This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

April 3, 2018 Security Conference Call

From HL7Wiki
Revision as of 19:45, 3 April 2018 by Suzannegw (talk | contribs)
Jump to navigation Jump to search

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
. Diana Proud-Madruga x Francisco Jauregui x Joe Lamy . Greg Linden
. Paul Knapp . Grahame Grieve . Johnathan Coleman . Aaron Seib
. Ken Salyards . Jim Kretz . Gary Dickinson x Dave Silver
Beth Pumo . Bo Dagnall . Riki Merrick . Theresa Connor
. Mohammed Jafari . Ioana Singureanu . Rob Horn . [mailto: Matt Blackman, Sequoia]

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of March 27, 2018 minutes
  3. (5 min) TF4FA Normative Ballot submitted - Mike
  4. (15 min) FHIR Security Updates - John
  5. (15 min) Security Cologne May WGM Agenda

Meeting Minutes DRAFT

Roll Call, Agenda Approval Kathleen chair

Meeting Materials


Meeting Minutes (DRAFT) Roll Call, Agenda review, meeting minutes approval

Meeting Minutes for 3/27/2018 approved Motion to approve: (Suzanne/JohnM) objections: none; abstentions: none approval:

TF4FA Normative Ballot - Mike/Kathleen

  • ballot submitted - Mike/Kathleen
  • No comments
  • Need to confirm this is what intended for the v3 ballot package
    • Brief discussion of the document included
    • This goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package)
    • Note that CBCP co-chair are listed as co-sponsors
  • Kathleen will confirm for the WG that it is ready to go

PSAF weekly calls are cancelled at this time and may restart once ballot reconciliation begins

FHIR Security Updates

  • call just completed - new time is attracting more people
  • ZULIP chat has two new streams
    • security and privacy stream, additional stream so that only pertinent security and privacy information are conveyed
    • ** another stream (?)
  • Johnathan was able to join today’s call, reviewed the key consideration of the ONC white paper
    • recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2
    • discussion around input validation and vulnerability assessment and future improvement opportunities

Add information from FHIR Security Call

Connectathon - FHIR Connectathon track - hopefully, take GDPR as a set of requirements and take the S&P capabilities in and around FHIR--can we show a relationship between them

  • we have provenance resources, can it aid with clause 243 and 398, etc.
  • without going into too much detail, just showing relationships, showing how scenarios prove it... the more we get done the better
  • setting the bar low, trying to get a cross-reference with the S&P items we have
  • in that level we can see that we have a gaping hole that we need to add ... if such a thing exists
  • the other is a less formal, Grahame is interested in standing up a hyper ledger infrastructure (general purpose - block chain infrastructure) for block-chain
  • call out in ZULIP chat, in developing scenario around that type of infrastructure... three different proposes but no ‘’fish on the hook’’

‘’’Agenda for Cologne – Agenda Items’’’ patterns on FHIR

Kathleen received xx from Rene Spronk

  • he is working on a GDPR presentation on healthcare data interoperability - on vocab we might need,
  • longer than what we can use for the Q3/Q4 Monday joint,
  • Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint
    • Rene goes through security labels and main parts of GDPR which is required in an automated fashion
  • possible new codes for v3
    • have server which can deal with security labels
    • maybe able to mock up POU, certain kinds of actions, involving GDPR
    • use cases featuring GDPR, SL, etc (suggested)

Next week - Kathleen should have something to present regarding the Cologne agenda reminder: one of the thoughts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who would not normally find us...can find us

  • JohnM is trying to find what those times areas might be... (for cologne agenda)
  • l*block of time...would be great to have input from the FHIR WG... risk management and items like that
  • suggestions requested for topic areas...we can determine where our priorities line up.


Additional items? in materials, Kathleen adds salient information to meeting minutes -

  • look at changes to ... so that you have a navigating

privacy obsolete - added links, to breaches, breaches to be considered in court, surveillance techniques, etc. related to privacy issues the HIMSS presentation on GDPR is excellent if you want to have a sense on what US entities might be interested on... may have interest


meeting call adjorned at 1228 Arizona time --Suzannegw (talk) 15:26, 3 April 2018 (EDT)