Security Work Group Weekly Conference Call

Meeting Information

Attendees

• Tabitha Albertson
• Bernd Blobel Security Co-chair, absent
• Tom Bonina
• Steven Connolly
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Don Jorgenson
• Glen Marshall
• John Moehrke Security Co-chair
• Milan Petkovic
• Pat Pyette
• Ioana Singureanu
• Richard Thoreson CBCC Co-chair
• Serafina Versaggi scribe
• Craig Winter

Agenda

1. (05 min) Roll Call, Approve Minutes Feb 9, 2010 & Call for Additional Agenda Items
2. (20 min) Review WG response to Meaningful Use IFR - endorse comments and submit to HL7 leadership
3. (10 min) DRAFT Harmonized Security and Composite Privacy Domain Analysis Model - Draft will be circulated for Peer Review by COB today
4. (25 min) Privacy Policy Templates Scope Statement (CBCC Agenda item)
5. (15 min) Ioana - present a sample CDA R2 Consent Directive Document (CBCC Agenda item moved to next week's agenda)
6. (05 min) Call for next week's agenda items

Minutes

1. Action Items

• Team: Homework for next week's Security and CBCC WG meeting - Complete peer review of the DRAFT Harmonized Security & Composite Privacy Domain Analysis Model. Please bring comments/questions to next week's meeting
• Mike: send the Security/CBCC WG endorsed comments in response to MU IFR to the HL7 Policy Committee

2. Resolutions

• Motion for the Security/CBCC Work Groups to endorse the HL7-relevant comments submitted by Glen Marshall and John Moehrke related to Security and Privacy in response to Meaningful Use IFR passed 11/1/0 (1 abstain)
• Mike will forward the comments to HL7 Policy Committee

3. Announcements - None

4. Discussion

Security/CBCC WG Response to Meaningful Use IFR

• Glen Marshall and John Moehrke submitted their response to the IFR to the Security and CBCC lists. Their response included comments that were Security/Privacy specific, but also included comments that were not HL7-specific and already submitted on behalf of other SDOs in which they are involved.
• Given no additional comments were forthcoming from Security and CBCC WGs, it was decided that Glen and John’s comments would be submitted to the HL7 Policy Committee.
• Pat Pyette made a motion to endorse the comments/response to the MU IFR submitted Glen Marshall and John Moehrke to the Security/CBCC lists for inclusion with the general comments submitted by HL7 to the ONC.
• Mike made a friendly amendment that only those comments relevant to HL7 be endorsed by the Work Groups.

The motion was seconded by Glen Marshall Vote: 11/1/0 (approve/abstain/oppose)

Ontology Project

• Scope statement was reviewed by the Foundation & Technology Steering Division last week. Mike was unable to attend that meeting and the committee had questions about the scope statement. They will review the scope statement next week and Mike and Steve will be there to address their questions
  • The main question about the project posed by the F&T Steering Division is whether this is a modeling or vocabulary project since typically HL7 projects are one or the other and this project appears to cross boundaries. The SOA WG also confronted this question when presenting the SOA Ontology project to the FTSD.
  • They also felt it was unclear as to what is being defined by this ontology and need assurance that the Vocabulary work group principals and methods for defining code systems will be followed.
• Steve volunteered to update the scope statement based on questions and will attend next week’s meeting with Mike
• The scope statement has been reviewed with Russ Hamm and others in the Vocabulary WG and they are supportive of this effort
• This project will be an on-going effort, and is not intended to go to ballot within the next few ballot cycles. The plan is to work on this steadily and the initial task will be to explore ontology tools in collaboration with the SOA WG as they pursue their Ontology project
• Glen questioned whether having two government implementers for this effort might be off-putting to organizations outside of the government or the US. Mike indicated that any and all parties are welcome to join the project as implementers
  • This is not an issue that the SOA Ontology project faces, since it is not being balloted as DSTU and therefore does not require at least two implementers
• Glen also raised a concern that a strictly health care specific and/or HL7 perspective could be problematic, as DICOM has some concepts that are not included in the RIM
  • Security Privacy services must acquire context values from systems that are not RIM-aware
  • Security/Privacy services must acquire context values that are not health care specific but should share the same security privacy infrastructure.
  • European privacy laws are not health care specific – they are simply privacy laws. We have to be open to different models, both social and legal
  • We also have to consider data that is structured or unstructured that are not in conformance with the RIM – PHR products. To presume this is RIM-map-able is not borne out in the real world
• Approach:
  • The VA is providing two additional part-time resources on the Security/Privacy Ontology project who will be assisting in this effort
    • Michelle Johnson – Security Software applications
    • Clinical Informatics intern –exploring some tools and will report back
  • Tooling:
    • Protégé and other tools will be investigated to determine how they integrate with HL7 tools. See Ontology Tools
      • TopGrade isnot open source, but may have some advantages over Protége
• Bernd mentioned that ISO TC215 has been working on a similar ontology effort for some time. There may be artifacts that may be developed in ISO that we can help us.
• We will determine how we can work with Bernd as we move forward on this project. Bernd offered his help during the Phoenix WG meeting. Mike will determine how to schedule a convenient time to include him in some of our meetings.
• As we are feeling our way through the project, the group agreed that it is important to document the process that will be used to conduct this project. This is important for the SOA Ontology project as well, and the Security WG will work with SOA to develop a valid process over the course of the projects.

Meeting was adjourned at 1:54 PM EST.