
 +
HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc
 +
 
 +
HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc
 +
 
 +
[http://gforge.hl7.org/gf/download/docmanfileversion/5507/6988/HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx]
  
  
'''Security and Privacy Ontology work''' Tony Weida, Ed Coyne (?)
 
  
  
Line 71: Line 99:
 
*Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project)   
 
*Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project)   
 
intended to be joint work between CBCC and Security.''
 
intended to be joint work between CBCC and Security.''
 +
 
*'''ACTION ITEM: '''  ''consider amending the refactor project scope or create a new project for the security portion. '' ''Where the obligations be carried will be different---they are a metadata of the transaction;  further discussion (meta data vs. payload) needed.  This piece is also missing from the Security-Privacy DAM.  Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm.  Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain.  Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work.  (ontology work—international or US realm?  Currently  restricting to US to start, but would like to expand to international) ''
 
*'''ACTION ITEM: '''  ''consider amending the refactor project scope or create a new project for the security portion. '' ''Where the obligations be carried will be different---they are a metadata of the transaction;  further discussion (meta data vs. payload) needed.  This piece is also missing from the Security-Privacy DAM.  Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm.  Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain.  Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work.  (ontology work—international or US realm?  Currently  restricting to US to start, but would like to expand to international) ''
  

Latest revision as of 15:49, 25 October 2011

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page

Back to Security Main Page


Agenda

  1. Roll Call, Approve previous meeting minutes, Accept Agenda
  2. Inclusion of International Security Members Addition of call or updating one call a month to a more agreeable international time?
  3. Security and Privacy Ontology work Tony Weida, Ed Coyne (?)
  4. Increase active role in ‘’Refactor of Confidentiality Codes’’ a CBCC-sponsored project – Should this topic be discussed during the Security meeting or should discussions be limited to CBCC meetings? The project is intended to be joint work—CBCC is sponsor.
  5. EHR Functional Model Assistance requested in closing the Security-related comments on the EHR Functional Model ballot; on how they want their catalog to be used.
  6. S&I Framework Discussion of any overlap.
  7. Data Segmentation (note there is call overlap, John Moehrke will be attending this call)

Back to Security Main Page

Meeting Minutes

Roll Call, Approve previous meeting minutes, Accept Agenda

Inclusion of International Security Members

Add additional call or update one call a month to a more agreeable international time?

  • Proposal 1: add an additional call per month (or bi-weekly)
  • Proposal 2: or change one of the regularly call to a time that is more convenient for the international people
    • 9-10AM EST (Mike is looking at his notes on this)
  • Doodle poll as to what are acceptable times?


ACTION ITEM: Mike will try to send a Doodle Poll out for members to vote on proposed suggestions.


DISCUSSION: We will review the results of the doodle poll to see the most convenient time available/suggested—we may end up losing regular members if we decide to change one meeting a month, but there is consensus that we need to accommodate different times zones. We need to keep the two groups (regular Tuesday attendees and International members in sync. QUESTION: What is the number of West Coast attendees vs. International people who might attend? We know we have Jaime (Spain), Bernd Blobel and others (Finland, Switzerland, Australia, Japan), so there are a fairly significant number of members that would be willing to attend if there was a better time scheduled


Security and Privacy Ontology work - Tony Weida

to be added


Security DAM v1_r2 V3DAM_SECURITY_R1_I1_2010JAN_consolidated_votes_20100127.xlsx

SecurityDAMValueSets.docx

SecurityDAMValueSets2.xlsx

SecurityDAMValueSets2.docx

SecurityDAMValueSets1.xlsx

SecurityDAMUseCases.ppt

SecurityDAMDraft.doc

HL7ProjectScopeStatementv2010JanSecurityandPrivacyOntology.doc

HL7ProjectScopeStatement-SecurityDomainAnalysisModelpost2009.03.31mtg.docx

HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc

HL7ProjectScopeStatementSecurityDomainAnalysisModel.doc
HL7ProjectScopeStatement-SecurityDomainAnalysisModel.doc

HarmonizedPrivacyandSecurityDomainAnalysisModel.ppsx



Increase active role in Refactor of Confidentiality Codes’’ a CBCC-sponsored projectShould this topic be discussed during the Security meeting or should discussions be limited to CBCC meetings? The project is intended to be joint work—CBCC is sponsor. We need to answer the question: How are implementers supposed to use this? (add link see Mike’s paper )

  • Incorporate the use case – manage, assign, receive when then get confidentiality codes; these need to be further defined in the Security-Privacy DAM (one of the project scope deliverables for the Refactor Confidentiality Code project)

intended to be joint work between CBCC and Security.

  • ACTION ITEM: consider amending the refactor project scope or create a new project for the security portion. Where the obligations be carried will be different---they are a metadata of the transaction; further discussion (meta data vs. payload) needed. This piece is also missing from the Security-Privacy DAM. Also, between ontology and other vocabularies in the DAM that need to be enumerated in the US-realm. Have a catalog of existing code-sets that relate to the DAM and inspect and see if they are useful/restricted to the US Domain. Between that work and code-sets and confidentiality codes this will not perform surgery in those code-sets…some of this is also being done in the ontology work. (ontology work—international or US realm? Currently restricting to US to start, but would like to expand to international)


EHR Functional Model Assistance requested in closing the Security-related comments on the EHR Functional Model ballot; on how they want their catalog to be used. John Moehrke is looking for volunteers to walk through the public comments--to assist EHR WG dispose of these comments. Entails a few meetings, accept/modify the comments and return information to the EHR WG with results. Please contact: John Moehrke (Kathleen has volunteered to assist)

  • Meta-data for EHR functional model; project on meta-data criteria for HIE

Presented to EHR WG but unsure if a formal project has been established. (Relation to HHS-ONC…xxx information.)


S&I Framework(discussion item) overview report to make sure we are all on the same page with other work going on. Discussion of any overlap.


Data Segmentation (note there is call overlap, John Moehrke will be attending this call)

Back to Security Main Page


Back to Security Main Page