This wiki has undergone a migration to Confluence found Here
November 7, 2017 Security Conference Call
Jump to navigation
Jump to search
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn] Security Co-chair | . | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Mohammed Jafari | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of October 24, 2017 minutes and October 31, 2017 minutes.
- (15 min) 2017Nov HARM INTIALPROPOSAL SECURITY Sensitivity Codes.doc passed initial Harmonization approval. Need WG approval for final submission. - Kathleen
- (15 min) HL7 Security and Privacy Domain Model - Mike Davis
- (10 min) Consumer Centered Data Exchange (CCDE) Track for Jan Connectathon- Should Security and CBCP WGs collaborate on the development of CCDE scenarios? - John and Kathleen
- (5 min) PSAF PSS Report out from PSAF call discussion on need to re-review HL7 Privacy and Security Framework PSS 3 v2 approved Oct. 31 PSAF call based on initial draft revisions to HL7 Privacy and Security Framework PSS 3. Discussed during the earlier PSAF call. If the deliverables are only a subset, then have to rewrite entire first part, which describes a much larger project. Then rather than simple deliverable dates changes, we will need to have the entire PSS go through the FTSD and TSC approval process. Also, this change means we have much less flexibility about topics we can work on under the previous PSS. - Mike and Kathleen
- (3 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
- (2 min) FHIR Security Call later? - John Moehrke
Minutes
- Chris Shawn chaired. Agenda approved.
- Meeting Minutes for 10/24/2017 Motion(Kathleen/Suzanne) objections: none; abstentions: none; approved: 8
- Note:
- PMRM
- ISTP links added to 10/24 minutes
- PMRM
- Meeting Minutes for 10/31/2017 Motion(Kathleen/Suzanne) objections: none; abstentions: none; approved: 8
- Note:
ACTION ITEM: Do we want to follow up on a survey?
- Accounting of disclosures - see note from John Moehrke
Harmonization Proposal Security
- proposal accepted by the harmonization people
- no issues with technical descriptions
- new sensitivity codes (2); over time it became clear that v2 that carried over to v3, psych/ETOH are antiquated and narrow; Kathleen wrote out the broad concepts as part of concerns access control
- VIO (violence information sensitivity)
- MST (military sexual trauma information sensitivity)
- proposal calls out trauma (non-person), and trauma called out for non-related person as well as military trauma (not specific to the US)
- as described, decreases confusion in the current codes
Meeting Material
See PSAF Wiki for history, links, and references
See "Is Privacy Obsolete" for new material
ISTPA
International Security, Trust and Privacy Alliance
- ISTPA Privacy Tools & Technology FAQ January 20, 2003
- ISTPA Privacy Framework FAQ
- Managing Information Privacy Developing a Context for Security and Privacy Standards Convergence(ISTPA Privacy Framework ISO 20886)Robbins & Sabo
- Analysis of Privacy Principles: Making Privacy Operational v.2 2007
- ISTPA Privacy Framework v.1.1 2002
- [https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/ISTPA/Managing%20Privacy%20and%20Information-Sabo.pdf
