Difference between revisions of "October 21st 2008 Security Conference Call"

Attendees

• Mike Davis Security Co-chair
• Glen Marshall Security Co-chair
• Bernd Blobel Security Co-chair, absent
• Suzanne Gonzales-Webb CBCC Co-chair
• Richard Thoreson CBCC Co-chair, absent
• Ioana Singureanu
• Tanya Newton
• Bob Horn
• Frank Din
• Craig Winter
• Sarah Maulden
• John Moehrke

Attendees

• Mike Davis Security Co-chair
• Glen Marshall Security Co-chair
• Bernd Blobel Security Co-chair, absent
• Suzanne Gonzales-Webb CBCC Co-chair
• Richard Thoreson CBCC Co-chair, absent
• Ioana Singureanu
• Tanya Newton
• Bob Horn
• Frank Din
• Craig Winter
• Sarah Maulden
• John Moehrke

DRAFT Meeting Minutes

1. (05 min) Roll Call
2. (05 min) Approve Minutes & Accept Agenda
3. (15 min) Update to RBAC Privacy and Authorization Terminology Project Scope Statement v0 3
4. (15 min) Vocabularies identified in October 14 meeting:

Goal is to use exisiting vocabulary for a POU, to allow/direct access to functional roles to an EHR or PHR. Extend vocabulary to make richer--how much richer? We need to figure out how to leverage and use them in security for authorization and support for consent directives. 'Less is more' (MDavis opinion) Note: that many of the objects are clinically related and may be inappropriate for Patient use/Patient access.

Question: Additional vocabularies to be added later? i.e. Nursing or Provider taxonomy, or other clinical taxonomy. Is this list a comprehensive list? Answer: By testing we will see how it will fit. Would like to recommend that SNOMED be first and see what gaps we find. This will lead us to inform us as we go along. Will lead to more comprehensive idea of what structure we are trying define.

By focusing on these lists of vocabularies we may be limiting ourselves. It makes more sense to start at the larger objects so that we have the . We need a common way to look at vocabularies and someone to do the evaluation work. Will we have a rule that has restrictive licences or costs? i.e. SNOMED--no-US countries will need to pay a fee in order to use. Should we just look at vocabularies accepted by HL7. No fee vocabularies or where a country does not need to purchase licenses. Terminologies such as CPT are expensive.

Gap: Financial vocabularies. Need to investigate. ICD-10/ICD-11? Will need to review the current Permission vocabulary/use cases to see what level of current financial terms are being used. Is there a financial vocabulary that can be used to support the current. ASTM may have one of these. MDavis will be able to research. 'X-12N' may also be investigated (research to be done by:_______? ) may be best to bring in someone from HL7 Financial WG. We should try to separate Financial accounting control security and clinical/EHR security. Need to ask Financial WG (for use cases international and US, also a Financial WG representative to engage in this area.) Must be aware and careful not to be US-centric with financial and other vocabularies.

• SNOMED

Very general in a provider's role. Links objects in a chain--every child is a subtype of an object...its an explicit taxonomy. Presumably 'prevents' duplicates--however per vocabulary experts this is not always true. Will we find the consistency, rigor that we need in Security. May not be the best vocabulary for patient directives (i.e. DNR, etc)

• ICD-10 (or possibly ICD-11 which would be linked/mapped to SNOMED)
• RadLex [RadLex.org RadLex.org] an ACR, RSNA recognized vocabulary

Use: When you get to procedures and procedure steps, inserting terminology, in a sense similiar to LOINC.

• LOINC
• CPT-4 (proposed to use as extension support in lab), has an OID and is a recognized vocabulary in HL7. Recommend not to look at this vocabulary at this time but to relook at this vocabulary at a later time.

1. (15 min) Decision Making Practices (see CBCC document as example CBCC Decison Making Practices)
2. (5 min) Other Business

Back to Meetings