Difference between revisions of "October 11, 2016 Security Conference Call"
m (→Minutes) |
m (→Minutes) |
||
| Line 69: | Line 69: | ||
Chaired by Kathleen Connor | Chaired by Kathleen Connor | ||
+ | + | ||
| − | TBD Chaired | + | TBD Chaired |
| − | |||
*Minutes: | *Minutes: | ||
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Agenda Approved | Agenda Approved | ||
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
-Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex) | -Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex) | ||
| − | + | ||
| − | + | -PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon. | |
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
− | − | ||
*PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31. | *PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31. | ||
| − | + | ||
| − | |||
- Comments have been updated to PSAF Policy Model | - Comments have been updated to PSAF Policy Model | ||
| − | + | ||
| − | |||
- Alex Comments: | - Alex Comments: | ||
| − | + | ||
| − | + | - Modeling not consistent with PMAK or Security Domain | |
| − | - Modeling not | ||
- More than one Security Domain are not consistant with policy breaching | - More than one Security Domain are not consistant with policy breaching | ||
| Line 118: | Line 91: | ||
- Concerned that policy can never be a contract | - Concerned that policy can never be a contract | ||
| − | Kathleen Comment: | + | *Kathleen Comment: |
- Policy and contract are the same, as policy (HE) is a result of contract | - Policy and contract are the same, as policy (HE) is a result of contract | ||
| − | Diana Comments: | + | *Diana Comments: |
- Submitted Walters comments on PKAK in the architecture of PSAF | - Submitted Walters comments on PKAK in the architecture of PSAF | ||
| Line 130: | Line 103: | ||
- Protective Health info is under HIPPA only in U.S. (42CFR) | - Protective Health info is under HIPPA only in U.S. (42CFR) | ||
| − | - Many states do not use protective health | + | - Many states do not use protective health |
| − | |||
| − | |||
| − | |||
* Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen | * Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen | ||
| Line 139: | Line 109: | ||
- Data segmentation in standards all need to include confidentiality coded on CCDA's | - Data segmentation in standards all need to include confidentiality coded on CCDA's | ||
| − | -ONC has a risk on cofidentiality code that has a hard N. | + | - ONC has a risk on cofidentiality code that has a hard N. |
PASS Audit Conceptual Model – Diana | PASS Audit Conceptual Model – Diana | ||
| − | + | ||
| − | |||
* FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John | ||
| Line 156: | Line 125: | ||
- XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group | - XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group | ||
| − | + | ||
| − | |||
- There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags | - There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags | ||
| − | + | ||
| − | |||
- Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion | - Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion | ||
| Line 167: | Line 134: | ||
-Consent must use audit to send, they also use paper Auth (Kathleen) | -Consent must use audit to send, they also use paper Auth (Kathleen) | ||
| − | + | ||
| − | |||
-Any Choice Provider can send a paper or signed consent | -Any Choice Provider can send a paper or signed consent | ||
Revision as of 19:18, 11 October 2016
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
| . | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
- (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
- (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
- (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
- (5 min) PASS Audit Conceptual Model – Diana
- (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda
Minutes
TBD Chaired Chaired by Kathleen Connor + TBD Chaired
- Minutes:
Agenda Approved
-Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex)
-PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
−
- PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
- Comments have been updated to PSAF Policy Model
- Alex Comments:
- Modeling not consistent with PMAK or Security Domain
- More than one Security Domain are not consistant with policy breaching
- Concerned that policy can never be a contract
- Kathleen Comment:
- Policy and contract are the same, as policy (HE) is a result of contract
- Diana Comments:
- Submitted Walters comments on PKAK in the architecture of PSAF
- Trust info Model is part of PSAF
- Protective Health info is under HIPPA only in U.S. (42CFR)
- Many states do not use protective health
- Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen
- Data segmentation in standards all need to include confidentiality coded on CCDA's
- ONC has a risk on cofidentiality code that has a hard N.
PASS Audit Conceptual Model – Diana
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
- Policy advisory committee is going through new restructuring and advisory
- Has dependencies on security patterns and is requesting for assistance for Security and Privacy
− FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana)
- XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group
- There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags
- Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion
− - Trust Governance group is creating Stadnards on how to express consent
-Consent must use audit to send, they also use paper Auth (Kathleen)
-Any Choice Provider can send a paper or signed consent
- Meeting adjourned.
