This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 6, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 43: Line 43:
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconcilation is ready for upload]''' - Mike
+
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconciliation is ready for upload]''' - Mike
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
Line 69: Line 69:
 
**Kathleen's understanding was we were waiting on updates to the document
 
**Kathleen's understanding was we were waiting on updates to the document
  
Harmonization proposals - tonight is final proposals nneed to be in
+
Harmonization proposals - tonight is final proposals need to be in
 
* We have reviewed them all earlier
 
* We have reviewed them all earlier
 
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
 
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
 
*** Only a slight variation/change is needed to correct
 
*** Only a slight variation/change is needed to correct
 
** Reviewed a spreadsheet instead of word document
 
** Reviewed a spreadsheet instead of word document
** It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are and  a differnt CUI marking is needed) as shown under 'Marking Multiple Pages'
+
** It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and  a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  
 
* Additional issue -
 
* Additional issue -
** under RoseTree, xml used in version 3 if you look at code system; under _ActCodeSystem
+
** under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
***SecurityPolicy(security Polcy)
+
***SecurityPolicy(Security Policy)
***adding privacy marker; one for CUI, second for security labeling mark - alked about last week.  These are marks that you display which may be in the descritipn (i.e. confidential, high water mark; 42CFR42, etc)
+
***adding privacy marker; one for CUI, second for security labeling mark - talked about last week.  These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)
  
 
<<add link to harmonization proposal>>
 
<<add link to harmonization proposal>>
Line 94: Line 94:
 
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
 
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
 
* Peter is trying to mesh of POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy?)
 
* Peter is trying to mesh of POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy?)
* (Kathleen) There is abranch that is not healthcare specific which may be helpful to look at
+
* (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at
 
* Peter ) something they need
 
* Peter ) something they need
  
next GDPR call in two weeks - we will dsicss proposal; come up with harmonized list and send out to Security and European group to spread out to their organizations and get feeback
+
next GDPR call in two weeks - we will discuss proposal; come up with harmonized list and send out to Security and European group to spread out to their organizations and get feedback
 
*one of the use cases will be from national summary? (from Giorgio)
 
*one of the use cases will be from national summary? (from Giorgio)
 
** one will be from John...(add description) ''care plan, care plan track''
 
** one will be from John...(add description) ''care plan, care plan track''
  
* next call on NOvember 19 - at noon Eastern on Monday
+
* next call on November 19 - at noon Eastern on Monday
  
 
Connectathon
 
Connectathon
Line 107: Line 107:
 
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.  
 
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.  
  
Meeting adjorned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST)
+
Meeting adjourned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST)
 
https://fccdl.in/q8Ci7x2ZYP
 
https://fccdl.in/q8Ci7x2ZYP
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Revision as of 18:37, 13 November 2018

Back to Security Main Page

Attendees

Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui . Joe Lamy
. Theresa Ardal Connor . Greg Linden . Grahame Grieve . Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes October 30, 2018
  3. (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
  4. (30 min) Review of Final Security Harmonization proposals
  1. (5 min) GDPR whitepaper on FHIR Update - Alex
  • No FHIR Security call update - John sends his regrets

Meeting Minutes

Meeting Chair - Kathleen

Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Objection: none; Abstain: none Approval: 8


PASS AUDIT Revision

  • Unknown if ballot reconciliation sheet was ever uploaded to ballot site
    • If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
    • Unsure if withdrawals have been requested
  • Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
    • DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
    • Kathleen's understanding was we were waiting on updates to the document

Harmonization proposals - tonight is final proposals need to be in

  • We have reviewed them all earlier
    • Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
      • Only a slight variation/change is needed to correct
    • Reviewed a spreadsheet instead of word document
    • It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  • Additional issue -
    • under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
      • SecurityPolicy(Security Policy)
      • adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)

<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.

  • VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
    • Opposed: none: abstention: none; Approve: 8
    • Kathleen will submit today (tonight) with additional CUI changes

GDPR White Paper

  • Low attendance, would like more people from EU
  • Peter started discussion with POU which fits very nicely with current POU vocabulary definition
  • Agreement during meeting that there is a difference in POU and purpose of processing
    • Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
  • Peter is trying to mesh of POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy?)
  • (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at
  • Peter ) something they need

next GDPR call in two weeks - we will discuss proposal; come up with harmonized list and send out to Security and European group to spread out to their organizations and get feedback

  • one of the use cases will be from national summary? (from Giorgio)
    • one will be from John...(add description) care plan, care plan track
  • next call on November 19 - at noon Eastern on Monday

Connectathon

  • Note: MiHIN is willing to join in the Montréal Connectathon
  • finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.

Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST) https://fccdl.in/q8Ci7x2ZYP

Back to Security Main Page