February 21st, 2012 Security Working Group Conference Call
Security Working Group Meeting
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Jim Kretz
- John Moehrke Security Co-chair
- Milan Petkovic
- Ken Salyards
- Richard Thoreson CBCC Co-chair
- Tony Weida - Out of office, unable to attend.
- Trish Williams, sends apologies, unable to attend (conflicting meeting)
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) ONC Privacy & Security Mobile Device Roundtable Input
- (15 min) Security and Privacy Ontology- Update (Tony unable to make today's call)
- (10 min) Harmonization Proposals Update (Kathleen)
- (10 min) Interim Co-Chair appointment
Roll Call, Approve Minutes
ONC Privacy & Security Mobile Device Roundtable Input e-mail to HL7 Co-Chairs:
ONC's Office of the Chief Privacy Officer in cooperation with the HHS Office for Civil Rights (OCR) launched a Privacy & Security Mobile Device project. HL7 may have an opportunity this Spring to provide input into this project during a public roundtable. Although the focus is on privacy and security and many of those elements may be outside of HL7's domain as they are managed through lower level protocols, operating systems, etc., there is a sense that some of our standards may be, or may need to be applicable and sensitive to the context of a mobile device where the data exchanged is consumed.
We would like to get your input whether your workgroup already has, is planning to develop, or would believe there should be HL7 standards and/or guidance to enhance on the privacy and security of mobile devices. For example, are hardware/OS/network solutions sufficient to achieve appropriate privacy & security levels unique to mobile devices, or should additional data be available at the application level to enable appropriate restrictions by the application at that mobile device, or should we be completely agnostic to that context? Are there capabilities in the functional model that should be further defined uniquely to mobile devices, or is that context irrelevant?
A further question may be whether with the expansion of mobile devices there are other aspects beyond privacy & security in particular and that are unique to mobile computing that HL7 workgroups are already focusing on, have plans for, or should be considering. Although the primary focus of this question is on the Security, Healthcare Devices, EHR, CIC, and CBCC workgroups, other workgroups may have some perspectives as well that we should consider. We would appreciate your feedback by March 31 to help us determine how HL7 should respond to a request to contribute to the public roundtable.
You may post this on the PAC wiki page for Privacy & Security for Mobile Devices, or forward to either John Speakman or Hans Buitendijk.
Policy Advisory Committee Co-Chairs:
Hans J. Buitendijk Siemens Medical Solutions USA, Inc. Standards & Regulations Manager
John Speakman Chief Program Office NCI Center for biomedical Informatics and Information Technology
Security and Privacy Ontology- Update (Tony unable to make today's call) Agenda item pushed to next week. Will contact Tony to request a report be distributed via the Security listserve
Harmonization Proposals Update (Kathleen)
Interim Co-Chair appointment