This wiki has undergone a migration to Confluence found Here
Security January 2016 Orlando WGM Minutes
Minutes from Security WG
Contents
Overall Attendees
- Mike Davis mike.davis@va.gov
- John Moehrke john.moehrke@med.ge.com
- Alexander Mense alexander.mense@hl7.at
- Princess Trish Williams trish.williams@ecu.edu.au
- Duane DeCouteau ddecouteau@edmondsci.com
- Kathleen Connor Kathleen.connor@comcast.net
- Diana Proud-Madruga diana.proud-madruga@va.gov
- Dennis Patterson dennis.patterson@cerner.com
- Michael Donnelly michael.donnelly@epic.com
- Kevin Riley kevin.riley@infor.com
- Prareen Ekkati Praveen.Ekkati@infor.com
- Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
- Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
- Joshua Mendel childlens.harvard.edu
- Graham Grieve grahame@healthintersections.com.au
- Paul Knapp Pknapp@Pknapp.com
- Nancy Orvis nancy.j.orvis.civ@mail.mil
- Chris Shawn christopher.shawn2@va.gov
- Beth Pumo beth.pumo@kp.org
- Johnathan Coleman jc@securityrs.com
Tuesday Q1
Attendees:
- Mike Davis mike.davis@va.gov
- John Moehrke john.moehrke@med.ge.com
- Alexander Mense alexander.mense@hl7.at
- Princess Trish Williams trish.williams@ecu.edu.au
- Duane DeCouteau ddecouteau@edmondsci.com
- Kathleen Connor Kathleen.connor@comcast.net
- Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
- Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
- Chris Shawn christopher.shawn2@va.gov
- Beth Pumo beth.pumo@kp.org
- Johnathan Coleman jc@securityrs.com
Notes: Opening Security WG Meeting Introductions
- Agenda HL7 WGM JANUARY 2016 - Orlando, Florida USA Security WG
- John/Trish: 10/0/0
- IHE Report
- Advanced Patient Privacy Consents Profile -- will leverage CDA Consent Directive
- Internet User Assertion (IUA) -- will leverage HEART OAuth profiles
- ISO Report
- ???
- ONC - API taskforce
- HEART http://openid.bitbucket.org/HEART/
- UMA
- OAuth Scopes
- Consent Receipt
- Healthcare Access Control Catalog
- ballot reconcilliation done, just waiting on agreement
- FHIR Consent -- see us in Q3 at CBCC
- Workgroup responsibilities
- Future work items (Trish action item)
Tuesday Q2
Attendees:
- Mike Davis mike.davis@va.gov
- John Moehrke john.moehrke@med.ge.com
- Alexander Mense alexander.mense@hl7.at
- Princess Trish Williams trish.williams@ecu.edu.au
- Duane DeCouteau ddecouteau@edmondsci.com
- Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
- Chris Shawn christopher.shawn2@va.gov
- Beth Pumo beth.pumo@kp.org
Notes:
- Security/EHR Verb/Provenance/Lifecycle Vocabulary
- Work space Record Lifecycle, Security, Privacy, and Provenance Vocabulary Alignment
- Struggling greatly
- three months have produced 4 terms
- Principle to find a good-enough definition, focus on describing the functionality,
- Note IHE has published a White Paper on "Health Information Management". Written primarily by AHIMA individuals working within IHE. http://www.ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_WP_HITStdsforHIMPratices_Rev1.1_2015-09-18.pdf
- Worked on 3 year plan for Security WG
Tuesday Q3
Attendees:
- Mike Davis mike.davis@va.gov
- Princess Trish Williams trish.williams@ecu.edu.au
- Duane DeCouteau ddecouteau@edmondsci.com
- Kathleen Connor Kathleen.connor@comcast.net
- Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
- Chris Shawn christopher.shawn2@va.gov
- Diana Proud-Madruga diana.proud-madruga@va.gov
Security WG Project Meeting - Notes
- SOA Audit
- Diana started PSS. Group worked on formulation of PSS in preparation for joint meeting with SOA Q2 Wed.
- Discussion on Future work items
- Future security tutorials (free or paid) future planning?
- New topic for tutorial would be to cover the security aspects of FHIR. This could cover the different resources:
- Questionnaire, contract and C-CDA composition, security vocabularies supporting the labeling. To be considered for HL7 WGM Sept 2016 or May if possible. This would be a free tutorial. Kathleen will inquire about opportunities to deliver such tutorial close the the FHIR Connectathon.
- Future security tutorials (free or paid) future planning?
- Workgroup Health
- Email communication with TSC revealed that the WG is penalized for missing TSC election last year. This penalty applied to the workgroup health for the following 3 meetings.
- Three-Year Plan last updated Sept 2012. To be updated at this meeting.
- Trish updated Three-Year Plan in preparation for approval by WG.
- Mission and Charter last updated May 2015
- SWOT last updated May 2015
- Decision Making Processes last updated Sept 2014
- Post WGM Effectiveness Survey completed by Trish 13/01/2016
- Room bookings for next WGM in May completed by Trish 13/01/2016
- Actions:
- New Facilitator Publishing needs to be selected with the retirement of Mike Davis as Co-Chair. The HL7 Security Leadership page will need to be updated.
- New Three-Year Plan to be circulated and approved by WG.
- Next WGM (May) agenda to be posted to Wiki by 01 April 2016
Tuesday Q4
Attendees:
- Mike Davis mike.davis@va.gov
- Alexander Mense alexander.mense@hl7.at
- Princess Trish Williams trish.williams@ecu.edu.au
- Duane DeCouteau ddecouteau@edmondsci.com
- Kathleen Connor Kathleen.connor@comcast.net
- Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
- Chris Shawn christopher.shawn2@va.gov
- Beth Pumo beth.pumo@kp.org
- Don Jorgenson
Security WG Project Meeting Notes:
- Trust Framework
- Establishing a level that exchange between two or more entities can communicate.
- The current methods of common contract is inflexible and often technology specific. How this architecture applies to FHIR is (as yet) undetermined.
- The negotiation of the policies can happen at run-time, but these are computer negotiated contract that drives the policy.
- Using Trust Frameworks allows run time flexibility (and technology independent).
- Possible future project for Sec WG. Kathleen to advise on drafted initial material previously presented to assess possible directions.
- It is in the Security Labeling Service (SLS) but is not fully defined.
Wednesday Q1
Hosted by EHR
Wednesday Q2
Hosted by SOA
Wednesday Q3
Hosting FHIR
Wednesday Q4
Thursday Q1
Hosting FHIR