This wiki has undergone a migration to Confluence found Here
November 4, 2014 Security WG Conference Call
Jump to navigation
Jump to search
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | . | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | x | Alexander Mense Security Co-chair | ||||
| . | Chris Clark | . | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | x | Duane DeCouteau | ||||
| . | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | x | Rick Grow | . | Ken Salyards | ||||
| . | Mohammed Jafari | . | Don Jorgenson | . | Galen Mulrooney | . | Amanda Nash | ||||
| . | [1] Steve Jones | x | Diana Proud-Madruga | . | Harry Rhodes | . | Aaron Seib | ||||
| . | Ioana Singureanu | . | [mailto: | . | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
| . | Paul Knapp | . | Steve Hufnagel | . | Gary Dickinson | . | Tim McKay |
Agenda DRAFT
- (05 min) Roll Call, October 28 Meeting Minutes
- (05 min) Security WG Time Change - Discussion and Vote
- (10 min) FHIM S&P Modeling Project Wiki and Call Logistics - Kathleen - Diana
- EHR Vocabulary Alignment
- (05 min) Other business, action items, and adjournment
Meeting Minutes
Approval of meeting minutes Meeting minutes for October 28 unanimously approved.
Security Time Change Discussion and Vote
Motion made to move Security WG call and update the meeting invite to 3 p.m. ET on Tuesdays. (Suzanne/Duane)
Objections: none, Abstentions: none, Motion Passes. Regular weekly Security meeting will be at 3 p.m. starting the next meeting on November 18 (Note: November 11th is Veterans Day, a holiday for the US) Per attendees, NO MEETING WILL BE HELD ON November 11
- Action Item: (Suzanne) Send out November 11 meeting cancellation
Motion: FHIM meeting will be moved to current Security time slot (2 p.m. PT / 5 p.m. ET) (Kathleen/Alex) Objections: none, Abstentions: none, Motion Passes
FHIM call for today (6-7 p.m. ET Tuesday, November 4, 2014 - Phone: +1 770-657-9270, Participant Code: 845692 Galen's GotoMeeting
Vocabulary Alignment - Diana
- Diana has been meeting with Reed Gelzer along with other individuals from the EHR Interoperability WG (including Pat Van Dyke) to determine the way to move forward with a spreadsheet. They are also in the process of finding a new meeting time that does not conflict with either the CBCC or Security WG meeting times. Once a new meeting time is set, Diana will send out invites to individuals in the Security WG in order to get their participation on the call/project.
- Diana posed a question that came up in today's EHR Interoperability WG meeting: As far as Security is concerned, it doesn’t matter if a record is being created brand new from a keyboard stroke versus a record being brought into an EHR source from another system. As far as Security is concerned, is it correct that either way of originating a record is looked at as equivalent?
- Mike said that when you’re importing a resource from another source, the provenance of that source is important and, typically, before you make it part of your legal record, that outside information wasn’t created by your organization. To make it part of your legal record, it requires some clinician to review it. These are legal things that vary from jurisdiction to jurisdiction. Some decision has got to be made about the trust that you would hold in that information.
- Mike added that, typically, patient information is marked as patient-provided information; it’s not considered to be the same as a lab report in terms of its trustworthiness. If you had an internal doctor creating a record, it would have that doctor’s name on it. If it’s imported from an external source (it may just be Kaiser), it may not have a doctor’s name on it. There are qualitative differences between a human user and a machine user. I wouldn’t consider them to be equivalent.
- Mike said that when you’re importing a resource from another source, the provenance of that source is important and, typically, before you make it part of your legal record, that outside information wasn’t created by your organization. To make it part of your legal record, it requires some clinician to review it. These are legal things that vary from jurisdiction to jurisdiction. Some decision has got to be made about the trust that you would hold in that information.
ONC demo on Privacy on FHIR - Mike
- It’s a demo of the capability of fusing the emerging FHIR standard and emerging FHIR consent directive and the recently balloted Security and Privacy standards in January for the HCS and the SLS PASS, along with some additional standards such as OpenID Connect and OAuth 2.0 and the Kantara UMA standard to demonstrate this notion of Privacy on FHIR.
- There are three components:
- My Consent on FHIR (nothing more than the patient friendly consent directive and the FHIR representation of that)
- My Apps on FHIR (ability of a patient to extract his own information from an EHR and provide it to a properly authorized app using the UMA standard
- Health Information Exchange on FHIR (traditional provider-to-provider exchange but with patient consent
- This is intended to go to the US HIMSS conference next April, and subsequently to the RSA Conference the week after HIMSS.
- Currently, the participants in this include the VHA and people from the NIST working group and the CBCC. Participants also include Josh Mandel with MIT, and people from MITRE, ONC, commercial folks and patient privacy rights and, as of today, HL7.
Meeting Adjourned at 1438 PST --Suzannegw (talk) 22:39, 4 November 2014 (UTC)
