This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 19, 2010 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 26: Line 26:
 
#''(40 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/5914/7649/Security-PrivacyOntologyReviewCriteria2010.10.18.docx Security and Privacy Ontology Review Criteria] - Tony Weida
 
#''(40 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/5914/7649/Security-PrivacyOntologyReviewCriteria2010.10.18.docx Security and Privacy Ontology Review Criteria] - Tony Weida
 
#''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/5926/7674/OntologyLayeringArchitectureandReviewGrid_v12010.10.19.docx HL7 Security and Privacy Ontology Architecture v0.1] ''Jon Farmer''
 
#''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/5926/7674/OntologyLayeringArchitectureandReviewGrid_v12010.10.19.docx HL7 Security and Privacy Ontology Architecture v0.1] ''Jon Farmer''
 +
 +
 +
'''Roll Call, Call for additional agenda items & Accept Agenda'''
 +
Meeting Minutes reviewed.  Motion made to approve meeting minutes, motion seconded.
 +
Hearing no objections, meeting minutes were approved.
 +
 +
No additional agenda items added. Proposed Agenda accepted.
 +
 +
'''Review of [http://wiki.hl7.org/index.php?title=September_28%2C_2010_Security_Conference_Call September 28 – Action Items]'''
 +
 +
'''Action Item 1'''
 +
''Richard will contact international members asking them if they can provide a brief report out during Monday Q3/Q4 joint Security and CBCC session related to their country's efforts to ensure consumers will trust that health care providers and the various entities with which providers share protected health information will protect consumer's privacy preferences''
 +
 +
1. Richard – brief conversation occurred at the HL7 meeting in Cambridge.  Richard hopes to have something circulated in a week (paper also distributed at WG meeting)’’
 +
Question:  (Mike) Is this an ongoing effort?
 +
Answer: This is basically, a white paper to suggest different kinds of ways how (CBCC) attempts to conceptualize; how we might measure (i.e. each US state or any other place) the quality of the performance of data being shared.  How we effectively share and do not share our data—how we share as in ‘’community based collaborative care.
 +
Result: ''Richard and CBCC will continue work on this area as a CBCC action item.''  As Security working group is unsure of the crossover (of Security) on this project.  From the Cambridge Working Group Meeting, Bernd spoke on integration on systems (more on an academic level) and how this information '''should''' be shared.  The information briefed was not the usual ''how to protect/security'' information that we have shared here in the past.  It’s a theory of security-privacy (or the theory of ''everything'').  Portions of Bernd’s briefing Richard feels are relevant, as the integration on systems is more inclusive beyond healthcare which is where he (Richard) is trying to feed in to.  (Not limiting the data sharing to just healthcare) There are other domains where security and privacy also are involved in and we shouldn’t avoid them.
 +
 +
'''Action Item 2'''
 +
''Mike will reach out to the SOA Health Care Services Ontology project to see if they can attend the Security and Privacy Ontology report out portion of the joint session.''
 +
 +
Action Item has not been done.  Members of the Security Working Group are attending/contributing to their Monday call. (Suzanne attended their Monday call this week.) Security will work with them and continue to share calls for the purpose of not wanting to get cross-threaded with SOA on basic things. Note: Steve Connolly has also been attending their meetings.
 +
 +
'''Generalized Attributes for Cross-Domain Communication''' (Ed Coyne, Mike Davis)
 +
''Steve Connolly had started a mapping of [http://gforge.hl7.org/gf/download/docmanfileversion/5921/7656/HarmonizedDAMXSPA20100507.xlsx DAM Attributes to Standards] Using Steve’s spreadsheet as an example, I (Mike) would like to propose as an activity to the Information Model and Domain Analysis Model project:''
 +
* To continue the work that Steve had started in this WG to map US-realm standard to the IM
 +
** Create a US realm profile of the IM – ANSI, OASIS, HL7 standards – carry those as a US profile
 +
** Create more of an international profile where we focus more on ISO standards where we map into the IM in order to provide standardized vocabulary
 +
 +
The purpose of this activity is to verify the attributes in the Information Model-- that we’ve completed is backed up by a standard. We provide US and International realms (general purpose) to create mapping/vocabulary. 
 +
* Identify gaps during this activity and where we can, close those gaps. 
 +
This is a continuation of activities CBCC and Security have already been engaged in. View this as more maintenance of the information model and the result will be useful to the ontology work—''mapped standards and values set.''  When we start getting into other classes, (we are working on RBAC now), we are using primarily HL7 work.  We then apply ASTM standards work which is purely representational because ASTM is only a US-realm standards organization.  This proposal would continue to prepare our ontology work by bringing the focus in.  As a group we need to look at other standards in this activity, we need to look at the Information Model classes and use our subject-matter expertise to say ''this standard probably belongs here.''
  
 
==Action Items==
 
==Action Items==
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Revision as of 06:42, 26 October 2010

Security Working Group Meeting

Back to Security Main Page

Attendees


Back to Security Main Page

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Review of September 28 – Action Items
  3. (50 min) Generalized Attributes for Cross-Domain Communication Ed Coyne, Mike Davis
  • begin CBCC meeting hour
  1. (40 min) Security and Privacy Ontology Review Criteria - Tony Weida
  2. (10 min) HL7 Security and Privacy Ontology Architecture v0.1 Jon Farmer


Roll Call, Call for additional agenda items & Accept Agenda Meeting Minutes reviewed. Motion made to approve meeting minutes, motion seconded. Hearing no objections, meeting minutes were approved.

No additional agenda items added. Proposed Agenda accepted.

Review of September 28 – Action Items

Action Item 1 Richard will contact international members asking them if they can provide a brief report out during Monday Q3/Q4 joint Security and CBCC session related to their country's efforts to ensure consumers will trust that health care providers and the various entities with which providers share protected health information will protect consumer's privacy preferences

1. Richard – brief conversation occurred at the HL7 meeting in Cambridge. Richard hopes to have something circulated in a week (paper also distributed at WG meeting)’’ Question: (Mike) Is this an ongoing effort? Answer: This is basically, a white paper to suggest different kinds of ways how (CBCC) attempts to conceptualize; how we might measure (i.e. each US state or any other place) the quality of the performance of data being shared. How we effectively share and do not share our data—how we share as in ‘’community based collaborative care. Result: Richard and CBCC will continue work on this area as a CBCC action item. As Security working group is unsure of the crossover (of Security) on this project. From the Cambridge Working Group Meeting, Bernd spoke on integration on systems (more on an academic level) and how this information should be shared. The information briefed was not the usual how to protect/security information that we have shared here in the past. It’s a theory of security-privacy (or the theory of everything). Portions of Bernd’s briefing Richard feels are relevant, as the integration on systems is more inclusive beyond healthcare which is where he (Richard) is trying to feed in to. (Not limiting the data sharing to just healthcare) There are other domains where security and privacy also are involved in and we shouldn’t avoid them.

Action Item 2 Mike will reach out to the SOA Health Care Services Ontology project to see if they can attend the Security and Privacy Ontology report out portion of the joint session.

Action Item has not been done. Members of the Security Working Group are attending/contributing to their Monday call. (Suzanne attended their Monday call this week.) Security will work with them and continue to share calls for the purpose of not wanting to get cross-threaded with SOA on basic things. Note: Steve Connolly has also been attending their meetings.

Generalized Attributes for Cross-Domain Communication (Ed Coyne, Mike Davis) Steve Connolly had started a mapping of DAM Attributes to Standards Using Steve’s spreadsheet as an example, I (Mike) would like to propose as an activity to the Information Model and Domain Analysis Model project:

  • To continue the work that Steve had started in this WG to map US-realm standard to the IM
    • Create a US realm profile of the IM – ANSI, OASIS, HL7 standards – carry those as a US profile
    • Create more of an international profile where we focus more on ISO standards where we map into the IM in order to provide standardized vocabulary

The purpose of this activity is to verify the attributes in the Information Model-- that we’ve completed is backed up by a standard. We provide US and International realms (general purpose) to create mapping/vocabulary.

  • Identify gaps during this activity and where we can, close those gaps.

This is a continuation of activities CBCC and Security have already been engaged in. View this as more maintenance of the information model and the result will be useful to the ontology work—mapped standards and values set. When we start getting into other classes, (we are working on RBAC now), we are using primarily HL7 work. We then apply ASTM standards work which is purely representational because ASTM is only a US-realm standards organization. This proposal would continue to prepare our ontology work by bringing the focus in. As a group we need to look at other standards in this activity, we need to look at the Information Model classes and use our subject-matter expertise to say this standard probably belongs here.

Action Items

Back to Security Main Page