This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

June 13, 2017 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Main Page


x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page


  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes June 6, 2017
  3. (15 min) Review and approval of Madrid Minutes Chair
  4. (30 min) HIMSS 2017 Next Steps - Mike Davis
  5. (5 min) TF4FA Ballot Reconciliation update Review DOD Comments - Kathleen
  6. (5 min) FHIR Security Call - Please review front matter - John Moehrke


  • Please note: Q= Question and A = Reply/ or Answer to the question

- Chaired by John

  • Agenda Approved (Kathleen, Diana)
  • Approved: Security WG Call Minutes June 6, 2017 (Mike, Kathleen)

- Approved of Madrid Minutes Chair

  • Alex is working on the draft of charter
  • Minutes approved from previous week (Alex, Kathleen)

- HIMSS 2017 Next Steps - Mike Davis, Duane D.

  • Last week we looked at the Cascading Oath and Patient consent Oath and UMA
  • Duane went over Demo examples on clinical forms that the rule engines make decisions on
    • Some decisions may require health data to be redacted such as in cases of research
    • Drug Drug interactions would not be affected in redaction
    • During clinical trials the patient data is identified within the research organization, but can also be redacted
  • Three organization participating :
    • 1) Vet Health Admin (custodian/primary provider)
    • 2) Vet for Research project (Genetic Research) This week we are reviewing the research use case of the demonstration
    • 3) MyHin
    • VHA also has a clinical decision support group, unique as it can see all data
    • includes drug interactions
  • We do not do any access control based on rights
  • We are doing read access for the clinical flow
  • New Patient consent was reviewed for the purpose of use of research and diagnostic report
  • the data navigates to FHIR payload
  • Veterans for Research: When viewing the same patient for example will have the patients drug abuse would be redacted and a new authorization would be established
    • Informed consent for treatment

- TF4FA Ballot Reconciliation update Review DOD Comments - Kathleen

  • Kathleen: Review Mark Kramer discussion on negations to be reviewed
  • Recommends we need more discussion on what happens in negotiation
  • Domains may need to bridge their policies
  • The consumers idea on trust need to be considered
  • The services on negotiation are fundamental to trust framework
  • comment 1 (John): We need to be clear on defining the negotiations between Domain communication
    • the abstract and script should further explain that negotiation can iterate multiple times to result in a negotiation
  • Q (1) John (Kathleen): Would it be in band or out band? How would it happen in a interoperabile way?
  • A (1) to Kathleen Question (Mike): Not in conceptual Model
  • Comment 2 (Mike Davis): The Negotiations are established agreements between the domains
    • Mark may have an issue with how quickly the negotiation occurs
    • However, defined parameters are defined, and Domains are identified
  • Comment 3 (Kathleen): Under the title Trust Service, the Trust Framework provide technical and operational rules, and each services provided are through exchange of token.
  • FHIR Security Call - Please review front matter - John Moehrke
    • * A/I: Mike Davis will send the document to John with the links for the presentation to John to post to the FHIR Security Page to include in build