This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "January 23, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
Line 70: Line 70:
 
* focus has been on the implemcation of POU
 
* focus has been on the implemcation of POU
 
** there were several; we need to be cognizant of the relationshps for the POU to obtain
 
** there were several; we need to be cognizant of the relationshps for the POU to obtain
** it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with antoher covered Entity that does not have a rlationshp with the patient
+
** it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with another covered Entity that does not have a relationshp with the patient
 
*** there is proposed legeisation that would allow clearning outses to be a covered entity
 
*** there is proposed legeisation that would allow clearning outses to be a covered entity
 
** ''Draft Trusted Exchange Framework Final document''
 
** ''Draft Trusted Exchange Framework Final document''
Line 98: Line 98:
 
* Adrian Gropper gave us some insight on Privacy right for India
 
* Adrian Gropper gave us some insight on Privacy right for India
 
* Mike will add to the report
 
* Mike will add to the report
 +
 
==Meeting Materials==
 
==Meeting Materials==
 
*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Model%20Diagrams/PSAF%20TF4FA%202018/Domain%20Models%20for%20TF4FA%20%202018%200109.pptx TF4FA and Domain Modeling update]
 
*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Model%20Diagrams/PSAF%20TF4FA%202018/Domain%20Models%20for%20TF4FA%20%202018%200109.pptx TF4FA and Domain Modeling update]
 
*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202018/Domain%20Model%20Description%20V11.docx Domain Model v.11]
 
*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202018/Domain%20Model%20Description%20V11.docx Domain Model v.11]

Latest revision as of 17:50, 25 January 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
. Mohammed Jafari x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Greg Linden
. Paul Knapp . Grahame Grieve . Johnathan Coleman . Aaron Seib
. Ken Salyards . Jim Kretz . Gary Dickinson x Dave Silver
. Oliver Lawless x Joyce] . David Tao . Nathan Botts
x Francisco Jauregui] x Bo Dagnall x Man Garg x Peter Murphy

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Review and Approval of Jan 16, 2018 minutes
  3. (10 min) TF4FA and Domain Modeling updateand Domain Model v.11- Mike Davis
  4. (10 min) ONC Draft Trusted Exchange for Common Agreement released Please review and help the WG prepare PAC comments. - Focus on additional POUs and Minimum Necessary, XSPA, Consents - Mike and Kathleen
  5. (10 min) CCDE Connectathon Track discussion - Bo Dagnall
  6. (5 min) PSAF call report out - Chris Shawn
  7. (5 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis
  8. (5 min) Draft New Orleans Security WGM Agenda
  9. (1 min) FHIR Security update - John Moehrke

Minutes

  • Chris chaired.
  • Roll, Agenda approved with addition of a presentation from DXC on CCDE Connectathon
  • Jan 16th Meeting Minutes Kathleen moved; Beth seconded. Approved:12-0-0.
  • Domain Modeling Update Mike reported on progress with the Domain Model so as to align with PONDERS and address the remaining negative comments on TF4FA May 2017 ballot from Bernd Blobel. As a result, PSAF project is currently taking a strategic pause on TF4FA Volume 1 revisions until the updates to the S&P DAM are completed because it is the foundational Conceptual Information Model for TF4FA. However, work has started on Volume 3: Audit/Provenance/Blockchain as well as small tweaks to Volume 2 TF4FA Behavioral Model) to keep the two documents in synch changes to TF4FA Volume 1 resulting from changes in underlying S&P DAM. Robert Crawford, a VA modeler, is stepping in to update the S&P DAM. After the WGM, both the Tuesday PSAF call and the Thursday S&P DAM calls will be dedicated to DAM revisions in order to meet May ballot cycle deadlines.

TEFCA

  • focus has been on the implemcation of POU
    • there were several; we need to be cognizant of the relationshps for the POU to obtain
    • it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with another covered Entity that does not have a relationshp with the patient
      • there is proposed legeisation that would allow clearning outses to be a covered entity
    • Draft Trusted Exchange Framework Final document
      • B. Ensure providers and organizations participatin in exchange have confidence that theapproporaite consent or written authorization was captured, if and when it is needed,prior to the exchange of Electornic Health Iformaton.

XSPA - Mike has draft comments to share

  • lots of discussion on S&P and trying to get everyone to a common level, real mechanisms are need to secury exchange.. including patient desire. restrictions still exit. the current appropoach. we need an approapch that is sharing WITH protections.

a

  • in terms of 42CFR with protectons. concernts: that i a patient does nto sign consent, a clincialn may inadvertenly prescribe opiods for that patient

concern: even if they did away with the law, restrictions still exist.. patient could submit a restriction for tha provider

XSPA healthcare profile of SAML XSPA healthcare profile of XACML

OASIS has received comment from the public ballot--that should come across as scope of work for this-int eh orgianzaiton version everyting was hard coded in the vocabulary. in v2... it points to HL7vocabulary XSPA prifle for XACL they have a 3.0 version out now.


Connectathon - Bo Dagnall providing 3 three different components which can work together or separately

  • we are bring a resource services; we ill have it corrected AllScirps Va and Cerner


Is Privacy Dead Group

  • report out to occur at HL7
  • Adrian Gropper gave us some insight on Privacy right for India
  • Mike will add to the report

Meeting Materials