April 3, 2018 Security Conference Call
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| . | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| x | Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | Theresa Connor | |||
| . | Mohammed Jafari | . | Ioana Singureanu | . | Peter Bachman | x | [mailto: Matt Blackman, Sequoia] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of March 27, 2018 minutes
- (5 min) TF4FA Normative Ballot submitted - Mike
- (15 min) FHIR Security Updates - John
- (15 min) Security Cologne May WGM Agenda
Meeting Minutes DRAFT
Roll Call, Agenda Approval Kathleen chair
Meeting Materials
- Trust Framework for Federated Authorization presentation
- TF4FA Vol. 2Behavioral Model May Ballot
- Is Privacy Obsolete Study Group news from EU
- HIMSS - What Healthcare Organizations need to know about the GDPR and HIMSS Presentation recording
- Dutch referendum: Spy tapping powers 'rejected'
- Patient Directed backend communication
- Oauth App Registration
- Certificate Management
Meeting Minutes (DRAFT) Roll Call, Agenda review, meeting minutes approval
Meeting Minutes for 3/27/2018 approved Motion to approve: (Suzanne/JohnM) objections: none; abstentions: none; approval:11
TF4FA Normative Ballot - Mike/Kathleen
- ballot submitted - Mike/Kathleen
- No comments
- Need to confirm this is what intended for the v3 ballot package
- Brief discussion of the document included
- This goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package)
- Note that CBCP co-chair are listed as co-sponsors
- Kathleen will confirm for the WG that it is ready to go
PSAF weekly calls are cancelled at this time and may restart once ballot reconciliation begins
FHIR Security Updates
- call just completed - new time is attracting more people
- ZULIP chat has two new streams
- security and privacy stream, additional stream so that only pertinent security and privacy information are conveyed
- ** another stream (?)
- Johnathan was able to join today’s call, reviewed the key consideration of the ONC white paper
- recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2
- discussion around input validation and vulnerability assessment and future improvement opportunities
Add information from FHIR Security Call
Connectathon - FHIR Connectathon track - hopefully, take GDPR as a set of requirements and take the S&P capabilities in and around FHIR--can we show a relationship between them
- we have provenance resources, can it aid with clause 243 and 398, etc.
- without going into too much detail, just showing relationships, showing how scenarios prove it... the more we get done the better
- setting the bar low, trying to get a cross-reference with the S&P items we have
- in that level we can see that we have a gaping hole that we need to add ... if such a thing exists
- the other is a less formal, Grahame is interested in standing up a hyper ledger infrastructure (general purpose - block chain infrastructure) for block-chain
- call out in ZULIP chat, in developing scenario around that type of infrastructure... three different proposes but no ‘’fish on the hook’’
‘’’Agenda for Cologne – Agenda Items’’’ patterns on FHIR
Kathleen received xx from Rene Spronk
- he is working on a GDPR presentation on healthcare data interoperability - on vocab we might need,
- longer than what we can use for the Q3/Q4 Monday joint,
- Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint
- Rene goes through security labels and main parts of GDPR which is required in an automated fashion
- possible new codes for v3
- have server which can deal with security labels
- maybe able to mock up POU, certain kinds of actions, involving GDPR
- use cases featuring GDPR, SL, etc (suggested)
Next week - Kathleen should have something to present regarding the Cologne agenda reminder: one of the thoughts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who would not normally find us...can find us
- JohnM is trying to find what those times areas might be... (for cologne agenda)
- l*block of time...would be great to have input from the FHIR WG... risk management and items like that
- suggestions requested for topic areas...we can determine where our priorities line up.
Additional items? in materials, Kathleen adds salient information to meeting minutes -
- look at changes to ... so that you have a navigating
privacy obsolete - added links, to breaches, breaches to be considered in court, surveillance techniques, etc. related to privacy issues the HIMSS presentation on GDPR is excellent if you want to have a sense on what US entities might be interested on... may have interest
meeting call adjorned at 1228 Arizona time --Suzannegw (talk) 15:26, 3 April 2018 (EDT)
