April 26, 2016 Security Conference Call

Back to Security Work Group Main Page

Attendees

Back to Security Main Page

Agenda DRAFT

1. ( 5 min) Roll Call, Agenda Approval
2. ( 5 min) Approve Security WG April 19, 2016 Minutes
3. (15 min) Security WGM Agenda May 2016 Montreal
4. (5 min) Privacy Impact Assessment Cookbook Update - Rick
5. (10 min) Privacy & Security by Design - new project? - Mike
6. ( 5 min) PASS Access Control Services Conceptual Model - Diana
7. ( 5 min) Joint Vocabulary Alignment Update - Diana
8. ( 5 min) PASS Audit Conceptual Model – Diana
9. ( 5 min) FHIR Security report out - John

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

Chaired by Kathleen Connor - Approved Security WG April 19, 2016 Minutes (approved)

• amended Diana section

- Security WGM Agenda May 2016 Montreal

• • Trust Framework, propose to discuss activities in the U.S.
• HHS moved to discuss trust framework and issued a report
• Trust framework activity involved numerous states in the U.S.
• We have put together some concept around trust framework such as pass access control (not yet complete)
• Would like to obtain opinions from Security WKG
• The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains

-they want to communicate between Domains and share information between Domains -Policies for the communication between domains must be conveyed -if FHIR is useful it can be conveyed during run time -what is signed in advanced is an agreement to use the framework - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards

-Privacy Impact Assessment Cookbook Update - Rick

• During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor
• next step is to move to domain experts for their approval

-Privacy & Security by Design - new project? - Mike

-PASS Access Control Services Conceptual Model - Diana

-Joint Vocabulary Alignment Update - Diana, Mike -Reid cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity

-PASS Audit Conceptual Model – Diana

• Pass access control conception model
• Susan reached out, and DoD participant withdrew his negative vote
• Only one negative vote remains outstanding (under Sept 2015 Ballot Package)
• In the Reconciliation Package has all comments and responses with his negative vote
• Diane will send Alex the direct link regarding the negative ballot

( 5 min) FHIR Security report out - John