This wiki has undergone a migration to Confluence found Here
December 5, 2017 Security Conference Call
Contents
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
x | Mohammed Jafari | . | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | x | Greg Linden | |||
. | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
. | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of November 21, 2017 minutes, Note Nov 28th call was cancelled.
- (10 min) Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. - Draft storyboard and flows - Kathleen and Mohammad
- (10 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris
- (10 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
- (10 min) FHIR Security update Call later? - John Moehrke
- (2 min) Next week - Using Biometrics for Patient Matching - Healthcare Privacy and Security Consierations. Discussion with Privacy Attorney Expert, Devon Connor-Green.
- (2 min) Check out the ONC 2017 Annual Conference videos at links in Meeting Materials below.
Minutes
- Chris Shawn chaired.
- Agenda informally approved.
- Minutes from November 21st were reviewed. Kathleen moved; Mike seconded. John and Mohammad abstained because they did not attend. Approved 8-2-0.
- Kathleen and Mohammad presented on the draft Consumer Centered Data Exchange (CCDE) Connectathon scenario. Kathleen explained that this scenario is building on previous Connectathons, HIMSS demonstrations, and ONC pilots. Mohammad presented a sequence diagram for the scenario. Jan 2018 FHIR Connectathon CCDE Sequence Diagram and Walk-through
Mike asked Mohammad how the scenario Cascading Authorization sequence diagram differed from previous demonstations. Mohammad explained that while the HIMSS 2017 discussed Right of Access [RoA], it did not include the capture of a RoA consent directive. Mohammad stated that there are differences in how app identities are verified than how a generic, enterprise client is identified, e.g., App claims are certified by an App store. There is also a need for the App to discover the Resource Servers that hold Alice's information, but this is a precondition and not part of the sequence flow. John suggested looking at the IHE Mobile Care Service Discovery (mCSD), which addresses this use case.