November 21, 2017 Security Conference Call
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| . | Mohammed Jafari | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | x | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of November 14, 2017 minutes
- (5 min) PSAF cancelled so no report out. Is Privacy Obsolete Study Group report - Mike has made substantial progress in his analysis of international Privacy Policies. - Chris
- (10 min) SECURITY Sensitivity Codes Ready for final review and approval for submission by deadline. Possible additional clarification for MH. - Kathleen
- (30 min) Need to Update HL7 V2 Privacy and Security section in HL7 v2. Should Security and CBCP collaborate on an update? Dallas Haselhorst,CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, author of the v2 Security risks will present on his articles (links at the wiki page) - Kathleen and Dallas
- (5 min) FHIR Security Report out - Call later? - John Moehrke
- (2 min) HL7 Response Letter ONC ISA 2018 Comments Submitted to ONC] - See Meeting Materials for highlights.
Minutes
- Chris Shawn chaired.
- Agenda informally approved.
- Minutes from November 14th were reviewed. XX moved to approve, XX seconded. Minutes approved
Meeting Material
HL7 submits comments on ONC 2018 Interoperability Standards Advisory highlighting VA sponsored privacy and security standards: The Security and Community Based Care and Privacy Work Groups appreciate that HL7 Executive Board highlighted the Work Groups comments: "Considering the increased focus on security and privacy as health data is shared across providers, we have included various comments on the inclusion of security labels in Section I Vocabulary, and across a variety of interoperability needs in Section II. This includes: o The SAMHA stewarded NIH VSAC sensitive clinical code value sets, which enable the computable assignment of security labels; o The HL7 vocabulary referenced by the HL7 Privacy and Security Healthcare Classification System (HCS), which are used for security labeling across HL7 Product Families. This vocabulary is used or required by HL7 Version 2 CON and ARV segments, CDA Consent Directive, Data Segmentation for Privacy, and Data Provenance Implementation Guides; and the FHIR AuditEvent, Provenance, and Consent and Contract (typed as a privacy consent directive) Resources to convey computable privacy, consent, security, provenance, and trust policies."
