This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 21st 2009 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 5: Line 5:
 
==Attendees== (expected)
 
==Attendees== (expected)
  
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent
+
# [mailto:sconnolly@apelon.com Steven Connolly]
* [mailto:sconnolly@apelon.com Steven Connolly]
+
# [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
* [mailto:coynee@saic.com Ed Coyne]
+
# [mailto:rhamm@gmail.com Russ Hamm]
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
+
# [mailto:robert.horn@agfa.com Bob Horn]
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
+
# [mailto:djorgensen@inpriva.com Don Jorgensen]
* [mailto:rhamm Russ Hamm]
+
# [mailto:glen.f.marshall@siemans.com Glen Marshall] Security Co-chair
* [mailto:robert.horn@agfa.com Bob Horn]
+
# [mailto:rmcclure@apelon.com Rob McClure]
* [mailto:glen.f.marshall@siemans.com Glen Marshall] Security Co-chair
+
# [mailto:john.moehrke@med.ge.com John Moehrke]
* [mailto:rmcclure@apelon.com Rob McClure]
+
# [mailto:milan.petkovic@phillips.com Milan Petkovik]
* [mailto:john.moehrke@med.ge.com John Moehrke]
+
# [mailto:ppyette@perimind.com Pat Pyette]
* [mailto:milan.petkovic@phillips.com Milan Petkovik]
+
# [mailto:dsperzel@apelon.com David Sperzel]
* [mailto:ppyette@perimind.com Pat Pyette]
+
# [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
* [mailto:scott.m.robertson@kp.org Scott Robertson]
+
# [mailto:ioana@eversolve.com Ioana Singureanu]
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
+
# [mailto:weida@apelon.com Tony Weida]
* [mailto:ioana@eversolve.com Ioana Singureanu]
+
# [mailto:craig.winter@va.gov Craig Winter]
* [mailto:weida@apelon.com Tony Weida]
 
* [mailto:craig.winter@va.gov Craig Winter]
 
 
 
  
 
==Agenda==
 
==Agenda==
postponed to next week:
 
  
 
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda''
 
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda''
Line 43: Line 39:
  
  
#''(15 min)'' '''[http://wiki.hl7.org/index.php?title=Role-Based_Access_Control_%28RBAC%29_Use_Cases Security Use Cases]'''  Ioana Singureanu/Steve Connolly
+
#''not discussed, moved forward to next week'' '''[http://wiki.hl7.org/index.php?title=Role-Based_Access_Control_%28RBAC%29_Use_Cases Security Use Cases]'''  Ioana Singureanu/Steve Connolly
#''(5 min)'' '''Other Business'''
+
#''(5 min)'' '''Other Business''' None
  
 
==Action Items==
 
==Action Items==
  
 
[[Security|Back to Meetings]]
 
[[Security|Back to Meetings]]

Revision as of 18:12, 21 April 2009

Security Working Group Meeting

==Attendees== (expected)

  1. Steven Connolly
  2. Suzanne Gonzales-Webb CBCC Co-chair
  3. Russ Hamm
  4. Bob Horn
  5. Don Jorgensen
  6. Glen Marshall Security Co-chair
  7. Rob McClure
  8. John Moehrke
  9. Milan Petkovik
  10. Pat Pyette
  11. David Sperzel
  12. Richard Thoreson CBCC Co-chair
  13. Ioana Singureanu
  14. Tony Weida
  15. Craig Winter

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (55 min) Object Vocabulary - Q&A Object Ontology ~ Steve Connolly

Note: Object List is a Normative spec published by ANSI in 2008

  1. Comments
    1. terms should not be deleted but deprecated with a note that states why the term is being changed (i.e. duplicate, substituted with another term)
    2. Descriptive types notes, summary, report - we had to determine if there were consistency in each of these types. if they are well defined descriptions then we will have to deal with them in another way. We will need to determine singular or plural form of an object and how we portray that. (current list is not consistent)
    3. 2a - terms lean toward verbiage that is common usage or possibly external code systems.
      1. OpenEHR object vocabulary: Clinical Investigator Record Ontology" spreadsheet
    4. another place to look would be in ActInformationCategory Code used in Canada and based on domain data. This would allow the information to blend. (X-type)
    5. recapture some of the original confidentiality code outside of HL7 and it would be useful if all healthcare objects have the same vector and have the same naming here.

We are labeling things toward the type of information. When you label something for confidentiality you are labeling content i.e. type of data Lab Result, content - low white blood cell count which may indicate a disease and limited people may view. This is where patient preference may enter. (Security vs confidentiality differences, align respresentations between the two despite the differences) (John/Glen) will be speaking offline

    1. Bolded information (add link from RBACObjectVocabulary.xls) is added to clarify information needed to protect rather that confusion with a process
    2. All objects have a level of sensitivity to them.


  1. not discussed, moved forward to next week Security Use Cases Ioana Singureanu/Steve Connolly
  2. (5 min) Other Business None

Action Items

Back to Meetings

Retrieved from "https://wiki.hl7.org/w/index.php?title=April_21st_2009_Security_Conference_Call&oldid=24359"