This wiki has undergone a migration to Confluence found Here
March 7, 2017 Security Conference Call
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes February 14, 2017 and Security WG Call Minutes February 28, 2017
- (5 min) Review any Security WG comments on ONC-sponsored: Patient Generated Health Data (PGHD) whitepaperPGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th.
- (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review
- If possible, would like Ioana to walk the WG through her comments #55 – 75, which seem to be addressed by the TF4FA Behavioral Model. The proposed dispositions on these are marked “persuasive”.
- Review John Moehrke's comments 76 - 119 with his assistance.
- (5 min) Project Scope Statement - Medical Devices Security - follow up of outreach to Medical Device WG - Mike Davis
- (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- (5 min) Security Labeling Service Revision Update - Diana
- 5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.
Minutes
- Chaired by Kathleen
- Agenda approved
- Approved: Security WG Call Minutes February 14, 2017 and Security WG Call Minutes February 28, 2017
- Review any Security WG comments on ONC-sponsored: Patient Generated Health Data (PGHD) whitepaperPGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th.
- (Kathleen) How patient generated health data can accelerate the access to health data for research studies using similar privacy and security approaches:
- Smart on FHIR approach can be used for patient consent on devices
- FHIR API can pull patient record and send to research projects
- Patient can authorize through a patient right of access for release of data for research
- Question: (Beth) What the profile would look like?
- Answer: Each Study would have a consent such as a HIPPA authorization used through a Gui
- Further discussion:
- Patient generated data is under HIPPA
- Consent codes for purpose of use are used from projects funded by NIH as a standard
- Comment (John): Data quality may become an issue, IRB may need to be used
- A standard for Patient Right of Access is needed
- Comment (Beth): There is a section that has a description section under challenges: "Research Enabling Actions" :
- Strength in Patient consent in Data Use
- Next Step: Kathleen will write out new type of consent directive for Patient Right of Access and send to Diana
- David suggested to reach out to projects working on IRB common rules
- Next Step: David will provide a comment to Diana on IRB to include in the White Paper
- (Kathleen) How patient generated health data can accelerate the access to health data for research studies using similar privacy and security approaches:
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review
- Walk through Ioana's comments #55 – 75 ( addressed by the TF4FA Behavioral Model)
- proposed dispositions on these are marked “persuasive”
- Ioanas Comment
- #56:
- HL7 Data segmentation for security labeling profile as normative, Iona wants to add in the discussion on international standards.
- (Persuasive)
- #57
- Comment: Policy Model should include Policy resolution services.
- (Persuasive with Mod)
- 58#:
- Comment: Workflow initiated in Run time, should focus on negotiation between two domains.
- Kathleen added additional comment: Relationship should be clear on relationship with SLS
- (Persuasive with Mod)
- #59:
- Comment: Are the Domains referenced in Document NHiN specification?
- Kathleen response; No they are not
- Next step: David will notify Ioanna will to review and get back to comment
- Comment: Workflow initiated in Run time, should focus on negotiation between two domains.
- #60:
- Comment: Trace Model either simplify the client application relies on local STS model for a negotiation resolution from one domain to request information from a second domain
- Kathleen response:
- (Persuasive) should show actual negotiation
- #61:
- In addition this model will extent the support interpop patient patient care mediates and entities outside of healthcare to negotiate healthcare policies.
- David in concurrence
- (Persuasive)
- #62:
- Inset new Trust Model Relationships to show Interoprability
- HIMMS definition is used - Mike Davis
- David in concurrence
- Persuasive
- #63:
- Trust framework is establishes meets all legal requirements, assumptions should include Health information among members that should be verified
- Mike Davis and David concurs
- Persuasive
- 64:
- Comment: Section B should be moved to appendix in alignment with international standards
- Mike Davis concurs
- Persuasive
- 65:
- Misplaced Diagram move to section one, figure one
- Persuasive
- # 66:
- Comment: Trust Services Model should state services required for Trusted Framework establishment vs. Trusted Framework resolution should be update figuer #1
- David clarified the two concepts highlighted in Ioanna's comment: (a) Harmonizing Specific policy across two domains, (b) Other Trust services that don't negotiate but assert value set
- There should be made clear on the two types of services.
- Mike Davis concurs with David
- Persuasive
- #67:
- Comment: Figure two should be replaced with a more detailed Diagram with more detail (UML)
- Mike Davis comment: " Volume I was intended to be conceptual, volume II will incorporate UML diagrams
- Non-Persuasive with Mod to include Mike Davis comment on Volume II
- 68:
- Comment: Trust Service should Clarify the Role in the Trust Mark for section 2.4
- Mike Davis: The 2.4 Diaghram describes the roles
- Next Step: David and Mike Davis can provide the wording for roles
- 66-68 have Resolutions
- Domains are specified is 22600 specifications and were not intended to be mapped to affinity domains ( Mike Davis)
- IAG is not being used as the standard, the core reference is 22600 specification
- Motion approved from 56-68 ( Mike Davis, Dianna )
- Review John Moehrke's comments 76 - 119 with his assistance.
- Continuation of comments were reviewed from comment 66
- Comment approved for Security Labeling is added and aligned with International Standards
- Comment reviewed: Trust Services Federation Model should include policy resolution services
- Project Scope Statement - Medical Devices Security - follow up of outreach to Medical Device WG - Mike Davis
- Medical Devise Working Group never balloted on PSS (Project Scope Statement )
- We should approach the Medical Devise working group to resubmit the PSS
- Next Step: Kathleen will draft an invitation to Medical Devise Work group
- gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- NTR
- Security Labeling Service Revision Update - Diana
- NTR
- Will meet with Kathleen and Mike Davis offline to review
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.