HL7 WGM JAN 2014 - San Antonio, Texas USA Security WG

• Welcome and Introductions
• Agenda Review

Ballot Overview:

• Heathcare Classification Scheme (HCS)
• Security Label Service (SLS)
• DS4P

Continuing Work

• Composite Security and Privacy DAM/Information Model
• Security and Privacy Ontology, future directions (15-20 min)

FHIR

• FHIR Demonstration/Discussion of HCS Implementation - Duane DeCouteau
• FHIR Accounting Disclosures - John Moehrke

• Around the Room informal report out of Security and Privacy advancements since last WGM
  • New/Changed government initiatives in your region
  • Success/Lessons-Learned at implementing or deploying
  • Are you using the HL7 standards we have produced? Suggestions on improvements?

• Introductions
• Approval of agenda,HL7 Security WGM Cambridge Minutes
• Action Item Status Update
  • Risk Assessment Cookbook -- John
• Security WG Review of SDO Activities: ISO, IEC, CEN, DICOM, IHE,
• HCS Recirculation Ballot -- Pass/Fail and next steps
• Prepare for Joint with EHR WG
  • International report outs

• DS4P Ballot Reconciliation - J.Coleman
• SLS Ballot Reconciliation - M.Davis/K.Connor

• (Continuation from Q2)
• DS4P Ballot Reconciliation - J.Coleman
• SLS Ballot Reconciliation - M.Davis/K.Connor

• Continued Ballot Reconciliation
• Review Wednesday Tutorial plan

• EHR Hosting

•  ???SLS Discussion w/SOA???
  • Would need agreement with SOA and a room to meet in.

Note: Speaker order may change without notice

• Bernd Blobel (co-chair) – Introduction to New Approaches to Privacy and Security
• Mike Davis (co-chair) - Access Controls to enforce Privacy and Security - Including the use of User context (authentication), Patient context, Consent Context, Data context (ConfidentialityCode), and Request Context (PurposeOfUse)

Note: Speaker order may change without notice

• John Moehrke (co-chair) FHIR Security Model
• John Moehrke (co-chair) Audit Logging to support security surveillance and privacy accounting of disclosures

• Security hosting FHIR

• Red Flag / Albana Gaba
  • relevant use-cases related to data analytics. In this context, we will discuss the European legislative background for using patient data for health research and how that affects the design of our system. Furthermore, we describe some techniques for the de-identification of patient data and finally we propose an approach to align our system with the guidelines of HCS.

• Security WG Planning of next years
  • applying analytics/data warehousing to HCS, related use cases (20 min)
  • medical identity theft (red flag, audit), relation to general purpose alerts like clinical-quality events
• Future security tutorials (free or paid) future planning

•  ???