June 23, 2015 Security WG Conference Call

Attendees

Back to Security Main Page

Agenda DRAFT

1. Roll Call,
2. Agenda Approval
3. Approve June 16, Meeting Minutes,
4. PASS Access Control Conceptual Model (SOA) - Diana, Don Jorgenson
5. FHIR Provenance Items
6. Vocabulary Alignment Project - Diana/Reed
7. FHIR Contract, Consent Directive Discussion
8. October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items

Meeting Minutes

Approval of June 16, 2015 Meeting Minutes

• The minutes for the June 16 meeting were unanimously approved.

PASS Access Control Conceptual Model (SOA) - Diana

• On this week's HL7 CBCC WG teleconference, members passed a motion to approve the CBCC WG as a cosponsor of this project and added Ken Salyards as a domain expert representative.
• Security WG members established that the level of involvement for CBCC would be to provide weekly project updates on the CBCC WG teleconference.
• Diana will email the SOA, Security and CBCC members the draft PSS and mention that the project team will discuss the PSS on Friday at 2 p.m. Pacific.

Vocabulary Alignment - Diana

• Continued to work on the "Wrong Patient" use case that explores the differences in how security deals with/identifies "ephemeral" data versus what an EHR system considers "ephemeral data."

FHIR Provenance discussion

• Must define the vocabulary for the EHR-S Record Lifecycle Events they want to deal with.
• John recommended finding a time at which all the stakeholders can meet on the mapping of W3C Provenance events to EHR-S Record Lifecycle Events and Security events.
  • Kathleen to engage with Gary Dickinson and Reed Gelzer on how they want to handle the outreach.
• John: The modeling and mapping confusion needs to be fixed before we start working on the specific items listed below.

FHIR Provenance Items:

• 7749 2015May core #1070 - delete "isNormal" flag (Kathleen Connor) Considered for Future Use
• 5395 Jan 2015 Ballot Comment #284 (Kathleen Connor) None
• 5396 Jan 2015 Ballot Comment #285 (Kathleen Connor) None
• 6048 Signature should allow device resources (Keith Boone) None
• 6256 define entity and how is different from agent (Eric Haas) None
• 6281 Use AuditEvent/Provenance for Authenticity/Accountability Metadata (Gary Dickinson) None
• 6282 Use AuditEvent and Provenance resources for Authenticity and Accountability metadata (Gary Dickinson) None
• 6354 Provenance mapping to W3C specification (Larry Babb) None
• 7460 2015May core #748 - Allow non-resources to be focus of Provenance (George Cole) None
• 7563 2015May core #854 - Expand on how to use Provenance (Kathleen Connor) None
• 7567 2015May core #858 - Provenance isn't sufficiently aligned with w3c spec (Kathleen Connor) None
• 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
• 7569 2015May core #860 - Clarify relationship agents and entities used in activity (Kathleen Connor) None
• 7570 2015May core #861 - Clarify relationship agents and entities used in activity (Kathleen Connor) None
• 7597 2015May core #888 - This resource is missing any reference to the "action" performed on the entity. Is there a default "create" action or is it an omission? (Ioana Singureanu) None
• 7598 2015May core #889 - Can Provenance apply to a resource or just a data element (Ioana Singureanu) None
• 7750 2015May core #1071 - Rationalize the design of Provenance Resource and decouple from AuditEvent. (Kathleen Connor) None
• 8032 2015May core #1357 - Code inconsistent (Larry Babb) None
• 8039 2015May core #1364 - Update the provenance resource to support a digital signature that references the digital certificate resource (Robert Dieterle) None
• 8173 Composition.attester -- why is Provenance not used for this purpose? (John Moehrke) None
• 7089 2015May core #148 - "activity" should be "activites" (Brian Scheller) Persuasive
• 7090 2015May core #149 - "A" should be "An" (Brian Scheller) Persuasive
• 7459 2015May core #747 - Why are_text and _filter missing? (George Cole) Persuasive

Meeting adjourned at 1303 PDT