Difference between revisions of "July 21, 2015 Security WG Conference Call"

Attendees

Back to Security Main Page

Agenda DRAFT

1. ( 5 min) Roll Call, Agenda Approval
2. ( 5 min) Approve July 14 Meeting Minutes,
3. ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
4. (10 min) ACS model - Mike/Dave Silver
5. ( 5 min) Joint Vocabulary Alignment Update - Diana
6. ( 5 min) PSAF Update - Kathleen
7. ( 5 min) Status of Provenance and AuditEvent subcommittee -- Kathleen/John
8. ( 25 min) FHIR Security Discussion Items ready for a Discussion
   1. 7752 2015May core #1073 - Replace value set with FHIR Signer Type value set (Kathleen Connor) Not Persuasive
9. ( 5 min) FHIR -- Items asking for Policy statements, where recommend that no specific Policy statement be given.
   1. 7572 2015May core #863 - Explain business-specific details of update (Ioana Singureanu) None
   2. 7683 2015May core #974 - Add security guidance for 'read' (Ioana Singureanu) None
   3. 7685 2015May core #976 - Add authorization qualifier to 'vread' (Ioana Singureanu) None
   4. 7686 2015May core #977 - Add authorization qualifier to 'update' (Ioana Singureanu) None
   5. 7687 2015May core #978 - Add authorization qualifier to 'history' (Ioana Singureanu) None
   6. 7688 2015May core #979 - Add authorization qualifier to 'delete' (Ioana Singureanu) None
   7. 8165 2015May core #975b - Add authorization qualifier to 'read' (Ioana Singureanu) None
10. ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
    1. Please send any agenda items to Suzanne

Meeting Minutes

Approve July 14 Meeting Minutes

• The minutes from the July 14 meeting were unanimously approved.

PASS Access Control Conceptual Model (SOA) Update

• The PSS was approved by the SOA, Security and CBCC WGs, as well as the Foundation and Technology Steering Division (FTSD).
• It is now being reviewed by the TSC for final approval.
• Diana accepted a role as the publishing facilitator.
• The project team is currently going through the existing document (DSTU) and identifying areas where information on an Access Control Services functional model, obligations which directly affect privacy, and trust frameworks can be added.

Joint Vocabulary Alignment Update

• Diana is currently drafting a guide which identifies a process for creating dictionary definitions along with conformance rules for what definitions should look like. She will send this draft to the Vocabulary WG upon completion to ensure harmonization across HL7. This would support the project's effort to create satisfactory definitions for the EHR Record Lifecycle Events, implement the new definitions and rules in the ISO 21089 Trusted End-to-End Information Flows document, and bring it all back to HL7 for inclusion in this Joint Vocabulary Alignment standard.

PSAF Update

• Kathleen met with Harry Rhodes (AHIMA). AHIMA has a project that could possibly leverage the PSAF model and provide use cases and verification of what the project participants are doing in the Provenance section of the model.
• Harry's interest would be mostly in the records management and evidentiary support section of the model where they are trying to find a way to provide guidance to the industry on how to track what happened to the information within one organization and as it goes through different lifecycles in a system, and then its lifespan as it goes through different systems (each one of these systems has a lifespan segment).
• Use cases focus on audit, and also the dilemma the healthcare community has with cut-and-paste (tracking the cut-and-paste, who did it, where the mistake happened) so as to better enable practitioners to use cut-and-paste in an accountable way and to put safety barriers around it so that alerts can be issued (with this instance of cut-and-paste, you duplicated something or only brought over half of the material).

Bold text