This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

June 12, 2012 Security Working Group Conference Call

From HL7Wiki
Jump to navigation Jump to search

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Proposed Health Care Privacy and Security Classification System BallotPresentation Kathleen Connor
  3. (15 min) HL7 Security Service Oriented Architecture Domain Analysis Model (SSOA DAM) and approval of HL7 Security SOA Architecture Project Scope Statement Kathleen Connor
  4. New Conference Call Time - Doodle Poll
  5. (15 min) Item3
  6. (5 min) Other Business



Meeting Minutes DRAFT

Roll Call, Approve Minutes & Accept Agenda

Presentation on Healthcare Privacy and Security Classification System Mike Davis explained the genesis of the adapting industry classification schemes such as those used by the postal service and intelligence community to healthcare. He noted that the restructuring of the HL7 Security and Privacy vocabulary, which was prompted by the analysis done for the HL7 Confidentiality Code Refactoring project, resulted in development of guidance on how that vocabulary should be used at various security layers. These layers or "envelopes" are encrypted encapsulation of metadata required by authorized receivers to perform routing and access control of the contents within each envelope. The outer envelopes do not reveal the protected information. Authorized receivers of protected content may have to assert entitlement to the protected information and commit to complying with obligations and policies governing how the protected information is to be used in order to access the decryption key. Arnon raised a number of questions about the utility of the "envelope" metaphor when senders should ensure that receivers are authorized to access the protected information before sending it. Mike explained the requirement in terms of a healthcare staff person being able to request protected information but not being entitled to access the content, which would only be made available to authorized clinicians by the the healthcare enterprise access control system.

(15 min) *Items Agreed upon for Harmonization:

Revised presentation on HL7 Security WG July Harmonization Proposals]

New Conference Call Time - Doodle Poll

Item3

(5 min) Other Business

Action Items

Back to Security Main Page