April 26, 2016 Security Conference Call
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
Mike Davis | . | Ioana Singureanu | . | Mohammed Jafari | ||||
x | Suzanne Gonzales-Webb | . | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
x | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | . | [mailto | . | Serafina Versaggi | |||
x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve Security WG April 19, 2016 Minutes
- (15 min) Security WGM Agenda May 2016 Montreal
- (5 min) Privacy Impact Assessment Cookbook Update - Rick
- (10 min) Privacy & Security by Design - new project? - Mike
- ( 5 min) PASS Access Control Services Conceptual Model - Diana
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PASS Audit Conceptual Model – Diana
- ( 5 min) FHIR Security report out - John
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
Chaired by Kathleen Connor - Approved Security WG April 19, 2016 Minutes (approved)
- amended Diana section
- Security WGM Agenda May 2016 Montreal
- Trust Framework, propose to discuss activities in the U.S.
- HHS moved to discuss trust framework and issued a report
- Trust framework activity involved numerous states in the U.S.
- We have put together some concept around trust framework such as pass access control (not yet complete)
- Would like to obtain opinions from Security WKG
- The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains
-they want to communicate between Domains and share information between Domains -Policies for the communication between domains must be conveyed -if FHIR is useful it can be conveyed during run time -what is signed in advanced is an agreement to use the framework - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards
-Privacy Impact Assessment Cookbook Update - Rick
- During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor
- next step is to move to domain experts for their approval
-Privacy & Security by Design - new project? - Mike
-Healthcare Access Control Catalog
Approval to move forward with publication request made in CBCC meeting. See April_26,_2016_CBCC_Conference_Call
-PASS Access Control Services Conceptual Model - Diana -There is only one negative vote -Diana sent Alex a message to withdraw his negative vote -Ballot Reconciliation package has all of Alex's comments and responses (located under Sept 2015 Ballot Package) -Changes will not be made until we confirm he is okay with the reconciliation -Action Item: Alex will reach out to him tomorrow -Action Item: Diana will send the direct link to Alex for the September 2015 Ballot Package.
- Pass access control conception model:
-Susan reached out, and DoD participant withdrew his negative vote -Only one negative vote remains outstanding (under Sept 2015 Ballot Package) -In the Reconciliation Package has all comments and responses with his negative vote -Diane will send Alex the direct link regarding the negative ballot
Hot Topic: Joint Vocabulary Alignment Update - Diana, Mike -Reed cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity -Mike proposed to Reed to look at the material we produced/capture to date and wrap up in one package and endorse that work between EHR and Security ( Work such as Definition life cycle event-terms, UNL Model with its link to providence and Security, and input on 1089 etc) -We would then be able to see what is useful for FHIR out of the material we currently completed -We should establish our position prior to the working group meeting with EHR
- PASS Audit Conceptual Model – Diana
-All the main work group SLA and sponsors with the PSS approved the final PSS -Daian sent to Paul Matt for the presentation to the steering division so it can become a final project
- FHIR Security report out - John
-Described the difference between security label and purpose of use -Current Audit event stand as is -Kathleen has been working on vocabulary across resources and how it relates to current activities -