Difference between revisions of "January 23, 2018 Security Conference Call"

Latest revision as of 17:50, 25 January 2018

Attendees

x	Member Name	x	Member Name	x	Member Name	x	Member Name
.	John Moehrke Security Co-chair	x	Kathleen Connor Security Co-chair	.	Alexander Mense Security Co-chair	.	Trish Williams Security Co-chair
x	Christopher Shawn Security Co-chair	x	Suzanne Gonzales-Webb	x	Mike Davis	x	David Staggs
.	Mohammed Jafari	x	Beth Pumo	.	Ioana Singureanu	.	Rob Horn
x	Diana Proud-Madruga	.	Serafina Versaggi	x	Joe Lamy	.	Greg Linden
.	Paul Knapp	.	Grahame Grieve	.	Johnathan Coleman	.	Aaron Seib
.	Ken Salyards	.	Jim Kretz	.	Gary Dickinson	x	Dave Silver
.	Oliver Lawless	x	Joyce]	.	David Tao	.	Nathan Botts
x	Francisco Jauregui]	x	Bo Dagnall	x	Man Garg	x	Peter Murphy

Back to Security Main Page

Agenda

(2 min) Roll Call, Agenda Approval
(3 min) Review and Approval of Jan 16, 2018 minutes
(10 min) TF4FA and Domain Modeling updateand Domain Model v.11- Mike Davis
(10 min) ONC Draft Trusted Exchange for Common Agreement released Please review and help the WG prepare PAC comments. - Focus on additional POUs and Minimum Necessary, XSPA, Consents - Mike and Kathleen
(10 min) CCDE Connectathon Track discussion - Bo Dagnall
(5 min) PSAF call report out - Chris Shawn
(5 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis
(5 min) Draft New Orleans Security WGM Agenda
(1 min) FHIR Security update - John Moehrke

Minutes

Chris chaired.
Roll, Agenda approved with addition of a presentation from DXC on CCDE Connectathon
Jan 16th Meeting Minutes Kathleen moved; Beth seconded. Approved:12-0-0.
Domain Modeling Update Mike reported on progress with the Domain Model so as to align with PONDERS and address the remaining negative comments on TF4FA May 2017 ballot from Bernd Blobel. As a result, PSAF project is currently taking a strategic pause on TF4FA Volume 1 revisions until the updates to the S&P DAM are completed because it is the foundational Conceptual Information Model for TF4FA. However, work has started on Volume 3: Audit/Provenance/Blockchain as well as small tweaks to Volume 2 TF4FA Behavioral Model) to keep the two documents in synch changes to TF4FA Volume 1 resulting from changes in underlying S&P DAM. Robert Crawford, a VA modeler, is stepping in to update the S&P DAM. After the WGM, both the Tuesday PSAF call and the Thursday S&P DAM calls will be dedicated to DAM revisions in order to meet May ballot cycle deadlines.

TEFCA

focus has been on the implemcation of POU
- there were several; we need to be cognizant of the relationshps for the POU to obtain
- it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with another covered Entity that does not have a relationshp with the patient
  - there is proposed legeisation that would allow clearning outses to be a covered entity
- Draft Trusted Exchange Framework Final document
  - B. Ensure providers and organizations participatin in exchange have confidence that theapproporaite consent or written authorization was captured, if and when it is needed,prior to the exchange of Electornic Health Iformaton.

XSPA - Mike has draft comments to share

lots of discussion on S&P and trying to get everyone to a common level, real mechanisms are need to secury exchange.. including patient desire. restrictions still exit. the current appropoach. we need an approapch that is sharing WITH protections.

a

in terms of 42CFR with protectons. concernts: that i a patient does nto sign consent, a clincialn may inadvertenly prescribe opiods for that patient

concern: even if they did away with the law, restrictions still exist.. patient could submit a restriction for tha provider

XSPA healthcare profile of SAML XSPA healthcare profile of XACML

OASIS has received comment from the public ballot--that should come across as scope of work for this-int eh orgianzaiton version everyting was hard coded in the vocabulary. in v2... it points to HL7vocabulary XSPA prifle for XACL they have a 3.0 version out now.

Connectathon - Bo Dagnall providing 3 three different components which can work together or separately

we are bring a resource services; we ill have it corrected AllScirps Va and Cerner

Is Privacy Dead Group

report out to occur at HL7
Adrian Gropper gave us some insight on Privacy right for India
Mike will add to the report

@@ Line 9: / Line 9: @@
 ||  .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
 ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair
-||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 |-.
 ||  x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
-||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
+||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb]
 ||||x|| [mailto:mike.davis@va.gov Mike Davis]
-||||x|| [mailto:drs@securityrs.com David Staggs]
+||||x|| [mailto:david.staggs@bookzurman.com David Staggs]
 |-
-||  x|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
+||  .|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
 ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 ||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
@@ Line 38: / Line 38: @@
 |-
 ||  .|| [mailto:oliver@lawless.co Oliver Lawless]
-||||.|| [mailto:lisanelson@cox.net Lisa Nelson]
+||||x|| [mailto:joyce.dunlop@dxc.com Joyce]]
 ||||.|| [mailto:dtao12@gmail.com David Tao]
 ||||.|| [mailto:nathanbotts@westat.com Nathan Botts]
 |-
-||  .|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]]
+||  x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]]
-||||.|| [
+||||x|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
-||||.|| [
+||||x|| [mailto:mgarg23@csc.com Man Garg]
-||||.|| [
+||||x|| [mailto:pmurphy32@csc.com Peter Murphy]
 |-
 |}
@@ Line 53: / Line 53: @@
 #''(2 min)'' '''Roll Call, Agenda Approval'''
 #''(3 min)'' ''' Review and Approval of [http://wiki.hl7.org/index.php?title=January_16,_2018_Security_Conference_Call Jan 16, 2018 minutes]'''
-#''(10 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Model%20Diagrams/PSAF%20TF4FA%202018/Domain%20Models%20for%20TF4FA%20%202018%200109.pptx TF4FA and Domain Modeling update]'''- Mike Davis
+#''(10 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Model%20Diagrams/PSAF%20TF4FA%202018/Domain%20Models%20for%20TF4FA%20%202018%200109.pptx TF4FA and Domain Modeling update]and [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202018/Domain%20Model%20Description%20V11.docx Domain Model v.11]'''- Mike Davis
-#''(10 min)''  '''[https://beta.healthit.gov/topic/interoperability/trusted-exchange-framework-and-common-agreement ONC Draft Trusted Exchange for Common Agreement released] Please review and help the WG prepare PAC comments. - Kathleen  Focus on additional POUs and Minimum Necessary, XSPA
+#''(10 min)''  '''[https://beta.healthit.gov/topic/interoperability/trusted-exchange-framework-and-common-agreement ONC Draft Trusted Exchange for Common Agreement released] Please review and help the WG prepare PAC comments. - Focus on additional POUs and Minimum Necessary, XSPA, Consents - Mike and Kathleen
 #''(10 min)''  '''CCDE Connectathon Track discussion''' - Bo Dagnall
 #''(5 min)'' '''PSAF call report out - Chris Shawn
@@ Line 60: / Line 60: @@
 #''(5 min)'' '''[http://wiki.hl7.org/index.php?title=HL7_WGM_January_2018_-_New_Orleans_US_AGENDA Draft New Orleans Security WGM Agenda]'''
 #''(1 min)'' '''FHIR Security update'''  - John Moehrke
+==Minutes==
+*Chris chaired.
+*Roll, Agenda approved with addition of a presentation from DXC on CCDE Connectathon
+*[http://wiki.hl7.org/index.php?title=January_16,_2018_Security_Conference_Call Jan 16th Meeting Minutes] Kathleen moved; Beth seconded. Approved:12-0-0.
+*'''Domain Modeling Update''' Mike reported on progress with the Domain Model so as to align with PONDERS and address the remaining negative comments on TF4FA May 2017 ballot from Bernd Blobel.  As a result, PSAF project is currently taking a strategic pause on TF4FA Volume 1 revisions until the updates to the S&P DAM are completed because it is the foundational Conceptual Information Model for TF4FA. However, work has started on Volume 3: Audit/Provenance/Blockchain as well as small tweaks to Volume 2 TF4FA Behavioral Model) to keep the two documents in synch changes to TF4FA Volume 1 resulting from changes in underlying S&P DAM.  Robert Crawford, a VA modeler, is stepping in to update the S&P DAM.  After the WGM, both the Tuesday PSAF call and the Thursday S&P DAM calls will be dedicated to DAM revisions in order to meet May ballot cycle deadlines.
+'''TEFCA'''
+* focus has been on the implemcation of POU
+** there were several; we need to be cognizant of the relationshps for the POU to obtain
+** it is noted that the law does require an authorziatonfrom the pteint to share ePHI for Health care Opreations purposes with another covered Entity that does not have a relationshp with the patient
+*** there is proposed legeisation that would allow clearning outses to be a covered entity
+** ''Draft Trusted Exchange Framework Final document''
+*** B. Ensure providers and organizations participatin in exchange have confidence that theapproporaite consent or written authorization was captured, if and when it is needed,prior to the exchange of Electornic Health Iformaton.
+XSPA - Mike has draft comments to share
+* lots of discussion on S&P and trying to get everyone to a common level, real mechanisms are need to secury exchange.. including patient desire.  restrictions still exit.  the current appropoach.  we need an approapch that is sharing WITH protections.
+a
+* in terms of 42CFR with protectons.  concernts: that i a patient does nto sign consent, a clincialn may inadvertenly prescribe opiods for that patient
+concern: even if they did away with the law, restrictions still exist.. patient could submit a restriction for tha provider
+XSPA healthcare profile of SAML
+XSPA healthcare profile of XACML
+OASIS has received comment from the public ballot--that should come across as scope of work for this-int eh orgianzaiton version everyting was hard coded in the vocabulary. in v2... it points to HL7vocabulary
+XSPA prifle for XACL they have a 3.0 version out now.
+'''Connectathon''' - Bo Dagnall
+providing 3 three different components which can work together or separately
+* we are bring a resource services; we ill have it corrected AllScirps Va and Cerner
+'''Is Privacy Dead Group'''
+* report out to occur at HL7
+* Adrian Gropper gave us some insight on Privacy right for India
+* Mike will add to the report
+==Meeting Materials==
+*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20Model%20Diagrams/PSAF%20TF4FA%202018/Domain%20Models%20for%20TF4FA%20%202018%200109.pptx TF4FA and Domain Modeling update]
+*[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202018/Domain%20Model%20Description%20V11.docx Domain Model v.11]

Difference between revisions of "January 23, 2018 Security Conference Call"

Latest revision as of 17:50, 25 January 2018

Contents

Attendees

Agenda

Minutes

Meeting Materials

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools