This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

March 22, 2016 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve Security WG March 15 Minutes
  3. (10 min) Review updated P&SbD PSS Rick
  4. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  5. ( 5 min) Joint Vocabulary Alignment Update - Diana
  6. ( 5 min) PASS Audit Conceptual Model – Diana
  7. ( 5 min) FHIR Security report out - John
    • Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

  1. Agenda and Minutes -Chaired by John
  2. Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on TestScript Resource
  3. Approved Security WG March 15 Minutes
  4. Review updated P&SbD PSS, Rick
  • Discussion:
  • Reviewed the scope statement
  • Added bullet to show impact on FHIR
  • Area's that were changed have been highlighted
  • FMG has been added as interested party
  • Test Scripts were added


  • Project Risk and Issues:
  • (John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
  • what requirements are we exercising the test scripts that are approved by FHIR Management Group
  • Possible issue of validating test scripts
  • Recourse availability
  • Subject Matter Expert availability
  • Policy must be declared for test scripts
  • The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
  • Note: HL7 risk is internal (Rick)
  • Note: Test scripts are not being balloted, they are being exercised (Kathleen)


  • comments/Question:
  • John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
  • Answer:
  • Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
  • SGB requested the Guide to be exercised by creating FHIR test Scripts.
  • CBCC and Security would start creating test script profiles in order to be available for connectathon use
  • Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties
  • Motion approved (Kathleen, John, Suzanne)3/0/0 :
  • Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision


  1. Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
  1. PASS Access Control Services Conceptual Model - Diana
  • NTR
  • Waiting to hear back from Alex
  1. Joint Vocabulary Alignment Update - Diana
  • NTR
  • Vocab Alignment meeting was cancelled
  1. PASS Audit Conceptual Model – Diana
  • NTR
  1. FHIR Security report out - John
  • Continued work on signature and harmonization
  • No issues to report