This wiki has undergone a migration to Confluence found Here
June 28, 2016 Security Conference Call
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| X | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Dave Silver | |||
| x | Mike Davis | . | Ioana Singureanu | X | Mohammed Jafari | |||
| x | Suzanne Gonzales-Webb | x | Rob Horn | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
| . | Rick Grow | . | Paul Knapp | . | Mayada Abdulmannan | |||
| x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
| . | Oliver Lawless | x | Grahame Grieve | . | Serafina Versaggi | |||
| . | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
| . | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) no minutes from last week as we continued CBCC topic on FHIR Consent
- (3 min) Approve Security WG June 21, 2016 Minutes
- (15 min) Review and approval of Initial July Additional POU code Harmonization Proposal - Kathleen
- Already added to July Harmonization Update for VA use case [see link above]: Add HTEST [test health data] as a specializable code specializing HOPERAT [healthcare operations] Description: To perform one or more operations on information that is simulated or synthetic health data used for testing system capabilities outside of a production or operational system environment. Usage note: Data marked with a HTEST security label enables an access control system to permit interfacing systems or end users provisioned with a clearance, which includes a HTEST purpose of use attribute, to test, verify, or validate that a system or application will operate in production as intended based on design specifications.
- (15 min) Update on the PSAF Security Policy model - Mike
- (10 min) Standards Privacy Impact Assessment Cookbook - Rick
- (3 min) PASS Access Control Services Conceptual Model - Diana
- (3 min) PASS Audit Conceptual Model – Diana Kathleen asks whether review of audit in ISTPA and various Privacy Frameworks, FIPPs, EU Data Protection Regulation etc. such as [http://xml.coverpages.org/ISTPA-PrivacyManagementReferenceModelV20.pdf Privacy Management
- Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] and ISTPA Analysis of Privacy Principles: Making Privacy Operational have been added to landscape review.
- (10 min) How should 'test-data' be identified? Is this a legitimate use of security-tags?
- It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
- See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
- (10 min) De-Identification topics
- (2 min) Action Items, next call agenda, adjournment
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
