This wiki has undergone a migration to Confluence found Here
HL7 WGM Sept 2017 - San Diego US MINUTES
Contents
MINUTES WGM San Diego 11th-14th September 2017
Monday Q3
Joint CBCC - Security
See CBCC Minutes
Monday Q4
Joint CBCC - Security
See CBCC Minutes
Tuesday Q1
Opening Security WG Meeting
Attendees:
- John Moehrke John.Moehrke@gmail.com
- Alexander Mense alexander.mense@hl7.at
- Kathleen Connor Kathleen.connor@comcast.net
- Mike Davis mike.davis@va.gov
- Chris Shawn christopher.shawn@va.gov
- David Pyke david.pyke@readycomputing.com
- Andreas Schuler andreas.schuler@fh-hagenberg.at
- Harri Honko harri.honk@w2e.fi
- Kevin Shekleton kshekleton@cerner.com
- Elysa Jones elysa@honeycombIQ.com
- Suzanne Webb suzanne.webb@bookzurman.com
Chaired by John
- Introductions
- Approval of agenda
- International Report outs
- Updates on European legislation regarding security and privacy.
European commission: Digital Single Market. [1] Directive on Network and Information Security: European Parliament and European Council: Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. 2016, [2] GDPR: European Parliament and European Council: Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation). In: Official Journal of the European Union, L 119/1, [3] ePrivacy: European Commission: Proposal for a Regulation on Privacy and Electronic Communications. 2017, [4] Rene's article about GDRP [5]
- Discussion on European cross border health data exchange and trust frameworks
- Finnland
Report on Finnish PHR activities (PHR project, PHR profile) The W2E project (private initiative): https://w2e.fi
- US
OASIS activities on tracking emnergency patients and the relation to HL7 Discussion about making data available in case of emergency/disaster situations
- Liaison Reports: ISO, IHE, ONC
- HL7 Project status and updates:
NIST SP 800-53/800-63 Impacts on current Security and CBCC WG standards NIST 800-53 Rev 5 Review Security and Privacy Controls for Information Systems and Organizations Initial Public Draft Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines Impact of NIST SP 800-53-5 on Privacy and Security Study Group Proposal - Mike Davis NIST SP 800-63 rev 3 - Chris Shawn Study Group for Minimum Necessary, Purpose of Use , and Healthcare Workflows [https://www.freeconferencecall.com/wall/recorded_audio?audioRecordingUrl=https%3A%2F%2Frs0000.freeconferencecall.com%2Fstorage%2FsgetFCC2%2FasJ8A%2FILf85&subscriptionId=8257383 Webmeeting recording of CBCC/Security JT on FHIR Consumer Centered Data Exchange Connectathon Track report out and demonstration - Kathleen Connor, Debi Willis, Bo Dagnall DCX (Plus Demo) Trust Framework - Ballot Reconciliation Plans SOA Audit – Ballot Reconciliation Plans FHIR Security - AuditEvent, Provenance, Security Labels FHIR Privacy and Security Conformance Test Suite Development - Discussions planned for WGM
Tuesday Q2
Continuation of Q1 topics
Attendees:
Chaired by xxxx
Tuesday Q3
Joint CBCC, Hosting Security, Mobile Health
See CBCC for minutes
- Proposed Topics: HL7 Project status and udates:
MyData Architecture Framework - Reacting to GDPR with Privacy as a Service Infrastructure’ Harry Honko, Finland NIST SP 800-53/800-63 Impacts on current Security and CBCC WG standards NIST SP 800-53/800-63 Impacts on current Security and CBCC WG standards NIST 800-53 Rev 5 Review Security and Privacy Controls for Information Systems and Organizations Initial Public Draft Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines Study Group for Secondary use of HIoT data Study Group for Minimum Necessary, Purpose of Use , and Healthcare Workflows
Tuesday Q4
Trust Framework Work Session
Attendees:
Chaired by xxxx
- Review May TF4FA Ballot Comments and proposed dispositions
TF4FA Ballot Material
Wednesday Q1
Joint w/ EHR, CBCC, FHIR, SOA, Security
See EHR Wiki for Minutes
- Agenda included indepth discussion about:
NIST SP 800-53/800-63 Impacts on current Security and CBCC WG standards NIST SP 800-53/800-63 Impacts on current Security and CBCC WG standards NIST 800-53 Rev 5 Review Security and Privacy Controls for Information Systems and Organizations Initial Public Draft Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines Study Group for Secondary use of HIoT data Study Group for Minimum Necessary, Purpose of Use, and Healthcare Workflows
Wednesday Q2
Joint with SOA
Refer to SOA Wiki for minutes
- Agenda Items - Report out on:
PASS Audit Ballot Spreadsheet PASS Audit Ballot January 2017 Future PASS standards moving to Security
Wednesday Q3
Security WG deep FHIR topics
Attendees:
Chaired by xxxx
- Josh assigned FHIR Core team
- SMART on FHIR
- CDS-hooks security model
- Cascading OAuth - Add overview to the FHIR Security page based on links @ HIMSS 2017 page
- Security endorsement of CORS??? what conditions? What considerations? What alternatives (See Keith Boone)
https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13827 GF#13827
- Discuss John Moehrke’s Blog FHIR OAuth scope proposal using FHIR query parameters
Wednesday Q4
Security WG Project Meeting
Attendees:
Chaired by xxxx
- 10 minute introduction to PSS on Context Synchronization (Isaac Vetter) here: https://drive.google.com/open?id=165BU5ZmUyuwxz4kg2dtjRWkNM7o4u2PrdcIKSxP94Ts
- PASS Audit Ballot Reconciliation
Focused on Bernd Blobel’s comment dispositions. PASS Audit Ballot Spreadsheet
- TF4FA Ballot Reconciliation
Focused on Bernd Blobel’s comment dispositions. PASS Audit Ballot Spreadsheet PASS Audit Ballot January 2017 PASS Audit Ballot January 2017 Continue TF4FA Reconciliation November Harmonization Proposals
Thursday Q1
Security hosting CBCC, FHIR-I Joint on FHIR App Verification and FHIR Consent Resource
Attendees:
- Kathleen Connor VA kathleen.connor@comcast.net
- Neelima Chennemeja SAMHSA needlimaj70@gmail.com
- Mark Scrimshire mark@ckinemark.com
- David Pyke Ready Computing David Pyke@readycomputing.com
- John Moehrke John Moehrke@gmail.com
- Alexander Mense HL7 Austria alexandre.mense@hl7.at
- Andreas Schriler Andreas.Schriler@fh.ha…. (?)
- Reinhard Egelkraut reinhard.egelkraut@cgm.com
- Suzanne Gonzales-Webb VA suzanne.webb@bookzurman.com
- Trish Williams HL7 Australia/Flinders University patricia.williams@flinders.edu.au
- Anthony Chiarelli Achiarelli@r1solutions.com
- Chris Shawn VA Christopher.Shawn2@va.gov
- Michael Clifton mclifton@epic.com
- Isaac Vetter isaac@epic.com
- Dennis Patterson dennis.patterson@cerner.com
- Michael.Donnelly Michael.Donnelly@epic.com
- Hideyuki Miyohara HL7 Japan Miyohara.Hideyuki@ap.MitsubishiElectric.co
- Reuben Daniels reuben@saludex.com
- Tessa van Stijh NICTIZ stijh@nictiz.nl
- Martin Entwistle Ares Health Systems ment@areshs.com
- Mike Davis Mike.Davis@va.gov
- Joe Lamy Aegis/SSA joe.lamy@aegis.net
- Corey Spears Infer Corey.spears@info.com (?)
- Sean McIvenna Lantana sean@lantanagroup.com
Chaired by John
- vote on PSS on Context Synchronization (Isaac Vetter) here: https://drive.google.com/open?id=165BU5ZmUyuwxz4kg2dtjRWkNM7o4u2PrdcIKSxP94Ts
- POET Presentationof a FHIR App Verification - Mark Scrimshire Audio
- HL7 FHIR Consent Directive Project
- FHIR Consent Resource
Thursday Q2
General Meeting: SecWG Project Health and Administration
Attendees:
- John Moehrke John.Moehrke@gmail.com
- Alexander Mense alexander.mense@hl7.at
- Trish Williams patricia.williams@flinders.edu.au
- Hideyuki Miyohara Miyohara.Hideyuki@ap.MitsubishiElectric.co
Chaired by Trish
WG Health
- Two items listed as over 120 days:
- Motion to extend the 1209 PSS with the FHIR rel 4 milestones with a new deadline of Dec 2018 subject to FHIR deadlines. Extend project end date Jan2019, next milestone is Jan 2018. Proposed by JM, Second AM, 3/0/0. We agreed this week that some tasks groups look at security configuration guidance, rather than turn-on-cause – and this would be in the project scope, Task group on application registration (from Q1) would also be under the same project 1209
- DAM milestone – need to ask Kathleen
- Updated to 3 yr plan – addition co-sponsor to Smart-On-FHIR Project Insight 1341; added SLS Version 2; and removed completed projects. Motion to accept the new 3 yr plan Proposed John, Seconded Alex 3/0/0
- Uploaded DMP and updated 3-year plan to SecWG Homepage on HL7.org site
- Security Labelling Service – another type of service called The Legitimate Relationship Service was tried in the UK. ADT feed but was hindered by workflow incompatibility. As a workgroup we could socialise this as a potential service for privacy consent problems.