This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "March 7, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 68: Line 68:
  
 
=='''Minutes'''==
 
=='''Minutes'''==
* Chaired by   
+
* Chaired by Kathleen  
* Agenda Approved
+
* Agenda approved
 +
* Approved: Security WG Call Minutes February 14, 2017 and Security WG Call Minutes February 28, 2017
 +
* Review any Security WG comments on ONC-sponsored: Patient Generated Health Data (PGHD) whitepaperPGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th.
 +
** (Kathleen) How patient generated health data can accelerate the access to health data for research studies using similar privacy and security approaches:
 +
*** Smart on FHIR approach can be used for patient consent on devices
 +
*** FHIR API can pull patient record and send to research projects
 +
*** Patient can authorize through a patient right of access for release of data for research
 +
*** Question: (Beth) What the profile would look like?
 +
*** Answer: Each Study would have a consent such as a HIPPA authorization used through a Gui
 +
*** Further discussion:
 +
*** Patient generated data is under HIPPA
 +
*** Consent codes for purpose of use are used from projects funded by NIH as a standard
 +
*** Comment (John): Data quality may become an issue, IRB may need to be used
 +
*** A standard for Patient Right of Access is needed
 +
** Comment (Beth): There is a section that has a description section under challenges: "Research Enabling Actions" :
 +
*** Strength in Patient consent in Data Use
 +
*** Next Step: Kathleen will write out new type of consent directive  for Patient Right of Access and send to Diana
 +
*** David suggested to reach out to projects working on IRB common rules
 +
*** Next Step:  David will provide a comment to Diana on IRB
 +
 
 +
* TF4FA Ballot Reconciliation Spreadsheet Disposition Review
 +
If possible, would like Ioana to walk the WG through her comments #55 – 75, which seem to be addressed by the TF4FA Behavioral Model. The proposed dispositions on these are marked “persuasive”.
 +
Review John Moehrke's comments 76 - 119 with his assistance.
 +
* Continuation of comments were reviewed from comment 66
 +
** Comment approved for Security Labeling is added and alinged with International Standards
 +
** Comment reviewed: Trust Services Federation Model should include policy resolution services
 +
 
 +
(5 min) Project Scope Statement - Medical Devices Security - follow up of outreach to Medical Device WG - Mike Davis
 +
(5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
 +
(5 min) Security Labeling Service Revision Update - Diana
 +
5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.

Revision as of 18:59, 14 March 2017

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes February 14, 2017 and Security WG Call Minutes February 28, 2017
  3. (5 min) Review any Security WG comments on ONC-sponsored: Patient Generated Health Data (PGHD) whitepaperPGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th.
  4. (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review
  • If possible, would like Ioana to walk the WG through her comments #55 – 75, which seem to be addressed by the TF4FA Behavioral Model. The proposed dispositions on these are marked “persuasive”.
  • Review John Moehrke's comments 76 - 119 with his assistance.
  1. (5 min) Project Scope Statement - Medical Devices Security - follow up of outreach to Medical Device WG - Mike Davis
  2. (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
  3. (5 min) Security Labeling Service Revision Update - Diana
  4. 5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.

Minutes

  • Chaired by Kathleen
  • Agenda approved
  • Approved: Security WG Call Minutes February 14, 2017 and Security WG Call Minutes February 28, 2017
  • Review any Security WG comments on ONC-sponsored: Patient Generated Health Data (PGHD) whitepaperPGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th.
    • (Kathleen) How patient generated health data can accelerate the access to health data for research studies using similar privacy and security approaches:
      • Smart on FHIR approach can be used for patient consent on devices
      • FHIR API can pull patient record and send to research projects
      • Patient can authorize through a patient right of access for release of data for research
      • Question: (Beth) What the profile would look like?
      • Answer: Each Study would have a consent such as a HIPPA authorization used through a Gui
      • Further discussion:
      • Patient generated data is under HIPPA
      • Consent codes for purpose of use are used from projects funded by NIH as a standard
      • Comment (John): Data quality may become an issue, IRB may need to be used
      • A standard for Patient Right of Access is needed
    • Comment (Beth): There is a section that has a description section under challenges: "Research Enabling Actions" :
      • Strength in Patient consent in Data Use
      • Next Step: Kathleen will write out new type of consent directive for Patient Right of Access and send to Diana
      • David suggested to reach out to projects working on IRB common rules
      • Next Step: David will provide a comment to Diana on IRB
  • TF4FA Ballot Reconciliation Spreadsheet Disposition Review

If possible, would like Ioana to walk the WG through her comments #55 – 75, which seem to be addressed by the TF4FA Behavioral Model. The proposed dispositions on these are marked “persuasive”. Review John Moehrke's comments 76 - 119 with his assistance.

  • Continuation of comments were reviewed from comment 66
    • Comment approved for Security Labeling is added and alinged with International Standards
    • Comment reviewed: Trust Services Federation Model should include policy resolution services

(5 min) Project Scope Statement - Medical Devices Security - follow up of outreach to Medical Device WG - Mike Davis (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana (5 min) Security Labeling Service Revision Update - Diana 5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.