This wiki has undergone a migration to Confluence found Here
November 13, 2012 Security Working Group Conference Call
Contents
Security Working Group Meeting
Meeting Information Back to Security Main Page
Attendees
- Kathleen Connor
- Mike Davis Security Cochair
- Reed D. Gelzer
- Adrienne James
- John Moehrke Security Cochair
- Ken Salyards
- Richard Thoreson CBCC Cochair
- Tony Weida
- Kate Wetherby
Agenda
- (05 min) Roll Call, Approve November 6, 2012 Security Working Group Conference Call November 6, 2012 Security Working Group Conference Call Minutes & Accept Agenda
- (10 min) S&P Ontology Ballot Update – Mike Davis and John Carter
- (15 min) HCS Ballot Update - Mike Davis
- (10 min) November SWG Harmonization Report – Kathleen Connor
- (15 min) Consent Directive CDA Update for DS4P and Security Label Template – Group
- (05 min) Other Business, Agenda for Next call, Action Items, and Wrap Up
Minutes
- RE: Approval of Minutes and Agenda – Presiding Cochair, Mike Davis, asked for approval of the minutes and agenda. XXX moved; YYY seconded. Minutes and agenda approved (0-0-7)
- RE: S&P Ontology Ballot Update - Tony Weida is back and will be working with the group on the Ontology release. The notice of intent to ballot was submitted for January. We found that there was an un-reconciled set of comments from May that have to be resolved by this Sunday. Those comments must be resolved. The recommendation is that since there is an active ballot with HCS and other work going to ballot in January, we can withdraw the ontology from the current cycle and submit it for May. John Carter is okay with this decision.
- Note from Don Lloyd to SWG Cochairs: May 2011 ballot –Recon SS was posted; however, negative voters were not notified. Also, while the May 2012 ballot was a Comment Only ballot, it would be appreciated if the WG would post a spreadsheet and notify voters.
- Motion to Remove Ontology from the January Ballot
- Mike Davis moved to remove ontology from the January ballot and resubmit it for the May ballot. That motion was second by Richard Thoreson. The motion passed. The NIB will be withdrawn by Kathleen. There will not be a discussion on ontology every week. The group will reconcile the comments and meet every other week and see how that goes. Meetings will happen every week or as needed.
- RE: HCS Ballot Update - The NIB has been submitted. The content must be submitted by Sunday. The intent is to submit a more reduced content than what was submitted before. The Table 1 listed on page 5 with the different categories of the different labels. The table also has some proposed vocabulary but we will be removed those so that the normative is just the labels themselves. We will do the conformance specification in terms of the vocabulary. We will have an example that uses the HL7 vocabulary as a non-normative but as an example of the classification system. We have some material on integrity that is more descriptive. We will move the vocabulary out as a normative but more as a conformance statement. We will have the word document to review for the next meeting. Hopefully the next version will be more open to receiving comments.
- RE: November SWG Harmonization Report- There are links listed on the Security Wiki page to the vocabulary that were approved. The celebrity code was changed to VIP. The code that was missed last time has been updated. We worked through the observation categories and it was approved. The proposal is here and Kathleen had to restructure it so that that the rational was separate. There is a pretty uniform approach throughout the document. There is a tag set (i.e. code system) where you chose the value that you will put in the field to populate your label. Kathleen will pull out the pieces that are salient for business users versus the pieces that you see when looking at a proposal to provide a copy for the HCS.
- RE: Consent Directive CDA Update for DS4P and Security Label Template From proposed Nov. 13 CBCC Call Agenda: Proposed changes to CDAr2 Implementation Guide for Consent Directives based on lessons-learned from ONC S&I Framework DS4P Initiative (Data Segmentation for Privacy) and new Health Care Classification Scheme project related to Security Labeling
- Ensure that specific information (e.g., a specific substance abuse encounter to diagnosis and treat HIV related to substance abuse) can be specified as a “redacted” or “masked” segment of health information
- Enable metadata tagging of general and specific PHI “sequestered” by a CDA Consent Directive with security label fields (using HL7 SecurityObservationVocabulary to indicate confidentiality, sensitivity, handling caveats, and integrity) so that custodians and receivers can enforce access control based on the security label
- CDA Discussion: - We plan to start working on this operationally as part of the HIMSS presentation for data security and privacy in March. We will demonstrate the HIMSS observation code for labeling the CDA. The proposal is to add the descriptions to the implementation guide. This is the best option because there are available resources to this work. There is a problem with resources and creating new contracts if we go the route of creating a new project. The group agreed that the best method would be to add the descriptions to the implementation guide. Mike asked that the CBCC take the lead on this work.
- RE: Other Business, Agenda for Next call, Action Items, and Wrap Up
Meeting adjourned at 2:00 PM Eastern
Action Items
- RE:The CBCC Group to manage the CDA Consent Directive effort
- RE:The CoChairs to followup with Don Loyd concerning the May 2011 ballot - May 2011 ballot –Recon SS was posted; however, negative voters were not notified. Also, while the May 2012 ballot was a Comment Only ballot, it would be appreciated if the WG would post a spreadsheet and notify voters.
- RE: Kathleen to remove the Ontology NIB from the January ballot.