Revision as of 15:24, 29 March 2016

Attendees

x	Member Name	x	Member Name	x	Member Name
x	Kathleen ConnorSecurity Co-chair	.	Duane DeCouteau	.	Chris Clark
x	John MoehrkeSecurity Co-chair	.	Johnathan Coleman	.	Aaron Seib
.	Alexander Mense Security Co-chair	.	Ken Salyards	.	Christopher D Brown TX
.	Trish WilliamsSecurity Co-chair	.	Gary Dickinson	x	Dave Silver
	Mike Davis	.	Ioana Singureanu	.	Mohammed Jafari
x	Suzanne Gonzales-Webb	.	Rob Horn	.	Galen Mulrooney
x	Diana Proud-Madruga	.	Ken Rubin	.	William Kinsley
x	Rick Grow	.	Paul Knapp	x	Mayada Abdulmannan
x	Glen Marshall, SRS	.	Bill Kleinebecker	.	Christopher Shawn
.	Oliver Lawless	.	[mailto	.	Serafina Versaggi
x	Beth Pumo	.	Russell McDonell	.	Paul Petronelli , Mobile Health
.	Christopher Doss	.	Kamalini Vaidya	.	[mailto: TBD ]

( 5 min) Roll Call, Agenda Approval
( 5 min) Approve Security WG March 15 Minutes
(10 min) Review updated P&SbD PSS Rick
- Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
( 5 min) PASS Access Control Services Conceptual Model - Diana
( 5 min) Joint Vocabulary Alignment Update - Diana
( 5 min) PASS Audit Conceptual Model – Diana
( 5 min) FHIR Security report out - John
- Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Agenda and Minutes -Chaired by John
Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on TestScript Resource
Approved Security WG March 15 Minutes

-Review updated P&SbD PSS, Discussion, Rick:

Project Risk and Issues:
(John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
what requirements are we exercising the test scripts that are approved by FHIR Management Group
Possible issue of validating test scripts
Recourse availability
Subject Matter Expert availability
Policy must be declared for test scripts
The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
Note: HL7 risk is internal (Rick)
Note: Test scripts are not being balloted, they are being exercised (Kathleen)

comments/Question:
John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
Answer:
Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
SGB requested the Guide to be exercised by creating FHIR test Scripts.
CBCC and Security would start creating test script profiles in order to be available for connectathon use

Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties

Motion approved (Kathleen, John, Suzanne)3/0/0 :
Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision

-Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite

-PASS Access Control Services Conceptual Model - Diana

-Joint Vocabulary Alignment Update - Diana

-PASS Audit Conceptual Model – Diana

-FHIR Security report out - John

@@ Line 84: / Line 84: @@
 #Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on [http://hl7-fhir.github.io/testscript.htmlFHIR TestScript Resource]
 #Approved Security WG March 15 Minutes
-#Review updated P&SbD PSS, Rick
-*Discussion:
+-Review updated P&SbD PSS, Discussion, Rick:
 *Reviewed the scope statement
 *Added bullet to show impact on FHIR