This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 9, 2012 Security Working Group Conference Call

From HL7Wiki
Jump to navigation Jump to search

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

  1. (05 min) Roll Call, Approve Security Call Minutes Oct. 2, 2012 & Accept Agenda
  2. (10 min) DS4P HCS Presentation Report and Security and Privacy Ontology project status – Mike Davis
  3. (10 min) ISO WG 4 Report – Trish Williams
  4. (10 min) - Upcoming Deadlines for Nov Harmonization and Jan 2013 Ballot Kathleen Connor
  5. (10 min) Phoenix WGM Session and Room Scheduling – John Moehrke
  6. (05 min) Other Business, Agenda for Next call, Action Items, and Wrap Up

Minutes

  • RE: Approval of Minutes and Agenda – Presiding Cochair, Mike Davis asked for any objections or abstentions from the approval of the minutes and agenda. Cochair John Moehrke was unable to attend, so the report on Jan WGM room schedules was deferred. Presiding Cochair Mike Davis requested that the S&P Ontology project update be presented by John Carter, Apelon. XXX moved; YYY seconded. Minutes and agenda approved (0-0-6)
  • RE: S&P Ontology project – John Carter reported on the kick-off call to discuss next steps for the project, objective to submit a new release for the January 2013 ballot, and approaches for moving the Ontology content into SNOMED.
  • RE: DS4P HCS Presentation Report – Mike Davis reported on the response to last week’s ONC DS4P call presentation of the HL7 Healthcare Classification Scheme. Mike walked through key parts of the scheme, including the description of the Security Label Fields, the syntactical rules governing the use of those Security Label Fields, and the HL7 Vocabulary that binds to those fields. He noted that the presentation was well-received and that the HL7 Healthcare Classification Scheme, which forms the core aspects of the HCS, will be ready for ballot in January per the WG’s direction at the Sept. WGM.

Reed Gelzer asked if Mike got any “push back” on the use of the term “Integrity” as one of the Security Label fields because this term is so intermixed with concepts from security Data Integrity and the Records Management use of the term to denote aspects of information provenance, completion status, and reliability. Mike said there was no push back due to his definition, which clearly differentiated the data integrity from the records management perspective.

  • RE: ISO WG 4 Report: Trish reported on the key initiatives discussed at the Vienna ISO meeting including the restructuring of ISO WG 4, which entails scope and objective review; Walter Suarez report on the US DS4P project; issues relating to HL7 WG access to ISO security related standards, which is under advisement with HL7, ANSI, and ISO leadership; and ISO focus areas including pseudonymization, PKI standards, trans-border exchange of health records; and health cards. Trish will publish her report on key ISO activities to the HL7 Security wiki.
  • RE: Kathleen reported on submitted initial Harmonization Coversheets needing SWG approval (links below.) She noted that most of the proposals are simple technical corrections such as definitions or code names, and that all were in very preliminary status as she will need input from the WG on definitions and appropriate leaf concepts. The Security Observation Vocabulary proposal should address DS4P and HCS requirements for vocabulary that can be persisted as privacy/security metadata with very granular information, including CDA entries. WRT Confidentiality technical corrections: Kathleen presented the proposed RIM definition changes that would align the RIM attribute definition with that approved by the SWG for the ConfidentialityCode vocabulary definition crafted by Cochair John Moehrke. Mike proposed using the HCS definition of a confidentiality label field, which reads:

“Information metadata which is based on analysis of applicable policies and the risk of harm that could result from unauthorized disclosure.” Kathleen asked why the metadata is limited to “information” metadata when the DAM speaks to more encompassing concept of Resource (as defined by OASIS XSPA) or Target (as defined by ISO IEC 10181-3) as encompassing any data, information, object, file, application, system capabilities or system services to which access is to be controlled. Kathleen also asked if the semantics of a security label field for classification used as a Security Label for Classification of a Resource is the same as the semantics of the security label field for classification used as a Security Label for Clearance of an Initiator. Discussion outcome: Kathleen to substitute the HCS definition in the RIM definition revision proposal for further discussion on the next SWG call for consideration of concept scope and applicability for the DAM and HCS. Kathleen noted that there were no RIM revisions to Act and Role confidentialityCode attribute submitted although cardinality changes had been requested at the WGM.

Meeting adjourned at 2:00 PM Eastern

Action Items

  • RE: KC to continue refinement of Nov 2013 Harmonization Proposals NIB for SWG submission approval before 10/28
  • RE: Publishing Cochair to prepare S&P Ontology and HCS NIB for SWG submission approval before 10/28

Back to Security Main Page