This wiki has undergone a migration to Confluence found Here
Difference between revisions of "February 7, 2017 Security Conference Call"
Jump to navigation
Jump to search
Line 40: | Line 40: | ||
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
− | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] |
Revision as of 19:31, 7 March 2017
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Security WG Call Minutes January 31, 2017
- (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- (10 min) WGM Minutes Review and Approval - Kathleen
- (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- (5 min) Security Labeling Service Revision Update - Diana
- (5 min) 21st Century Cures Act Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- Chaired by Alex
- Agenda Approved (Kathleen, Ioana)
- Security WG Call Minutes January 31, 2017 (Approved)
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- Spreadsheet reviewed
- Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet
- Motion approved comments as persuasive 1-25 (Beth, Alex)
- Line 26-Protective Health Information comments- Beth
- Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth)
- Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset
- Trust Framework is specific to healthcare (Mike Davis)
- Sensitive information shared by security labels, Protective Health is inclusive of sensitive information
- Protective Information can encompass Protective Health Information
- It is not persuasive to change to Protected Information, and should be more specific as Protective Health Information (Mike Davis)
- This is based on Security and Privacy information model for health care (Mike Davis)
- Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent
- Comment: Footnoting Federated Authorization Domain:(Beth)
- Suggesting it should be defined in a footnote or explained
- Mike David concurs on defining in footnote
- Next Step:
- Look to either to remove Protected information in the Documents needs to changed to Protective Health Information, or create a Definition for Protected Information and revisit next call
- Update the information Model, to draft a information Model
- gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- Reviewing Johns Comments that are considered none-persuasive:
- Note: John was not present at call
- The following comments by John were reviewed:
- Figure shows audit trail export mediating recording and analysis
- Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through
- Johns comment on Audit Trail Export is deemed none-persuasive
- Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates.
- Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO?
- Mike provided an explanation on difference between Alarm Reporting and ISO reporting:
- Alarm reporting is event reporting (As the event occurs with Analysis and is reported in real time)
- The Audit Analysis are sent after a period of time (based on requirement of reporting after analysis is done over a period of time)
- Comment (John) on Abstract Model republishes the Framework ISO 10181-7 and reinvent HL7 standard
- Response (Diana): It is taken from 10181-7 but also input from security working group
- Motion to accept John's Comments 20-35 approved (Mike, Diana)
- Call Adjourned