This wiki has undergone a migration to Confluence found Here

August 22, 2017 Security Conference Call

From HL7Wiki
Revision as of 00:30, 29 August 2017 by Mayada Abdulmannan (talk | contribs) (→‎Minutes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes August 15, 2017
  3. (20 min) Cascading OAuth for FHIR Security - middle of the page - Mohammad Jafari
  4. (15 min) Consumer Centered Data Exchange Connectathon Track- Aaron Seib
  5. (15 min) ONC Trusted Exchange Common Agreement Framework Comments - Kathleen
  6. (1 min) FHIR Security call - Cancelled

News and Review Material

Minutes

  • Chaired by Alex
  • Agenda Approved
  • Review and Approval of Security WG Call Minutes August 15, 2017 deferred to next call
  • Cascading OAuth for FHIR Security - middle of the page - Mohammad Jafari, Mike Davis, Aaron Seib
    • Defer from one Oath server to another Oath server
    • Mohammad coded the OAth, did the implementation for cascading Oauth
    • Kathleen proposed to find a way for Mohammed to update code
    • The Code is not available as an opensource project
    • Mohammed currently does not have access to the code
    • Mike's comment: The code was provided to VA, and VA can likely provide it as open source
    • Cascading OAuth was demonstrated during Patient Choice at HIMMS
    • If the Provider has Patient right of access they would have access to the system
    • The patient controls to what can be accessed
    • A patient that hasn't submitted their consent
    • The Patient Authorization server provides information on provisions and rules to the custodian organization
    • Patient can direct how information flows
    • This authorization server allows the patient manage all of its providers in one place
    • It is consumer Centered Data Exchange Connectathon
    • The Authorization server check the consent, and based on consent it provides a token
    • The Attributes can be detailed
    • The Custodian organization receives the token and puts it back to the Oath interceptor
    • The resource server collects the data, and labels the data (security labeling server)
    • The final step the information is then provided
    • If the patients policy inputted for consent directive, the token
    • Aaron reviewed consent resource using FHIR Consent Recourse
    • Kathleen comment (1): FHIR Consent Recourse will have security labels.
    • Mike Davis comment (2)/recommendation to Aaron: In HL7 we have two working groups, in Security and CBCC. For implements the distinction between Security and Privacy are clear. To Avoid confusion we need to keep the separation between privacy and security.
    • The Patient has to provide consent in writing according to law
    • Next Step: Aaron to send Dianna email to request to do a presentation to CBCC
  • ONC Trusted Exchange Common Agreement Framework Comments - Kathleen
    • Item moved to next weeks call
  • FHIR Security call - Cancelled
    • Call Adjourned**