June 7, 2016 Security Conference Call

Back to Security Work Group Main Page

Attendees

Back to Security Main Page

Agenda DRAFT

1. (2 min) Roll Call, Agenda Approval
2. (3 min) ApproveSecurity WG May 31, 2016 Minutes
3. (20 min) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.
4. (20 min) Update on the PSAF Security Policy model - Mike
5. (10 min) Standards Privacy Impact Assessment Cookbook - Rick

• After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7.
• Edited PSS to be shown to Security WG. CBCC voted to approve edited version on their 06/07/16 call.

1. (3 min) PASS Access Control Services Conceptual Model - Diana
2. (3 min) PASS Audit Conceptual Model – Diana
3. (2 min) Action Items, next call agenda, adjornment

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

• Approved-Security WG May 31, 2016 Minutes (John, Diana) (2/0/0)
• Minutes Approval (Diana, Kathleen, Mike Abstained) (2/1/0) FHIR Test Scripts Discussion with Aegis - Mario Hyland et al. Background: At WGM Gary invited Security to attend an EHR WG session to discuss approaches for encouraging uptake of Privacy, Security - especially Audit, Lifecycle Provenance, Trust FHIR infrastructure among FHIR Connectathon participants and implementers generally. This is a follow up discussion on previous approaches [Gary's tracks added Connectathon achievement points] and Lloyd's suggestion that passing test scripts could be tied in some way to Connectathon participation.

• Update on the PSAF Security Policy model - Mike

-Privacy policy representation shared -methodology main model has privacy policy connected to composite policy -Has authority rule consent directive--> Jurisdictional organization---> consent grantee-->consent Grantor -Next Step: Continue developing the model, the text will continue to be in PSAF, and we will continue to develop the content with the trust relationships

• Standards Privacy Impact Assessment Cookbook - Rick

-Continued work on diagrams align with other HL7 publications -Working on diagrams to ensure they are easy to follow -Will likely have complete by end of week -Waiting on TSC for formal approval of PSS (After reviewing PSS, the TSC requested edits to reflect that project is indeed a guide and does not intend to impose a new requirement on HL7. Edited PSS to be shown to Security WG and vote requested to approve the edits.)

• PASS Access Control Services Conceptual Model - Diana

-On the Pass Access control service we are updating it with the comments (3 min) PASS Audit Conceptual Model – Diana -Waiting of TSC approval

• FHIR Security Call - John

- will be included next week -FMG sent a questionair where do you think the maturity model resources is in need in the marketplace -There are resources that are not maturing outside of committee. If we have resources that are not maturing, we are to notify FMG - Kathleen: We have one issue with the entity agent

-Sending out a email to group to see who will participate in writing the pass audit services document, and will set up a call

• Action Items, next call agenda, adjornment