August 04, 2015 Security WG Conference Call

Attendees

Back to Security Main Page

Agenda DRAFT

1. ( 5 min) Roll Call, Agenda Approval
2. ( 5 min) Approve July 28 Meeting Minutes,
3. ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
4. (10 min) ACS model - Mike/Dave Silver
5. ( 5 min) Joint Vocabulary Alignment Update - Diana
6. ( 5 min) PSAF Update - Kathleen (same as agenda item #7/done at same meeting)
7. ( 5 min) Status of Provenance and AuditEvent subcommittee -- Kathleen/John
8. ( 15 min) FHIR Security Discussion Block Vote for approval August 4
9. ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
   1. Please send any agenda items to Suzanne

FHIR AuditEvent Discussion -- removed from block vote

• 8123 AuditEvent constraints are too tight (Lloyd McKenzie) Persuasive

FHIR AuditEvent Block Vote

• 7565 2015May core #856
• 7432 2015May core #720 - AuditEvent requestor (Helen Broberg) Not Persuasive- Fix link (Kathleen Connor) Not Persuasive with Mod
• 6233 AuditEvent confusion on 'idenfier' elements that are actually strings. Affects understanding as well as search (which should not be token) (John Moehrke) Persuasive with Mod
• 6269 AuditEvent needs a Participant userId type code to explain how to understand the value in userId (e.g. Patient ID in CX form) (John Moehrke) Persuasive with Mod
• 7431 2015May core #719 - AuditEvent source identifier (Helen Broberg) Persuasive with Mod
• 7564 2015May core #855 - AuditEvent.event value set is a mess (Kathleen Connor) Persuasive with Mod

Meeting Minutes

Agenda approved (Mike Davis/Suzanne)

Meeting Minutes for July 21 were unanimously approved (Mike/Diana)

We have a final Access Control framework

• Requirements set up for services, capabilities in the framework
• Needs to be presented so that we can receive comments (post to Security list serve?)
• First draft to be sent out by Diana at the end of this week

EHRS + PHRS FMs + RM-ES on FHIR

1. Please join my meeting - FRIDAY 11AM ET (8AM PT)
https://global.gotomeeting.com/meeting/join/ <https://global.gotomeeting.com/meeting/join/> 650909605
2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.
United States: +1 (215) 383-1013
Access Code: 650-909-605
Audio PIN: Shown after joining the meeting
Meeting ID: 650-909-605

• 7565 2015May core #856
  • tabled, discussion
  • pulled from block vote
• 7432 2015May core #720 - AuditEvent requestor (Helen Broberg) Not Persuasive- Fix link (Kathleen Connor) Not Persuasive with Mod
• 6233 AuditEvent confusion on 'idenfier' elements that are actually strings. Affects understanding as well as search (which should not be token) (John Moehrke) Persuasive with Mod
• 6269 AuditEvent needs a Participant userId type code to explain how to understand the value in userId (e.g. Patient ID in CX form) (John Moehrke) Persuasive with Mod
• 7431 2015May core #719 - AuditEvent source identifier (Helen Broberg) Persuasive with Mod
• 7564 2015May core #855 - AuditEvent.event value set is a mess (Kathleen Connor) Persuasive with Mod
  • tabled, discussion
  • pulled from block vote
  • documentation needs to be recorded (audit event); the front material for audit events should be clear that there is an expectation of use of profiling to give specific guidance (i.e., profiles will be required)
  • we will ensure the documentation is sufficient to inform implementers that these are example value sets, that other value sets or sub-sets can be in the profile
  • item will be returned to the block vote

8123 - ATNA does not do FHIR resources

• we need a pointer to a resource (currently exclusive one or the other)
• we will remove the exclusiveness

MOTION: Block vote for today does not include 7565; added 8123 (Mike/Kathleen) questions on 7564 - (Mike Davis)

• John will make the change to add ASTM E2147 to 7564 FHIR AuditEvent (friendly amendment Mike/Kathleen)

Objections/Abstentions: None; Approval: 10

Meeting adjourned at 1204 PST --Suzannegw (talk) 17:13, 4 August 2015 (EDT)