June 13, 2017 Security Conference Call

Attendees

x	Member Name	x	Member Name	x	Member Name	x	Member Name
.	John MoehrkeSecurity Co-chair	x	Kathleen ConnorSecurity Co-chair	.	Alexander Mense Security Co-chair	.	Trish WilliamsSecurity Co-chair
x	Mike Davis	x	Suzanne Gonzales-Webb	x	David Staggs	x	Mohammed Jafari
x	Glen Marshall, SRS	x	Beth Pumo	.	Ioana Singureanu	.	Rob Horn
x	Diana Proud-Madruga	.	Serafina Versaggi	x	Joe Lamy	.	Galen Mulrooney
.	Duane DeCouteau	.	Chris Clark	.	Johnathan Coleman	.	Aaron Seib
.	Ken Salyards	.	Christopher D Brown TX	.	Gary Dickinson	x	Dave Silver
x	Rick Grow	.	William Kinsley	.	Paul Knapp	x	Mayada Abdulmannan
.	Kamalini Vaidya	.	Bill Kleinebecker	x	Christopher Shawn	.	Grahame Grieve
.	Oliver Lawless	.	Ken Rubin	.	David Tao	.	Nathan Botts

- Chaired by John

- Approved of Madrid Minutes Chair

- HIMSS 2017 Next Steps - Mike Davis, Duane D.

Last week we looked at the Cascading Oath and Patient consent Oath and UMA
Duane went over Demo examples on clinical forms that the rule engines make decisions on
- Some decisions may require health data to be redacted such as in cases of research
- Drug Drug interactions would not be affected in redaction
- During clinical trials the patient data is identified within the research organization, but can also be redacted
Three organization participating :
- 1) Vet Health Admin (custodian/primary provider)
- 2) Vet for Research project (Genetic Research) This week we are reviewing the research use case of the demonstration
- 3) MyHin
- VHA also has a clinical decision support group, unique as it can see all data
- includes drug interactions
We do not do any access control based on rights
We are doing read access for the clinical flow
New Patient consent was reviewed for the purpose of use of research and diagnostic report
the data navigates to FHIR payload
Veterans for Research: When viewing the same patient for example will have the patients drug abuse would be redacted and a new authorization would be established
- Informed consent for treatment

- TF4FA Ballot Reconciliation update Review DOD Comments - Kathleen

Kathleen: Review Mark Kramer discussion on negations to be reviewed
Recommends we need more discussion on what happens in negotiation
Domains may need to bridge their policies
The consumers idea on trust need to be considered
The services on negotiation are fundamental to trust framework
comment 1 (John): We need to be clear on defining the negotiations between Domain communication
- the abstract and script should further explain that negotiation can iterate multiple times to result in a negotiation
Q (1) John (Kathleen): Would it be in band or out band? How would it happen in a interoperabile way?
A (1) to Kathleen Question (Mike): Not in conceptual Model
Comment 2 (Mike Davis): The Negotiations are established agreements between the domains
- Mark may have an issue with how quickly the negotiation occurs
- However, defined parameters are defined, and Domains are identified
Comment 3 (Kathleen): Under the title Trust Service, the Trust Framework provide technical and operational rules, and each services provided are through exchange of token.

FHIR Security Call - Please review front matter - John Moehrke
- * A/I: Mike Davis will send the document to John with the links for the presentation to John to post to the FHIR Security Page to include in build