This wiki has undergone a migration to Confluence found Here
Difference between revisions of "February 7, 2017 Security Conference Call"
Jump to navigation
Jump to search
| (One intermediate revision by the same user not shown) | |||
| Line 40: | Line 40: | ||
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
| − | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
| Line 73: | Line 73: | ||
** Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet | ** Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet | ||
** Motion approved comments as persuasive 1-25 (Beth, Alex) | ** Motion approved comments as persuasive 1-25 (Beth, Alex) | ||
| − | ** | + | ** Reviewed of line 26-Protective Health Information comments- Beth |
*** Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth) | *** Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth) | ||
** Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset | ** Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset | ||
| Line 82: | Line 82: | ||
*** This is based on Security and Privacy information model for health care (Mike Davis) | *** This is based on Security and Privacy information model for health care (Mike Davis) | ||
*** Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent | *** Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent | ||
| − | ** Comment: Footnoting Federated Authorization Domain:(Beth) | + | ** Reviewed Comment: Footnoting Federated Authorization Domain:(Beth) |
| − | *** | + | *** Suggested it should be defined in a footnote or explained |
*** Mike David concurs on defining in footnote | *** Mike David concurs on defining in footnote | ||
** Next Step: | ** Next Step: | ||
| Line 90: | Line 90: | ||
* gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane | * gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane | ||
| − | **Reviewing Johns Comments that are considered | + | **Reviewing Johns Comments that are considered non-persuasive: |
** Note: John was not present at call | ** Note: John was not present at call | ||
** The following comments by John were reviewed: | ** The following comments by John were reviewed: | ||
** Figure shows audit trail export mediating recording and analysis | ** Figure shows audit trail export mediating recording and analysis | ||
*** Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through | *** Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through | ||
| − | *** Johns comment on Audit Trail Export is deemed | + | *** Johns comment on Audit Trail Export is deemed non-persuasive |
**Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates. | **Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates. | ||
** Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO? | ** Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO? | ||
Latest revision as of 19:41, 7 March 2017
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | . | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Security WG Call Minutes January 31, 2017
- (20 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- (10 min) WGM Minutes Review and Approval - Kathleen
- (5 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- (5 min) Security Labeling Service Revision Update - Diana
- (5 min) 21st Century Cures Act Trusted Exchange Framework Discussion for HL7 Policy Advisory Committee- Kathleen
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- Chaired by Alex
- Agenda Approved (Kathleen, Ioana)
- Security WG Call Minutes January 31, 2017 (Approved)
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review- Mike and Kathleen
- Spreadsheet reviewed
- Mike Davis clarified Trust framework definition -Marked as persuasive with Modification in spreadsheet
- Motion approved comments as persuasive 1-25 (Beth, Alex)
- Reviewed of line 26-Protective Health Information comments- Beth
- Comment: Replace Health Protected information with Protective Information, based on PASS Access Control (Beth)
- Footnote page states Protective Information in the U.S Realm includes Protective Health Information as a subset
- Trust Framework is specific to healthcare (Mike Davis)
- Sensitive information shared by security labels, Protective Health is inclusive of sensitive information
- Protective Information can encompass Protective Health Information
- It is not persuasive to change to Protected Information, and should be more specific as Protective Health Information (Mike Davis)
- This is based on Security and Privacy information model for health care (Mike Davis)
- Pass Access Control entries on protective Health Information and Protected Information should be changed to remain consistent
- Reviewed Comment: Footnoting Federated Authorization Domain:(Beth)
- Suggested it should be defined in a footnote or explained
- Mike David concurs on defining in footnote
- Next Step:
- Look to either to remove Protected information in the Documents needs to changed to Protective Health Information, or create a Definition for Protected Information and revisit next call
- Update the information Model, to draft a information Model
- gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diane
- Reviewing Johns Comments that are considered non-persuasive:
- Note: John was not present at call
- The following comments by John were reviewed:
- Figure shows audit trail export mediating recording and analysis
- Response comment (Diana, David): Audit Trail does not mediate anything, it is a pass through
- Johns comment on Audit Trail Export is deemed non-persuasive
- Next comment on Footnote: Figure for Alarm reporting is derived from ISO but does not explain how it deviates.
- Response Comment (Diana, and Mike): Alarm reporting happens within Audit Analysis. Should we put in how our Model deviates from ISO?
- Mike provided an explanation on difference between Alarm Reporting and ISO reporting:
- Alarm reporting is event reporting (As the event occurs with Analysis and is reported in real time)
- The Audit Analysis are sent after a period of time (based on requirement of reporting after analysis is done over a period of time)
- Comment (John) on Abstract Model republishes the Framework ISO 10181-7 and reinvent HL7 standard
- Response (Diana): It is taken from 10181-7 but also input from security working group
- Motion to accept John's Comments 20-35 approved (Mike, Diana)
- Call Adjourned
