This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 19, 2010 Security Conference Call

From HL7Wiki
Revision as of 16:52, 26 October 2010 by Suzannegw (talk | contribs) (→‎Agenda)
Jump to navigation Jump to search

Security Working Group Meeting

Back to Security Main Page

Attendees


Back to Security Main Page

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Review of September 28 – Action Items
  3. (50 min) Generalized Attributes for Cross-Domain Communication Ed Coyne, Mike Davis
  • begin CBCC meeting hour
  1. (40 min) Security and Privacy Ontology Review Criteria - Tony Weida
  2. (10 min) HL7 Security and Privacy Ontology Architecture v0.1 Jon Farmer


Roll Call, Call for additional agenda items & Accept Agenda Meeting Minutes reviewed. Motion made to approve meeting minutes, motion seconded. Hearing no objections, meeting minutes were approved.

No additional agenda items added. Proposed Agenda accepted.

Review of September 28 – Action Items

Action Item 1 Richard will contact international members asking them if they can provide a brief report out during Monday Q3/Q4 joint Security and CBCC session related to their country's efforts to ensure consumers will trust that health care providers and the various entities with which providers share protected health information will protect consumer's privacy preferences

1. Richard – brief conversation occurred at the HL7 meeting in Cambridge. Richard hopes to have something circulated in a week (paper also distributed at WG meeting)’’ Question: (Mike) Is this an ongoing effort? Answer: This is basically, a white paper to suggest different kinds of ways how (CBCC) attempts to conceptualize; how we might measure (i.e. each US state or any other place) the quality of the performance of data being shared. How we effectively share and do not share our data—how we share as in ‘’community based collaborative care. Result: Richard and CBCC will continue work on this area as a CBCC action item. As Security working group is unsure of the crossover (of Security) on this project. From the Cambridge Working Group Meeting, Bernd spoke on integration on systems (more on an academic level) and how this information should be shared. The information briefed was not the usual how to protect/security information that we have shared here in the past. It’s a theory of security-privacy (or the theory of everything). Portions of Bernd’s briefing Richard feels are relevant, as the integration on systems is more inclusive beyond healthcare which is where he (Richard) is trying to feed in to. (Not limiting the data sharing to just healthcare) There are other domains where security and privacy also are involved in and we shouldn’t avoid them.

Action Item 2 Mike will reach out to the SOA Health Care Services Ontology project to see if they can attend the Security and Privacy Ontology report out portion of the joint session.

Action Item has not been done. Members of the Security Working Group are attending/contributing to their Monday call. (Suzanne attended their Monday call this week.) Security will work with them and continue to share calls for the purpose of not wanting to get cross-threaded with SOA on basic things. Note: Steve Connolly has also been attending their meetings.

Generalized Attributes for Cross-Domain Communication (Ed Coyne, Mike Davis) Steve Connolly had started a mapping of DAM Attributes to Standards Using Steve’s spreadsheet as an example, I (Mike) would like to propose as an activity to the Information Model and Domain Analysis Model project:

  • To continue the work that Steve had started in this WG to map US-realm standard to the IM
    • Create a US realm profile of the IM – ANSI, OASIS, HL7 standards – carry those as a US profile
    • Create more of an international profile where we focus more on ISO standards where we map into the IM in order to provide standardized vocabulary

The purpose of this activity is to verify the attributes in the Information Model-- that we’ve completed is backed up by a standard. We provide US and International realms (general purpose) to create mapping/vocabulary.

  • Identify gaps during this activity and where we can, close those gaps.

This is a continuation of activities CBCC and Security have already been engaged in. View this as more maintenance of the information model and the result will be useful to the ontology work—mapped standards and values set. When we start getting into other classes, (we are working on RBAC now), we are using primarily HL7 work. We then apply ASTM standards work which is purely representational because ASTM is only a US-realm standards organization. This proposal would continue to prepare our ontology work by bringing the focus in. As a group we need to look at other standards in this activity, we need to look at the Information Model classes and use our subject-matter expertise to say this standard probably belongs here.

Within the US-realm we can take this model (which has already been provided to HHS, FHIMS group. Note: They do not have a US-realm vocabulary, so this vocabulary work will be within HL7). If we create these 2 profiles (US- and International-) we may want to make them official vocabulary profiles for (output) and possibly go through the ballot process. Question: ‘’How are domain specific vocabularies done? In HL7 are vocabularies just indicated or are they balloted?’’ (We do not know that answer) (Richard) In doing this activity, we may be going outside of healthcare realm. (Mike) yes, so if vocabulary is outside healthcare domain we would have to identify that. (Richard) In order to facilitate exchange across the silos it’s useful to have these standards harmonized (Mike) As we go through the activity, that may be a consequence which might happen. The activity would map the current work to the standards as two different things realms: US and International. We may find that there are gaps or not, or more than one standard that could be used—if there is more than one standards, then that’s where we need to harmonize.

(Serafina) Who has the latest version of Steve’s work; (Suzanne) it’s posted in GForge: under ‘’Ontology Layering Architecture and Review Grid’’ dated 5/7/2010. It’s in the form of a spreadsheet. We should probably rearrange the spreadsheet so that the elements of the Information Model and the standard are next to each other.

(Serafina) Are you expecting an annotation to the model, i.e. being added to the Domain Anaylsis Model? (Mike) No, we are not updating the DAM with this (maybe). I’m proposing we create 2 new artifacts, which may be vocabulary updates, new things we ballot—more like ‘’profiles of the information model, ‘’ the output is two profiles. 1. US and 2. International model For the ontology general effort—similar to using the ISO profile –it should be more general (as in ISO) and not so specific. Do you see that differently?

(Serafina) No, that sounds logical. (Mike) I’m bringing this to Working Group as a suggestion, not as a proposal. We need to pick up the work to see it and continue to talk about this as ongoing discussion as we progress forward. I’d propose we take a look at the Information Model and think about this spreadsheet. It requires knowledge of the standards-- a number of standards. The ‘’I think this standard is relevant’’ portion, I’d like to have input from the members. Send input to Suzanne, Mike or Richard—contact information is on the list---maybe we should look at this stand, what we are looking for now knowledge of a us realm or other standard that will apply to the information model and if you are aware, it would save us time using this group as acknowledge base…take this on as a group activity.

Action Items

Back to Security Main Page