Security Work Group Weekly Conference Call

Meeting Information

Attendees

• Tabitha Albertson
• Bernd Blobel Security Co-chair, absent
• Tom Bonina
• Steven Connolly
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Don Jorgenson
• Glen Marshall
• John Moehrke Security Co-chair
• Milan Petkovic
• Pat Pyette
• Ioana Singureanu
• Richard Thoreson CBCC Co-chair
• Serafina Versaggi scribe
• Craig Winter

Agenda

1. (05 min) Roll Call, Approve Minutes Feb 9, 2010 & Call for Additional Agenda Items
2. (20 min) Review WG response to Meaningful Use IFR - endorse comments and submit to HL7 leadership
3. (10 min) DRAFT Harmonized Security and Composite Privacy Domain Analysis Model - Draft will be circulated for Peer Review by COB today
4. (25 min) Privacy Policy Templates Scope Statement (CBCC Agenda item)
5. (15 min) Ioana - present a sample CDA R2 Consent Directive Document (CBCC Agenda item moved to next week's agenda)
6. (05 min) Call for next week's agenda items

Minutes

1. Action Items

• Team: Homework for next week's Security and CBCC WG meeting - Complete peer review of the DRAFT Harmonized Security & Composite Privacy Domain Analysis Model. Please bring comments/questions to next week's meeting
• Mike: send the Security/CBCC WG endorsed comments in response to MU IFR to the HL7 Policy Committee

2. Resolutions

3. Announcements - None

4. Discussion

Security/CBCC WG Response to Meaningful Use IFR

• Glen Marshall and John Moehrke submitted their response to the IFR to the Security and CBCC lists. Their response included comments that were Security/Privacy specific, but also included comments that were not HL7-specific and already submitted on behalf of other SDOs in which they are involved.
• Given no additional comments were forthcoming from Security and CBCC WGs, it was decided that Glen and John’s comments would be submitted to the HL7 Policy Committee.
• Pat Pyette made a motion to endorse the comments/response to the MU IFR submitted Glen Marshall and John Moehrke to the Security/CBCC lists for inclusion with the general comments submitted by HL7 to the ONC.
• Mike made a friendly amendment that only those comments relevant to HL7 be endorsed by the Work Groups.

The motion was seconded by Glen Marshall Vote: 11/1/0 (approve/abstain/oppose)

Ontology Project

• Scope statement was reviewed by the Foundation & Technology Steering Division last week. Mike was unable to attend, but committee reviewed the scope statement and indicated they had questions and would revisit the scope statement next week once their questions were answered
• F&T Steering Division questioned whether this is a modeling or vocabulary project since typically *HL7 projects are one or the other and this project appears to cross boundaries.
• They also felt it was unclear as to what is being defined by this ontology and need assurance that the Vocabulary work group principals and methods for defining code systems will be followed.
• Steve volunteered to update the scope statement based on questions and will attend next week’s meeting with Mike
• The project has been reviewed with Russ Hamm and others on the Vocabulary WG and they are supportive of this effort
• This project will be an on-going effort, and the plan is to work on this steadily on this project. The initial task includes exploring ontology tools in collaboration with SOA as they proceed with their Ontology project
• Glen questioned whether having two government implementers for this effort might be off-putting to organizations outside of the government or the US. Mike welcomed any and all parties to join the project as implementers
  • The F&T Steering Division had similar questions for the SOA WG about their Ontology project scope statement (whether it’s a Vocabulary or modeling project). The SOA Ontology project is not being balloted as DSTU, and therefore does not require implementers.
• Glen raised the concern that a strictly health care specific and/or HL7 perspective could be problematic, as DICOM has some concepts that are not included in the RIM
  • Security Privacy services must acquire context values from systems that are not RIM-Aware
  • Security/Privacy services must acquire context values that are not health care specific but should share the same security privacy infrastructure.

There may be constraints that exist outside the health care domain that are pertinent – European privacy laws are not health care specific – they are privacy laws. We have to be open to the fact there are different models, both social and legal

• We also have to consider data that is structured or un-structure that are not in conformances with the RIM – PHR products. To presume this is RIM-map-able is not borne out in the real world

46 minutes – figuring out how to coordinate and work with Bernd to take advantage of his offer to assist with this project. Mike will determine a time that works for Bernd given the time zone difference.

• The VA is providing two additional part-time resources on the Security/Privacy Ontology project
  • Michelle Johnson – Security Software applications
  • Clinical Informatics intern –exploring some tools and will report back
• In terms of tools, we will look at Protégé and a few other tools to determine how they integrate with HL7 tools. One mentioned is TopGrade (not open source, but has some advantages over Protégé). Link: http://www.topquadrant.com/products/TB_Composer.html
• Bernd mentioned that ISO TC215 has been working on this for some time. There may be artifacts that may be developed in ISO that we can take advantage of. Steve mentioned that it would be helpful to identify those artifacts.
• As we move forward, it will be important to figure out how to work with Bernd, as he has offered to participate in this project as he has volunteered to participate. Mike will determine how to schedule a convenient time to meet.
• As we don’t have any procedures to move forward with this project, Glen’s advice is to document the process that is used in this project. This is important for the SOA Ontology project as well, and an effort will be made to coordinate this effort as well.