This wiki has undergone a migration to Confluence found Here
Difference between revisions of "May 2, 2017 Security Conference Call"
Jump to navigation
Jump to search
(Created page with "Back to Security Main Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Membe...") |
|||
Line 62: | Line 62: | ||
=='''Minutes'''== | =='''Minutes'''== | ||
+ | * Chaired by Kathleen | ||
+ | * Agenda Approved | ||
+ | * Minutes March 28, 2017 approved | ||
+ | * Trust Framework and SLS (Kathleen and Mike Davis) | ||
+ | * Issue: How to establish a Trust Framework with Applications patients share health information with | ||
+ | ** Can an app be trusted when patient | ||
+ | ** It is not up to the providers to dictate who they will share with | ||
+ | ** Applications (Apps) are not considered providers | ||
+ | ** When patient shares with App from a Privacy point of view they are sharing the information with themselves | ||
+ | ** The Health Information is not protected | ||
+ | ** They are a transport which serve as a pass through | ||
+ | ** Patient information is not encrypted or protected when sharing with app | ||
+ | ** Controls should be established with app | ||
+ | ** SLS maybe a solution to implement Cascading OATH capabilities | ||
+ | ** From a privacy point of view if Patient info is sent to an application it would be treated as if Patient sent the info to themselvess | ||
+ | ** Organizations can take Privacy protection service | ||
+ | ** Comment (Beth): We should partner with Mobile Security for Mobile Health | ||
+ | ** This issue will be covered in the next iteration | ||
+ | ** It can not be covered in Madrid conference since Mobile Health will not be covered | ||
+ | |||
+ | * FHIR Security Call - Please review front matter - John Moehrke | ||
+ | ** NTR | ||
+ | ** John was not present on the call | ||
+ | * No call on May 2nd due to Madrid conference | ||
+ | * Call adjourned |
Revision as of 16:24, 2 May 2017
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes March 28, 2017
- (20 min) xxxxx - lead
- (5 min) FHIR Security Call - Please review front matter - John Moehrke
Minutes
- Chaired by Kathleen
- Agenda Approved
- Minutes March 28, 2017 approved
- Trust Framework and SLS (Kathleen and Mike Davis)
- Issue: How to establish a Trust Framework with Applications patients share health information with
- Can an app be trusted when patient
- It is not up to the providers to dictate who they will share with
- Applications (Apps) are not considered providers
- When patient shares with App from a Privacy point of view they are sharing the information with themselves
- The Health Information is not protected
- They are a transport which serve as a pass through
- Patient information is not encrypted or protected when sharing with app
- Controls should be established with app
- SLS maybe a solution to implement Cascading OATH capabilities
- From a privacy point of view if Patient info is sent to an application it would be treated as if Patient sent the info to themselvess
- Organizations can take Privacy protection service
- Comment (Beth): We should partner with Mobile Security for Mobile Health
- This issue will be covered in the next iteration
- It can not be covered in Madrid conference since Mobile Health will not be covered
- FHIR Security Call - Please review front matter - John Moehrke
- NTR
- John was not present on the call
- No call on May 2nd due to Madrid conference
- Call adjourned