October 11, 2016 Security Conference Call

Back to Security Work Group Main Page

Attendees

Back to Security Main Page

Agenda DRAFT

1. (2 min) Roll Call, Agenda Approval
2. (5 min) Approve Security WG October 4, 2016 call minutes and Security WG September 13, 2016 Minutesif these are available.
3. (10 min) PSS Document Sharing Approve our co-sponsorship with goal to show how security is applied to a broader workflow through specifics on AuditEvent use, and OAuth use. Secondary goal to create end-to-end security testing for connectathon.
4. (15 min) PSAF Ballot v.next Mike to discuss anticipated updates in response to ballot comments and new development. Determine next ballot level and possible renaming to prep for NIB submission by 10-31.
5. (15 min) Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
6. (5 min) PASS Audit Conceptual Model – Diana
7. (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call reminder - John

FHIR Security Ballot comment and CP review and FHIM modeling of PSAF - See agenda at FHIR Security Agenda

Minutes

• John Chaired
• approval of agenda - Kathleen/Suzanne - unanimous
• approval of minutes of 4th - Glen/Rick - unanimous
• not approving minutes from 13th as they are not done yet
• Review PSS - Document Sharing
  • Motion to approve co-sponsorship - Glen/Kathleen - unanimous
  • Security WKG is co-sponsor
  • Smart on FHIR comes with Apendix (Grahm)
  • Each member organization needs harmonization
  • As co-sponsor we can help harmonize which OATH will work
  • We are to provide landscape analysis of bridging concerns (Kathleen)
  • Security WKG role is to review all concerns of competing parties
• PSAF Ballot- Mike Davis
  • NTR
• Nov Harmonization Proposal Review Also, new ActReason for overriding need for consent - incompetency; 5 new Compartment codes; and technical corrections to SecurityObservationValue value set. Initial submissions due date Nov. 14 - Kathleen
  • Need approval of initial submission
  • Due Nov 14th
  • Intially completed and submitted in July, but was pulled out to see if it is too granular
  • There are two codes for purpose of use, one is used for eHealth exchange.
  • Next step: to meet Friday Nov 14th

• Review Vocabulary proposal from Kathleen
  • Concern with expansion of PurposeOfUse
    • Are these values specific enough?
    • are they intended to be categories? ==> Categories
  • Mike recommends we schedule a specific meeting to go deeper.
  • the Vetting of Vocab WKG is approved
  • Recommendation to make clinical Trial a parent rather than a lease for health care Biomedical research
  • Specific Branches should be specific (profiles) such as Cancer or inherited disease
  • Some patients prefer not to share all health care info for research
  • Comment: Mohammad: There is no clear semantics on what constitutes as research
    • Patient consent is not the only place where purpose of use is needed
    • Vocab having a hierarchy can help make it more granular
    • Some patients may opt out for example genetic research
  • Comment Glen: This is Policy Level vs. Operational level
    • The consent created is to group different types of studies to different types of consent
    • Action: Kathleen to schedule focused call
  • John indicates that we should look to propose new signature types from Kathleen comment on FHIR
• FHIR Security meeting will be held
• Adjourned