Difference between revisions of "October 11, 2016 Security Conference Call"
m (→Minutes) |
|||
| Line 67: | Line 67: | ||
==Minutes== | ==Minutes== | ||
TBD Chaired | TBD Chaired | ||
| + | Chaired by Kathleen Connor | ||
| + | + | ||
| + | TBD Chaired | ||
| + | − | ||
| + | *Minutes: | ||
| + | + | ||
*Agenda . | *Agenda . | ||
| + | − | ||
| + | |||
| + | + | ||
*Minutes: Sept. 13th Minutes are missing, so review/approval | *Minutes: Sept. 13th Minutes are missing, so review/approval | ||
| + | − | ||
| + | |||
| + | + | ||
| + | − | ||
| + | Agenda Approved | ||
| + | + | ||
| + | − | ||
| + | |||
| + | + | ||
| + | − | ||
| + | -Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex) | ||
| + | + | ||
| + | − | ||
| + | |||
| + | + | ||
| + | − | ||
| + | (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon. | ||
| + | + | ||
| + | − | ||
| + | |||
| + | + | ||
| + | − | ||
| + | |||
| + | + | ||
| + | − | ||
| + | *PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31. | ||
| + | + | ||
| + | − | ||
| + | - Comments have been updated to PSAF Policy Model | ||
| + | + | ||
| + | − | ||
| + | - Alex Comments: | ||
| + | + | ||
| + | − | ||
| + | - Modeling not consistant with PMAK or Security Domain | ||
| + | |||
| + | - More than one Security Domain are not consistant with policy breaching | ||
| + | |||
| + | - Concerned that policy can never be a contract | ||
| + | |||
| + | Kathleen Comment: | ||
| + | |||
| + | - Policy and contract are the same, as policy (HE) is a result of contract | ||
| + | |||
| + | Diana Comments: | ||
| + | |||
| + | - Submitted Walters comments on PKAK in the architecture of PSAF | ||
| + | |||
| + | - Trust info Model is part of PSAF | ||
| + | |||
| + | - Protective Health info is under HIPPA only in U.S. (42CFR) | ||
| + | |||
| + | - Many states do not use protective health | ||
| + | |||
| + | |||
| + | + | ||
| + | |||
| + | * Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen | ||
| + | |||
| + | - Data segmentation in standards all need to include confidentiality coded on CCDA's | ||
| + | |||
| + | -ONC has a risk on cofidentiality code that has a hard N. | ||
| + | |||
| + | |||
| + | PASS Audit Conceptual Model – Diana | ||
| + | + | ||
| + | − | ||
| + | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John | ||
| + | |||
| + | |||
| + | - Policy advisory committee is going through new restructuring and advisory | ||
| + | |||
| + | - Has dependencies on security patterns and is requesting for assistance for Security and Privacy | ||
| + | |||
| + | − | ||
| + | FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana) | ||
| + | |||
| + | - XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group | ||
| + | + | ||
| + | − | ||
| + | - There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags | ||
| + | + | ||
| + | − | ||
| + | - Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion | ||
| + | |||
| + | − | ||
| + | - Trust Governance group is creating Stadnards on how to express consent | ||
| + | |||
| + | -Consent must use audit to send, they also use paper Auth (Kathleen) | ||
| + | + | ||
| + | − | ||
| + | -Any Choice Provider can send a paper or signed consent | ||
| + | |||
| + | |||
| + | |||
| + | |||
*Meeting adjourned. | *Meeting adjourned. | ||
Revision as of 19:04, 11 October 2016
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
| . | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
- (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
- (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
- (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
- (5 min) PASS Audit Conceptual Model – Diana
- (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda
Minutes
TBD Chaired Chaired by Kathleen Connor + TBD Chaired −
- Minutes:
+
- Agenda .
−
+
- Minutes: Sept. 13th Minutes are missing, so review/approval
−
+ − Agenda Approved + −
+ − -Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex) + −
+ − (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon. + −
+ −
+ −
- PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
+ − - Comments have been updated to PSAF Policy Model + − - Alex Comments: + − - Modeling not consistant with PMAK or Security Domain
- More than one Security Domain are not consistant with policy breaching
- Concerned that policy can never be a contract
Kathleen Comment:
- Policy and contract are the same, as policy (HE) is a result of contract
Diana Comments:
- Submitted Walters comments on PKAK in the architecture of PSAF
- Trust info Model is part of PSAF
- Protective Health info is under HIPPA only in U.S. (42CFR)
- Many states do not use protective health
+
- Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen
- Data segmentation in standards all need to include confidentiality coded on CCDA's
-ONC has a risk on cofidentiality code that has a hard N.
PASS Audit Conceptual Model – Diana
+
−
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
- Policy advisory committee is going through new restructuring and advisory
- Has dependencies on security patterns and is requesting for assistance for Security and Privacy
− FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana)
- XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group + − - There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags + − - Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion
− - Trust Governance group is creating Stadnards on how to express consent
-Consent must use audit to send, they also use paper Auth (Kathleen) + − -Any Choice Provider can send a paper or signed consent
- Meeting adjourned.
