HL7 WGM Atlanta October 2015
Minutes from Security WG
Contents
Tuesday Q1
Opening Security WG Meeting Introductions
- Attendees
- Chaired by Mike Davis - Co-Chair
- Princess Trish Williams - Co-Chair
- Alex Mense - Co-Chair
- John Moehrke - Co-Chair
- Hideyuki Miyohara
- Johnathan Coleman
- Duane De Couteau
- Suzanne Gonzales-Webb
- Kathleen Connor
- Diana Proud-Madruga
Approval of agenda
- Agenda Reviewed HL7 WGM OCTOBER 2015 - Atlanta, Georgia USA Security WG
- Moved - Trish, Seconded - Johnathan Coleman, Approved 9/0/0
Approval of Previous WGM Minutes
- Minutes Reviewed HL7 WGM May 2015 - Paris, France - Security WG - Minutes
- Moved - Trish, Seconded - Kathleen Connor, Approved 10/0/0
- Discussion on Wed Q4 session and separation of consent from contract in minutes. It was requested to have a computable method to provide evidence that consent was obtained. It was relayed that all except two items are optional in the profile for consent. Nothing was decided at this meeting - just a consensus reached but contingent on CBCC approval. Subsequently CBCC did not give approval.
- Moved - Trish, Seconded - Kathleen Connor, Approved 10/0/0
International Report outs
- Japan (Hideyuki) is commencing Social Security number. Intention to create Japanese Medical Association want to define a new healthcare number for medical treatment. Want to introduce in 2018. Currently, each hospital has a separate number and therefore it is difficult to share information using patient number.
- Austria (Alex): ELGA will start in Dec 2015. Next step will be implementing tele-health and then to provide an infrastructure for tele-monitoring. Timeframe about 3 years.
- Europe projects looking at cross country sharing - refer to International Council presentations.
- In June Europe agreed on 'Right to Forget' - next step will be working out details to be completed by end of 2015. Possibly become law in 2018.
- Australia (Trish) PCEHR being renamed at MyHealthRecord. Push for more clinical engagement with the national system. Revision of governance for development organisation (replacing NEHTA).
- Other SDO update
- ISO (Hideyuki) No updates since May, Next meeting in Bern in Nov 2015.
- OASIS Trust Elevation (Diana) working on 4th deliverable - protocols for trust elevation. Looking at different models for implementation. They are seeking input and comments. Possible need for harmonisation. Diana will pass on to distribute to HL7 Sec WG.
- OASIS XSPA (Mike) working with Sequoia - working on information to convey consent. Also updating to include move to Vocabs to HL7.
- ANSI INCITS (US TAG for ISO JTC1 SC27). Next Generation Access Control (NGAC) - (very) technical specification
- IHE (John) - Entering phase for new proposals. Working to align IUA profile with the SMART and HEART work. New consent profile to support codeable consents as opposed to BPPC.
Tuesday Q2
PASS AC ballot reconciliation (Security,CBCC,SOA)
- Attendees
- Chaired by Mike Davis - Co-Chair
- Princess Trish Williams - Co-Chair
- Alex Mense - Co-Chair
- John Moehrke - Co-Chair
- Hideyuki Miyohara
- Duane De Couteau
- Kathleen Connor
- Diana Proud-Madruga
- Don Jorgensen (SOA)
- Ken Rubin (SOA)
- Vadim Polyakov vpolyakov@ikovaloa.com (SOA)
Tuesday Q3
Security WG Project Meeting: Data Provenance (w/Harry), review for final publication
- Joint with CBCC
- DPROV ID DSTU http://gforge.hl7.org/gf/download/docmanfileversion/8905/13498/HL7_CDAR2_DPROV_IG_DSTU.pdf
Tuesday Q4
Security WG Project Meeting FHIR Security and Privacy (announcement to be made) - TENTATIVE Entire Quarter
- Attendees
- Chaired by John Moehrke - Co-Chair
- Trish Williams - Co-Chair
- Alex Mense - Co-Chair
- John Davies - Co-Chair
- Hideyuki Miyohara
- Duane De Couteau
- Kathleen Connor
- Elliot Silver (elliot.silver@mckesson.com)
- Michael Donnelly (michael.donnelly@epic.com)
- Kevin Shekleton (kshekleton@cerner.com)
- Grahame Grieve (arrived 4.35pm)
Discussion on consent policies to gain consensus on what SEC WG would like represented in FHIR IG. Suite of resources on consent rather than segments only in the FHIR implementation guide. The FHIR team think it should be simpler. The concerns have been overstated to date. Suggested that specific use case be considered in exchanging consent with a third party allowed to collect consent.
Motion: Agree that we remain with 'contract' for the time being and recognise that this is an unresolved issue for the WG. Grahame said the name of the resource probably does not matter as we have other conflicts of the same nature across jurisdictions (e.g. patient). The aliases are only used for documentation and are not used to rename the resource.
Profiles on questionnaire - (creates a resource)
Wednesday Q1
Joint w/ EHR, CBCC, SOA Security - EHR Hosting
Wednesday Q2
Joint w/ SOA PSS SOA Security Existing project - PASS Access Control
Wednesday Q3
Hosting FHIR
- Attendees
- Chaired by
FHIR use of OAuth, OpenID, and UMA IHE-ITI, SMART, HEART, others?
AuditEvent and Provenance DSTU 2.1
Wednesday Q4
TBD - EHR/Vocab alignment sub-group * TENTATIVE *
- Attendees
- Chaired by
Thursday Q1
Security WG Project Meeting: Hosting FHIR Informal joint with CBCC
- Attendees
- Chaired by
FHIR Consent Resource / Profile / Questionnaire Work Session
Thursday Q2
Security WG Project Meeting Discussion on Future work items
- Attendees
- Chaired by
* Future security tutorials (free or paid) future planning
* Workgroup Health Decision making, Liaisons
Thursday Q3
- Attendees
- Chaired by
- Not scheduled, no room assigned TBD - EHR/Vocab alignment sub-group * TENTATIVE *