This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 11, 2016 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair x Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS . Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi . Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson . Dave Silver
. Rick Grow . William Kinsley . Paul Knapp . Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . Paul Petronelli , Mobile Health . Russell McDonell

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
  3. (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
  4. (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
  5. (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
  6. (5 min) PASS Audit Conceptual Model – Diana
  7. (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John

FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda

Minutes

TBD Chaired Chaired by Kathleen Connor + TBD Chaired −

  • Minutes:

+

  • Agenda .

+

  • Minutes: Sept. 13th Minutes are missing, so review/approval

+ − Agenda Approved + −

+ − -Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex) + −

+ − (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon. + −

+ −

+ −

  • PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.

+ − - Comments have been updated to PSAF Policy Model + − - Alex Comments: + − - Modeling not consistant with PMAK or Security Domain

- More than one Security Domain are not consistant with policy breaching

- Concerned that policy can never be a contract

Kathleen Comment:

- Policy and contract are the same, as policy (HE) is a result of contract

Diana Comments:

- Submitted Walters comments on PKAK in the architecture of PSAF

- Trust info Model is part of PSAF

- Protective Health info is under HIPPA only in U.S. (42CFR)

- Many states do not use protective health


+

  • Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen

- Data segmentation in standards all need to include confidentiality coded on CCDA's

-ONC has a risk on cofidentiality code that has a hard N.


PASS Audit Conceptual Model – Diana + −

  • FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John


- Policy advisory committee is going through new restructuring and advisory

- Has dependencies on security patterns and is requesting for assistance for Security and Privacy

− FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana)

- XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group + − - There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags + − - Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion

− - Trust Governance group is creating Stadnards on how to express consent

-Consent must use audit to send, they also use paper Auth (Kathleen) + − -Any Choice Provider can send a paper or signed consent



  • Meeting adjourned.