This wiki has undergone a migration to Confluence found Here
June 21, 2016 Security Conference Call
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
X | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Dave Silver | |||
x | Mike Davis | . | Ioana Singureanu | X | Mohammed Jafari | |||
x | Suzanne Gonzales-Webb | x | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
. | Rick Grow | . | Paul Knapp | . | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | x | Grahame Grieve | . | Serafina Versaggi | |||
. | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG June 14, 2016 Minutes
- (3 min) Approve Security WG May 31, 2016 Minutes
- (10 min) Update on FHIR Test Scripts Discussion with Aegis - Update from John. Kathleen to report on FM/Payer Connectathon Track proposals to include these.
- (20 min) Update on the PSAF Security Policy model - Mike
- (10 min) Standards Privacy Impact Assessment Cookbook - Rick
- (3 min) PASS Access Control Services Conceptual Model - Diana
- (3 min) PASS Audit Conceptual Model – Diana Kathleen asks whether review of audit in ISTPA and various Privacy Frameworks, FIPPs, EU Data Protection Regulation etc. such as [http://xml.coverpages.org/ISTPA-PrivacyManagementReferenceModelV20.pdf Privacy Management
Reference Model - A framework for resolving privacy policy requirements into operational privacy services and functions International Security, Trust & Privacy Alliance] and ISTPA Analysis of Privacy Principles: Making Privacy Operational have been added to landscape review.
- (2 min) Action Items, next call agenda, adjornment
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
- Chaired by John
- Continued discussion from CBCC call on FHIR Consent.
- See http://wiki.hl7.org/index.php?title=FHIR_Consent_-_Grahame%27s_model#signature
- Conversation continues on the FHIR 'chat' tool at https://chat.fhir.org/#narrow/stream/implementers/topic/Consent
- The base policy autherizes nothing, but can assemble exceptions to authorize data (John)
- The Autherization is Opt in Opt out with restrictions or Opt out with Exceptions (Would be a permission)
- The Base policy is the Null policy (John)
- It is based on XAML