This wiki has undergone a migration to Confluence found Here
Difference between revisions of "January 24th, 2012 Security Working Group Conference Call"
Jump to navigation
Jump to search
m (moved January 24th, 2011 Security Working Group Conference Call to January 24th, 2012 Security Working Group Conference Call: correction to year entry) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 19: | Line 19: | ||
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair | * [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair | ||
* [mailto:weida@apelon.com Tony Weida] | * [mailto:weida@apelon.com Tony Weida] | ||
| + | * [mailto:trish.williams@ecu.edu.au Trish Williams] | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
| Line 24: | Line 25: | ||
==Agenda== | ==Agenda== | ||
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda | #''(05 min)'' Roll Call, Approve Minutes & Accept Agenda | ||
| + | #''(15 min)'' '''HL7 WGM wrap up and Action Items''' Mike Davis | ||
#''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6633/9059/2012MayWorkPlan-SecurityandPrivacyOntology.xlsx Draft Work Plan - Security and Privacy Ontology]''' | #''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6633/9059/2012MayWorkPlan-SecurityandPrivacyOntology.xlsx Draft Work Plan - Security and Privacy Ontology]''' | ||
#''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6632/9058/HL7EHR-SFMR2Poster-Action-VerbHierarchyFINAL-20120112.ppt HL7 EHRS FM Action--Verb Hierarchy] ppt''' | #''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/6632/9058/HL7EHR-SFMR2Poster-Action-VerbHierarchyFINAL-20120112.ppt HL7 EHRS FM Action--Verb Hierarchy] ppt''' | ||
| − | #''(15 min)'' ''' | + | #''(15 min)'' '''acquiring ISO Standards''' |
#''(5 min)'' '''Other Business''' | #''(5 min)'' '''Other Business''' | ||
Latest revision as of 23:14, 13 February 2012
Contents
Security Working Group Meeting
Attendees
- Kathleen Connor
- Ed Coyne
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Jim Kretz
- Glen Marshall
- John Moehrke Security Co-chair
- Milan Petkovic
- Ken Salyards
- Richard Thoreson CBCC Co-chair
- Tony Weida
- Trish Williams
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) HL7 WGM wrap up and Action Items Mike Davis
- (15 min) Draft Work Plan - Security and Privacy Ontology
- (15 min) HL7 EHRS FM Action--Verb Hierarchy ppt
- (15 min) acquiring ISO Standards
- (5 min) Other Business
Meeting Minutes - DRAFT
Roll Call, Approve Minutes & Accept Agenda
Draft Work Plan - Security and Privacy Ontology
Please follow link:
HL7 EHRS FM Action--Verb Hierarchy
- The attached HL7 EHR-S FM Action Verb hierarchy should be reviewed by Security and CBCC WGs.
- They do not map to the Security Operations (CRUDE or the data operations code system).
- They do not appear to align with the Security and Privacy Ontology.
- Below are examples of potential issues:
- Why would encrypt/decrypt be under the category of “Store” when those could be required for use and exchange as well.
- The definition of TAG is “To UPDATE data by marking it for special use. For example, a nurse may TAG the previous week’s records for patients that presented with a severe cough and fever.” This might be useful for tagging for sensitivity, but needs to be thought through – why isn’t the data “tagged” when created rather than as an “update”?
- RENDER and EXTRACT may be a “Disclosure” but that’s not differentiated.
- AUDIT (revised) To TRACK system-initiated or user-initiated activities by analyzing logs based on policies or rules. For example, the system may automatically AUDIT the daily log for multiple-failed-logon-attempts. Another example is that an administrator may AUDIT the excessive use of extraordinary (i.e., “break-the-glass”) access to certain patient information in the Emergency Department. John already suggested that there should be a more general Event logging – and that Audit should be a specialization.
Request to publish Security and Privacy DAM DSTU
FYI -- This was announced to the co-chairs and affiliate chairs for consideration back in October 2011, and the TSC tabled the motion to approve publication on Nov 7th anticipating a human-readable form of the DAM, another announcement is not needed. The tabled motion has been entered onto the TSC agenda on Monday January 30th. It's being tracked at TSC tracker # 2104. See http://gforge.hl7.org/gf/project/tsc/tracker/?action=TrackerItemEdit&tracker_item_id=2104&start=0 for details.
- (5 min) Other Business
