This wiki has undergone a migration to Confluence found Here
Difference between revisions of "April 3, 2018 Security Conference Call"
Jump to navigation
Jump to search
| Line 68: | Line 68: | ||
Meeting Minutes (DRAFT) | Meeting Minutes (DRAFT) | ||
| − | + | Roll Call, Agenda review, meeting minutes approval | |
Meeting Minutes for 3/27/2018 approved | Meeting Minutes for 3/27/2018 approved | ||
| Line 77: | Line 77: | ||
* ballot submitted - Mike/Kathleen | * ballot submitted - Mike/Kathleen | ||
* No comments | * No comments | ||
| − | * | + | * Need to confirm this is what intended for the v3 ballot package |
| − | ** | + | ** Brief discussion of the document included |
| − | ** | + | ** This goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package) |
| − | ** | + | ** Note that CBCP co-chair are listed as co-sponsors |
* Kathleen will confirm for the WG that it is ready to go | * Kathleen will confirm for the WG that it is ready to go | ||
| − | PSAF weekly calls are cancelled at this time and may | + | PSAF weekly calls are cancelled at this time and may restart once ballot reconciliation begins |
| − | FHIR | + | FHIR Security Updates |
* call just completed - new time is attracting more people | * call just completed - new time is attracting more people | ||
| − | * ZULIP chat | + | * ZULIP chat has two new streams |
| − | * Johnathan was able to join, reviewed the key consideration of the ONC white paper | + | ** security and privacy stream, additional stream so that only pertinent security and privacy information are conveyed |
| + | ** ** another stream (?) | ||
| + | * Johnathan was able to join today’s call, reviewed the key consideration of the ONC white paper | ||
** recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2 | ** recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2 | ||
| − | ** discussion around input validation and vulnerability assessment | + | ** discussion around input validation and vulnerability assessment and future improvement opportunities |
Add information from FHIR Security Call | Add information from FHIR Security Call | ||
Connectathon - | Connectathon - | ||
| − | FHIR Connectathon track - hopefully, take GDPR as a set of | + | FHIR Connectathon track - hopefully, take GDPR as a set of requirements and take the S&P capabilities in and around FHIR--can we show a relationship between them |
| − | * | + | * we have provenance resources, can it aid with clause 243 and 398, etc. |
| − | * without | + | * without going into too much detail, just showing relationships, showing how scenarios prove it... the more we get done the better |
*setting the bar low, trying to get a cross-reference with the S&P items we have | *setting the bar low, trying to get a cross-reference with the S&P items we have | ||
| − | * in that level we can see that we have a gaping hole that we need to add ... if such a thing | + | * in that level we can see that we have a gaping hole that we need to add ... if such a thing exists |
| − | * the | + | * the other is a less formal, Grahame is interested in standing up a hyper ledger infrastructure (general purpose - ''block chain infrastructure'') for block-chain |
| − | * call out in | + | * call out in ZULIP chat, in developing scenario around that type of infrastructure... three different proposes but no ‘’fish on the hook’’ |
* | * | ||
| − | + | ‘’’Agenda for Cologne – Agenda Items’’’ | |
patterns on FHIR | patterns on FHIR | ||
Kathleen received xx from Rene Spronk | Kathleen received xx from Rene Spronk | ||
| − | * he is working on a ''' | + | * he is working on a '''GDPR presentation on healthcare data interoperability''' - on vocab we might need, |
| − | * longer than what we can use for the Q3/Q4 | + | * longer than what we can use for the Q3/Q4 Monday joint, |
* Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint | * Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint | ||
| − | ** Rene goes through security | + | ** Rene goes through security labels and main parts of GDPR which is required in an automated fashion |
* possible new codes for v3 | * possible new codes for v3 | ||
** have server which can deal with security labels | ** have server which can deal with security labels | ||
| − | ** | + | **maybe able to mock up POU, certain kinds of actions, involving GDPR |
| − | ** use cases featuring | + | ** use cases featuring GDPR, SL, etc (suggested) |
| − | Next week - | + | Next week - Kathleen should have something to present regarding the Cologne agenda |
| − | reminder: one of | + | reminder: one of the thoughts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who would not normally find us...can find us |
| − | * | + | * JohnM is trying to find what those times areas might be... (for cologne agenda) |
| − | * l*block of time...would be great to have input from the FHIR WG... risk management | + | * l*block of time...would be great to have input from the FHIR WG... risk management and items like that |
| − | * | + | *suggestions requested for topic areas...we can determine where our priorities line up. |
| Line 129: | Line 131: | ||
Additional items? | Additional items? | ||
''' | ''' | ||
| − | in materials, | + | in materials, Kathleen adds salient information to meeting minutes - |
| − | * | + | * look at changes to ... so that you have a navigating |
| − | privacy obsolete - added links, to | + | privacy obsolete - added links, to breaches, breaches to be considered in court, surveillance techniques, etc. related to privacy issues |
| − | the HIMSS presentation on GDPR is excellent if you | + | the HIMSS presentation on GDPR is excellent if you want to have a sense on what US entities might be interested on... may have interest |
| + | |||
meeting call adjorned at 1228 Arizona time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:26, 3 April 2018 (EDT) | meeting call adjorned at 1228 Arizona time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:26, 3 April 2018 (EDT) | ||
Revision as of 19:45, 3 April 2018
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| . | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | Theresa Connor | ||||
| . | Mohammed Jafari | . | Ioana Singureanu | . | Rob Horn | . | [mailto: Matt Blackman, Sequoia] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of March 27, 2018 minutes
- (5 min) TF4FA Normative Ballot submitted - Mike
- (15 min) FHIR Security Updates - John
- (15 min) Security Cologne May WGM Agenda
Meeting Minutes DRAFT
Roll Call, Agenda Approval Kathleen chair
Meeting Materials
- Trust Framework for Federated Authorization presentation
- TF4FA Vol. 2Behavioral Model May Ballot
- Is Privacy Obsolete Study Group news from EU
- HIMSS - What Healthcare Organizations need to know about the GDPR and HIMSS Presentation recording
- Dutch referendum: Spy tapping powers 'rejected'
Meeting Minutes (DRAFT)
Roll Call, Agenda review, meeting minutes approval
Meeting Minutes for 3/27/2018 approved Motion to approve: (Suzanne/JohnM) objections: none; abstentions: none approval:
TF4FA Normative Ballot - Mike/Kathleen
- ballot submitted - Mike/Kathleen
- No comments
- Need to confirm this is what intended for the v3 ballot package
- Brief discussion of the document included
- This goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package)
- Note that CBCP co-chair are listed as co-sponsors
- Kathleen will confirm for the WG that it is ready to go
PSAF weekly calls are cancelled at this time and may restart once ballot reconciliation begins
FHIR Security Updates
- call just completed - new time is attracting more people
- ZULIP chat has two new streams
- security and privacy stream, additional stream so that only pertinent security and privacy information are conveyed
- ** another stream (?)
- Johnathan was able to join today’s call, reviewed the key consideration of the ONC white paper
- recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2
- discussion around input validation and vulnerability assessment and future improvement opportunities
Add information from FHIR Security Call
Connectathon - FHIR Connectathon track - hopefully, take GDPR as a set of requirements and take the S&P capabilities in and around FHIR--can we show a relationship between them
- we have provenance resources, can it aid with clause 243 and 398, etc.
- without going into too much detail, just showing relationships, showing how scenarios prove it... the more we get done the better
- setting the bar low, trying to get a cross-reference with the S&P items we have
- in that level we can see that we have a gaping hole that we need to add ... if such a thing exists
- the other is a less formal, Grahame is interested in standing up a hyper ledger infrastructure (general purpose - block chain infrastructure) for block-chain
- call out in ZULIP chat, in developing scenario around that type of infrastructure... three different proposes but no ‘’fish on the hook’’
‘’’Agenda for Cologne – Agenda Items’’’ patterns on FHIR
Kathleen received xx from Rene Spronk
- he is working on a GDPR presentation on healthcare data interoperability - on vocab we might need,
- longer than what we can use for the Q3/Q4 Monday joint,
- Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint
- Rene goes through security labels and main parts of GDPR which is required in an automated fashion
- possible new codes for v3
- have server which can deal with security labels
- maybe able to mock up POU, certain kinds of actions, involving GDPR
- use cases featuring GDPR, SL, etc (suggested)
Next week - Kathleen should have something to present regarding the Cologne agenda reminder: one of the thoughts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who would not normally find us...can find us
- JohnM is trying to find what those times areas might be... (for cologne agenda)
- l*block of time...would be great to have input from the FHIR WG... risk management and items like that
- suggestions requested for topic areas...we can determine where our priorities line up.
Additional items? in materials, Kathleen adds salient information to meeting minutes -
- look at changes to ... so that you have a navigating
privacy obsolete - added links, to breaches, breaches to be considered in court, surveillance techniques, etc. related to privacy issues the HIMSS presentation on GDPR is excellent if you want to have a sense on what US entities might be interested on... may have interest
meeting call adjorned at 1228 Arizona time --Suzannegw (talk) 15:26, 3 April 2018 (EDT)
