This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

CMHAFF call, Monday, February 20

From HL7Wiki
Revision as of 22:58, 20 February 2017 by David tao (talk | contribs)
Jump to navigation Jump to search

Attendees: Nathan Botts, Bill Kleinbecker, David Tao

In response to Security and CBCC workgroups' request to identify the risk domains, cMHAFF has identified some excellent resources:

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3959919/

  • HITRUST, which provides HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

https://hitrustalliance.net/

David will continue gathering information from the literature, and map these against the cMHAFF categories, identifying gaps. The end result will be a clearer statement of "what" areas of risk cMHAFF aims to mitigate.

David will also modify one of the Exemplary Use Cases (probably #3, the most complex), to more explicitly illustrate the risk domains within the use case, so that it will be clear how cMHAFF can help the developer fulfill the use case while addressing the risks.

cMHAFF's intent is not to rewrite or paraphrase existing standards and best practices, but rather to "cover the ground" and inform vendors of what they should be aware of.