June 18, 2013 DS4P Analysis
Contents
Security Working DS4P Project Meeting
Attendees
- Kathleen Connor
- Mike Davis Security Co-chair
- [mailto: ddecouteau@edmondsci.com Duane DeCouteau
- Brian Handspicker, NY ITS
- Michael McCormick
- John Moehrke Security Cochair
- Harry Rhodes
- Ioana Singureanu
- Richard Thoreson (SAMHSA) CBCC Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Tony Weida
- Kathryn Wetherby (SAMHSA)
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (10 min) Update on Model Driven Healthcare Tools –Ioana Singureanu
- (40 min) ONC DS4P IG Walk-through” – Mike Davis
- (05 min) Other Business
Meeting Minutes
Roll Call, Approve Minutes & Accept Agenda
Motion | Moved | Second | Affirm | Abstain | Opposed | |
Approval of June 11 minutes|| Name of Mover |
Name of Seconder |
? |
0 |
0 |
- Ioana updated the project team on progress with CDA IG publication and training on MDHT for DS4P
- Mike Davis led a walk-through of the ONC DS4P IG
- John Moehrke made the following observations:
Also discussed was the question of what exactly do we need to document vs just pointing the reader toward the IG for background. I do think that we need to cover the use-case in an abstract way that illuminates the specific needs that fall out of the DS4P constraints. These use-cases don’t need to be as specifically USA based, we can speak to the specific needs without bringing in the specific regulations. These specific needs are universal, so we shouldn’t unnecessarily constrain ourselves to USA regulations. The IG can stand in that place. For the constraints we need to be specific about: a) What standards are we importing by reference (e.g. the XDM, or XDR, or CDA, etc.)
- What vocabulary is required? Is it extensible?
b) What are the encoding rules, meaning what does a sender need to take care when encoding what they are sending? c) What are the expected actions/behaviors of the receiver? Tied to vocabulary, content, policy, enforcement, etc.? d) What are the exception pathways? [Note b, c, and d repeat as necessary.] e) Any residual risks we haven’t fully covered – ala Security/Privacy Considerations – i.e., our Cookbook
- Often this is where audit requirements are, environment requirements are spelled out, policy environment requirements, procedural requirements, user interface requirements, etc.
(Note that the above is the basic layout of the IHE Volume 2 materials. Clearly we need to own our own format, and meet our own needs. I just wanted to give credit for the experience) Other Business Plan to continue discussion of SPO conformance criteria on June 11 call. Adjourned