This wiki has undergone a migration to Confluence found Here
Difference between revisions of "January 24th, 2012 Security Working Group Conference Call"
Jump to navigation
Jump to search
(Created page with "=Security Working Group Meeting= * Meeting Information Back to Security Main Page ==Attendees== * [mailto:Kathleen_Connor@comcast.net Kathleen Connor...") |
|||
Line 24: | Line 24: | ||
==Agenda== | ==Agenda== | ||
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda | #''(05 min)'' Roll Call, Approve Minutes & Accept Agenda | ||
− | #''(15 min)'' '''Draft Work Plan - Security and Privacy Ontology''' | + | #''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6633/9059/2012MayWorkPlan-SecurityandPrivacyOntology.xlsx Draft Work Plan - Security and Privacy Ontology]''' |
#''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6632/9058/HL7EHR-SFMR2Poster-Action-VerbHierarchyFINAL-20120112.ppt HL7 EHRS FM Action--Verb Hierarchy] ppt''' | #''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6632/9058/HL7EHR-SFMR2Poster-Action-VerbHierarchyFINAL-20120112.ppt HL7 EHRS FM Action--Verb Hierarchy] ppt''' | ||
#''(15 min)'' '''Item3''' | #''(15 min)'' '''Item3''' | ||
Line 32: | Line 32: | ||
'''Roll Call, Approve Minutes & Accept Agenda''' | '''Roll Call, Approve Minutes & Accept Agenda''' | ||
− | '''Draft Work Plan - Security and Privacy Ontology''' | + | '''[http://gforge.hl7.org/gf/download/docmanfileversion/6633/9059/2012MayWorkPlan-SecurityandPrivacyOntology.xlsx Draft Work Plan - Security and Privacy Ontology]''' |
Please follow link: | Please follow link: | ||
Line 46: | Line 46: | ||
− | ''' | + | '''Request to publish Security and Privacy DAM DSTU''' |
+ | FYI -- This was announced to the co-chairs and affiliate chairs for consideration back in October 2011, and the TSC tabled the motion to approve publication on Nov 7th anticipating a human-readable form of the DAM, another announcement is not needed. The tabled motion has been entered onto the TSC agenda on Monday January 30th. It's being tracked at TSC tracker # 2104. See http://gforge.hl7.org/gf/project/tsc/tracker/?action=TrackerItemEdit&tracker_item_id=2104&start=0 for details. | ||
+ | |||
#''(5 min)'' '''Other Business''' | #''(5 min)'' '''Other Business''' | ||
Revision as of 05:13, 24 January 2012
Contents
Security Working Group Meeting
Attendees
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Jim Kretz
- Glen Marshall
- John Moehrke Security Co-chair
- Milan Petkovic
- Ken Salyards
- Richard Thoreson CBCC Co-chair
- Tony Weida
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Draft Work Plan - Security and Privacy Ontology
- (15 min) HL7 EHRS FM Action--Verb Hierarchy ppt
- (15 min) Item3
- (5 min) Other Business
Meeting Minutes - DRAFT
Roll Call, Approve Minutes & Accept Agenda
Draft Work Plan - Security and Privacy Ontology
Please follow link:
HL7 EHRS FM Action--Verb Hierarchy
- The attached HL7 EHR-S FM Action Verb hierarchy should be reviewed by Security and CBCC WGs.
- They do not map to the Security Operations (CRUDE or the data operations code system).
- They do not appear to align with the Security and Privacy Ontology.
- Below are examples of potential issues:
- Why would encrypt/decrypt be under the category of “Store” when those could be required for use and exchange as well.
- The definition of TAG is “To UPDATE data by marking it for special use. For example, a nurse may TAG the previous week’s records for patients that presented with a severe cough and fever.” This might be useful for tagging for sensitivity, but needs to be thought through – why isn’t the data “tagged” when created rather than as an “update”?
- RENDER and EXTRACT may be a “Disclosure” but that’s not differentiated.
- AUDIT (revised) To TRACK system-initiated or user-initiated activities by analyzing logs based on policies or rules. For example, the system may automatically AUDIT the daily log for multiple-failed-logon-attempts. Another example is that an administrator may AUDIT the excessive use of extraordinary (i.e., “break-the-glass”) access to certain patient information in the Emergency Department. John already suggested that there should be a more general Event logging – and that Audit should be a specialization.
Request to publish Security and Privacy DAM DSTU
FYI -- This was announced to the co-chairs and affiliate chairs for consideration back in October 2011, and the TSC tabled the motion to approve publication on Nov 7th anticipating a human-readable form of the DAM, another announcement is not needed. The tabled motion has been entered onto the TSC agenda on Monday January 30th. It's being tracked at TSC tracker # 2104. See http://gforge.hl7.org/gf/project/tsc/tracker/?action=TrackerItemEdit&tracker_item_id=2104&start=0 for details.
- (5 min) Other Business