This wiki has undergone a migration to Confluence found Here

August 15, 2017 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page


x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page


  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes August 1, 2017and Security WG Call Minutes August 8, 2017
  3. (20 min) NIST 800-53 Rev 5 release draft Review Security and Privacy Controls for Information Systems and Organizations Initial Public Draft - Mike Davis
  4. (25 min) Diagnosing and Treating Legal Ailments of the Electronic Health Record: Toward an Efficient and Trustworthy Process for Information Discovery and Release & presentation Potential for renewing EHR/Security work on Lifecycle Vocabulary - Reed Gelzer
  5. (20 min) 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comments Review Draft Security WG comments for approval as input to HL7 response due August 14th. - Kathleen
  6. (5 min) FHIR Security call

News and Review Material

1. Summary People’s lives are inextricably interconnected with cyberspace and information systems. The computing revolution is enabling advances in many sectors of the economy, while social interactions have been profoundly affected by the rise of the Internet and mobile communications. Increasing computerization and data collection in transportation, education, health care, and other areas will accelerate these trends. Massive data collection, processing, and retention in the digital era challenge long-established privacy norms. On the one hand, large-scale data analytics is indispensable to progress in science, engineering, and medicine; on the other hand, when information about individuals and their activities can be tracked and repurposed without the individual’s knowledge or understanding, opportunities emerge for unauthorized disclosure, embarrassment and harassment, social stigma, crime, discrimination, and misuse. The fact that such an opportunity exists can itself have a detrimental and chilling effect on people’s behaviors. The Federal Government is mindful of this risk, and the resulting need for research and development. The White House report Big Data: Seizing Opportunities, Preserving Values1 highlights the need for large-scale privacy research: “We should dramatically increase investment for research and development in privacy-enhancing technologies, encouraging cross-cutting research that involves not only computer science and mathematics, but also social science, communications, and legal disciplines.” The National Privacy Research Strategy establishes objectives for Federally-funded privacy research (both extramural and government-internal research), provides a structure for coordinating research and development in privacy-enhancing technologies, and encourages multi-disciplinary research that recognizes the responsibilities of the government and the needs of society. The overarching goal of this strategy is to produce knowledge and technology that will enable individuals, commercial entities, and the government to benefit from transformative technological advancements, enhance opportunities for innovation, and provide meaningful protections for personal information and individual privacy. To achieve these goals, this strategy identifies the following priorities for privacy research: • Foster multidisciplinary approach to privacy research and solutions; • Understand and measure privacy desires and impacts; • Develop system design methods that incorporate privacy desires, requirements, and controls; • Increase transparency of data collection, sharing, use, and retention; • Assure that information flows and use are consistent with privacy rules; • Develop approaches for remediation and recovery; and • Reduce privacy risks of analytical algorithms.