October 11, 2016 Security Conference Call
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
| . | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
- (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
- (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
- (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
- (5 min) PASS Audit Conceptual Model – Diana
- (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda
Minutes
TBD Chaired Chaired by Kathleen Connor + TBD Chaired
- Minutes:
Agenda Approved
-Approve Security WG Minutes Aug 30th and Sept 6th (John, Alex)
-PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
−
- PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
- Comments have been updated to PSAF Policy Model
- Alex Comments:
- Modeling not consistent with PMAK or Security Domain
- More than one Security Domain are not consistant with policy breaching
- Concerned that policy can never be a contract
- Kathleen Comment:
- Policy and contract are the same, as policy (HE) is a result of contract
- Diana Comments:
- Submitted Walters comments on PKAK in the architecture of PSAF
- Trust info Model is part of PSAF
- Protective Health info is under HIPPA only in U.S. (42CFR)
- Many states do not use protective health
- Nov Harmonization Proposal Review Initial submission due date Nov. 14 - Kathleen
- Data segmentation in standards all need to include confidentiality coded on CCDA's
- ONC has a risk on cofidentiality code that has a hard N.
PASS Audit Conceptual Model – Diana
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John
- Policy advisory committee is going through new restructuring and advisory
- Has dependencies on security patterns and is requesting for assistance for Security and Privacy
− FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda (Kathleen, Diana)
- XSAML assertion not in agenda, Kathleen will add to agenda for Trust Governance group
- There are concerns wants the information to be sent to eHealth Exchange then to ==> Vista to send any red flags
- Diana explains that it is still operational if they choose to use eHealth Exhcange and VBista as it is part of XSAML Assertion
− - Trust Governance group is creating Stadnards on how to express consent
-Consent must use audit to send, they also use paper Auth (Kathleen)
-Any Choice Provider can send a paper or signed consent
- Meeting adjourned.
