August 15, 2017 Security Conference Call
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes August 1, 2017and Security WG Call Minutes August 8, 2017
- (5 min) 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments Review Draft Security WG comments for approval as input to HL7 response due August 14th. - Kathleen
- (5 min) Security WG Interim Health Metrics - presiding cochair
- (15 min) Diagnosing and Treating Legal Ailments of the Electronic Health Record: Toward an Efficient and Trustworthy Process for Information Discovery and Release Potential for renewing EHR/Security work on Lifecycle Vocabulary - Reed Gelzer
- (5 min) FHIR Security call
News and Review Material
- For Discussion on August 22 call: NSTC National Privacy Research Strategy
1. Summary People’s lives are inextricably interconnected with cyberspace and information systems. The computing revolution is enabling advances in many sectors of the economy, while social interactions have been profoundly affected by the rise of the Internet and mobile communications. Increasing computerization and data collection in transportation, education, health care, and other areas will accelerate these trends. Massive data collection, processing, and retention in the digital era challenge long-established privacy norms. On the one hand, large-scale data analytics is indispensable to progress in science, engineering, and medicine; on the other hand, when information about individuals and their activities can be tracked and repurposed without the individual’s knowledge or understanding, opportunities emerge for unauthorized disclosure, embarrassment and harassment, social stigma, crime, discrimination, and misuse. The fact that such an opportunity exists can itself have a detrimental and chilling effect on people’s behaviors. The Federal Government is mindful of this risk, and the resulting need for research and development. The White House report Big Data: Seizing Opportunities, Preserving Values1 highlights the need for large-scale privacy research: “We should dramatically increase investment for research and development in privacy-enhancing technologies, encouraging cross-cutting research that involves not only computer science and mathematics, but also social science, communications, and legal disciplines.” The National Privacy Research Strategy establishes objectives for Federally-funded privacy research (both extramural and government-internal research), provides a structure for coordinating research and development in privacy-enhancing technologies, and encourages multi-disciplinary research that recognizes the responsibilities of the government and the needs of society. The overarching goal of this strategy is to produce knowledge and technology that will enable individuals, commercial entities, and the government to benefit from transformative technological advancements, enhance opportunities for innovation, and provide meaningful protections for personal information and individual privacy. To achieve these goals, this strategy identifies the following priorities for privacy research: • Foster multidisciplinary approach to privacy research and solutions; • Understand and measure privacy desires and impacts; • Develop system design methods that incorporate privacy desires, requirements, and controls; • Increase transparency of data collection, sharing, use, and retention; • Assure that information flows and use are consistent with privacy rules; • Develop approaches for remediation and recovery; and • Reduce privacy risks of analytical algorithms.
