This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Security January 2016 Orlando WGM Minutes

From HL7Wiki
Jump to navigation Jump to search

Minutes from Security WG

Links

Return to: WGM Minutes > 2016 > January Orlando

Overall Attendees

  • Mike Davis mike.davis@va.gov
  • John Moehrke john.moehrke@med.ge.com
  • Alexander Mense alexander.mense@hl7.at
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Kathleen Connor Kathleen.connor@comcast.net
  • Diana Proud-Madruga diana.proud-madruga@va.gov
  • Dennis Patterson dennis.patterson@cerner.com
  • Michael Donnelly michael.donnelly@epic.com
  • Kevin Riley kevin.riley@infor.com
  • Prareen Ekkati Praveen.Ekkati@infor.com
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
  • Joshua Mendel childlens.harvard.edu
  • Graham Grieve grahame@healthintersections.com.au
  • Paul Knapp Pknapp@Pknapp.com
  • Nancy Orvis nancy.j.orvis.civ@mail.mil
  • Chris Shawn christopher.shawn2@va.gov
  • Beth Pumo beth.pumo@kp.org
  • Johnathan Coleman jc@securityrs.com

Tuesday Q1

Attendees:

  • Mike Davis mike.davis@va.gov
  • John Moehrke john.moehrke@med.ge.com
  • Alexander Mense alexander.mense@hl7.at
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Suzanne Gonzales-Webb suzanne.gonzales-webb@va.gov
  • Chris Shawn christopher.shawn2@va.gov
  • Beth Pumo beth.pumo@kp.org
  • Johnathan Coleman jc@securityrs.com

Notes: Opening Security WG Meeting Introductions

  • Agenda HL7 WGM JANUARY 2016 - Orlando, Florida USA Security WG
    • John/Trish: 10/0/0
  • IHE Report
    • Advanced Patient Privacy Consents Profile -- will leverage CDA Consent Directive
    • Internet User Assertion (IUA) -- will leverage HEART OAuth profiles
  • ISO Report
    • ???
  • ONC - API taskforce
  • HEART http://openid.bitbucket.org/HEART/
    • UMA
    • OAuth Scopes
    • Consent Receipt
  • Healthcare Access Control Catalog
    • ballot reconcilliation done, just waiting on agreement
  • FHIR Consent -- see us in Q3 at CBCC
  • Workgroup responsibilities
    • Future work items (Trish action item)

Tuesday Q2

Attendees:

  • Mike Davis mike.davis@va.gov
  • John Moehrke john.moehrke@med.ge.com
  • Alexander Mense alexander.mense@hl7.at
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Chris Shawn christopher.shawn2@va.gov
  • Beth Pumo beth.pumo@kp.org

Notes:

Tuesday Q3

Attendees:

  • Mike Davis mike.davis@va.gov
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Chris Shawn christopher.shawn2@va.gov
  • Diana Proud-Madruga diana.proud-madruga@va.gov

Security WG Project Meeting - Notes

  • SOA Audit
    • Diana started PSS. Group worked on formulation of PSS in preparation for joint meeting with SOA Q2 Wed.
  • Discussion on Future work items
    • Future security tutorials (free or paid) future planning?
      • New topic for tutorial would be to cover the security aspects of FHIR. This could cover the different resources:
      • Questionnaire, contract and C-CDA composition, security vocabularies supporting the labeling. To be considered for HL7 WGM Sept 2016 or May if possible. This would be a free tutorial. Kathleen will inquire about opportunities to deliver such tutorial close the the FHIR Connectathon.
  • Workgroup Health
    • Email communication with TSC revealed that the WG is penalized for missing TSC election last year. This penalty applied to the workgroup health for the following 3 meetings.
    • Three-Year Plan last updated Sept 2012. To be updated at this meeting.
      • Trish updated Three-Year Plan in preparation for approval by WG.
    • Mission and Charter last updated May 2015
    • SWOT last updated May 2015
    • Decision Making Processes last updated Sept 2014
    • Post WGM Effectiveness Survey completed by Trish 13/01/2016
    • Room bookings for next WGM in May completed by Trish 13/01/2016
  • Actions:
    • New Facilitator Publishing needs to be selected with the retirement of Mike Davis as Co-Chair. The HL7 Security Leadership page will need to be updated.
    • New Three-Year Plan to be circulated and approved by WG.
    • Next WGM (May) agenda to be posted to Wiki by 01 April 2016

Tuesday Q4

Attendees:

  • Mike Davis mike.davis@va.gov
  • Alexander Mense alexander.mense@hl7.at
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Kathleen Connor Kathleen.connor@comcast.net
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Chris Shawn christopher.shawn2@va.gov
  • Beth Pumo beth.pumo@kp.org
  • Don Jorgenson

Security WG Project Meeting Notes:

  • Trust Framework
    • Establishing a level that exchange between two or more entities can communicate.
    • The current methods of common contract is inflexible and often technology specific. How this architecture applies to FHIR is (as yet) undetermined.
    • The negotiation of the policies can happen at run-time, but these are computer negotiated contract that drives the policy.
    • Using Trust Frameworks allows run time flexibility (and technology independent).
    • Possible future project for Sec WG. Kathleen to advise on drafted initial material previously presented to assess possible directions.
    • It is in the Security Labeling Service (SLS) but is not fully defined.

Wednesday Q1

Hosted by EHR

Topics Discussed

  • Patient Choice Project - Johnathan Coleman
    • ONC recently launch this project. Will look at basic choice offered to the individual to prevent their PHI from being available for electronic exchange. Project to run Sept 2015 to March 2020. Refer to presentation.
  • Vocabulary Alignment
    • 30 terms to align.
    • Originateand Receive working definitions agreed. Verify and validate definitions not yet stable.
    • New PSS required as original PSS did not indicate that the work would go to ballot.
  • Report on revisions for Harmonize provenance and audit event resource with the W3C in FHIR, from John Moehrke.
  • Pain points in workflow project. FHIR W5 Report - Lloyd

Refer to EHR minutes for more detail

Wednesday Q2

Hosted by SOA

Wednesday Q3

Hosting FHIR

Attendees

  • John Moehrke john.moehrke@med.ge.com
  • Alexander Mense alexander.mense@hl7.at
  • Princess Trish Williams trish.williams@ecu.edu.au
  • Duane DeCouteau ddecouteau@edmondsci.com
  • Joshua Mendel childlens.harvard.edu
  • Hideyuki Miyohara miyohara.hideyuki@ap.mitsubishi-electric.co.jp
  • Dennis Patterson dennis.patterson@cerner.com
  • Michael Donnelly michael.donnelly@epic.com
  • Kevin Riley kevin.riley@infor.com
  • Prareen Ekkati Praveen.Ekkati@infor.com
  • Graham Grieve grahame@healthintersections.com.au
  • Paul Knapp Pknapp@Pknapp.com
  • Nancy Orvis nancy.j.orvis.civ@mail.mil
  • Chris Shawn christopher.shawn2@va.gov
  • Beth Pumo beth.pumo@kp.org
  • Johnathan Coleman jc@securityrs.com

Wednesday Q4

Thursday Q1

Hosting FHIR

Thursday Q2