This wiki has undergone a migration to Confluence found Here
Difference between revisions of "March 21, 2017 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| Line 70: | Line 70: | ||
==''' Minutes '''== | ==''' Minutes '''== | ||
| + | * Chaired by Kathleen | ||
| + | * Agenda Approved | ||
| + | * Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017 (Approved 7th and 14th minutes) | ||
| + | * New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com | ||
| + | Online Meeting ID: security36 | ||
| + | ** Information provided beginning March 28th Free Conference | ||
| + | Dial-in Number: (515) 604-9567 Access Code: 880898 | ||
| + | ** Updated on Security Wiki home page top banner - K | ||
| + | ** input security 36 to join meeting | ||
| + | * TF4FA May ballot development roadmap Submission Deadline + 3/26 (Mike Davis) | ||
| + | ** Updates will include comments for volume I to appear in May Ballot | ||
| + | ** Volume II Behavioral Model will be part of the informative Ballot for May | ||
| + | ** Volume II will be presented to group | ||
| + | ** Question (Dave): What is the deadline to submit? | ||
| + | ** Answer: next week 3/26, but may not be hard deadline prior to ballot. Kathleen Will check on the date with Lynn . (Mike Davis) | ||
| + | * Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana | ||
| + | ** Provided High level Summary: | ||
| + | ** Comments were made on PTHD definition | ||
| + | ** Patient right of access are asked to be addressed more specifically | ||
| + | ** Providence was asked to be addressed more specifically | ||
| + | ** Research challenges on control of sharing information | ||
| + | ** Does the patient have control over which Data can be shared? Are there controls? (Labeling or Masking Data) | ||
| + | ** Mike Davis Comment: VA is in the process of implementing an SLS to support patient needs | ||
| + | ** Does Patient Right of access, does it allow patient to say what data can be shared? eg: Vendors agree to create a portal to choose meaningful use data | ||
| + | ** Definition for Patient Generated Health Data was provided by Kathleen and was submitted (Diana) | ||
| + | * Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen | ||
| + | ** Skipped | ||
| + | * [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana | ||
| + | ** Comments from DoD were reviewed, 2 sets of comments (Duplicates) | ||
| + | ** Majority of comments were persuasive or persuasive with Mod | ||
| + | ** Only comment deemed not persuasive: In Pass Audit we have the Audit Functional Model with two capabilities, a third capability is recommended: | ||
| + | ** Recommendation: Audit Service should pin a Audit Client to determine the Audit is enabled | ||
| + | ** Mike Davis Comment: The Audit Client is configured with Audit On, if Audit is turned off it will send out a pin tot Audit service that it is off. It does not need to specified with a separate capability. (Non-persuasive with Mod) | ||
| + | ** Symantec Requirements were changed to Disclosure | ||
| + | ** Capability of Complete Audit Record is upto the implementer to determine if it is complete since there is no international standard | ||
| + | ** Motion Passed: 53-88 (Rick, Diana) | ||
| + | * Security Labeling Service Revision Update - Diana | ||
| + | ** NTR | ||
| + | * No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html | ||
Latest revision as of 18:57, 28 March 2017
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (4 min) Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017
- (10 min) New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com
- Online Meeting ID: security36
- Dial-in Number: (515) 604-9567 Access Code: 880898
Updated on Security Wiki home page top banner - K
- (10 min) TF4FA May ballot development roadmap Submission Deadline + 3/26
- (10 min) Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana
- (2 min) Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- (2 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- (2 min) Security Labeling Service Revision Update - Diana
- (2 min) No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html
Minutes
- Chaired by Kathleen
- Agenda Approved
- Review and Approval of Security WG Call Minutes March 7, 2017 and Security WG Call Minutes March 14, 2017 (Approved 7th and 14th minutes)
- New meeting service - Transition to FreeConferenceCall.com (FCC): Beginning March 28 the web meeting will change to https://www.freeconferencecall.com
Online Meeting ID: security36
- Information provided beginning March 28th Free Conference
Dial-in Number: (515) 604-9567 Access Code: 880898
- Updated on Security Wiki home page top banner - K
- input security 36 to join meeting
- TF4FA May ballot development roadmap Submission Deadline + 3/26 (Mike Davis)
- Updates will include comments for volume I to appear in May Ballot
- Volume II Behavioral Model will be part of the informative Ballot for May
- Volume II will be presented to group
- Question (Dave): What is the deadline to submit?
- Answer: next week 3/26, but may not be hard deadline prior to ballot. Kathleen Will check on the date with Lynn . (Mike Davis)
- Review Draft HL7 Patient Generated Health Data (PGHD)Comments- Diana
- Provided High level Summary:
- Comments were made on PTHD definition
- Patient right of access are asked to be addressed more specifically
- Providence was asked to be addressed more specifically
- Research challenges on control of sharing information
- Does the patient have control over which Data can be shared? Are there controls? (Labeling or Masking Data)
- Mike Davis Comment: VA is in the process of implementing an SLS to support patient needs
- Does Patient Right of access, does it allow patient to say what data can be shared? eg: Vendors agree to create a portal to choose meaningful use data
- Definition for Patient Generated Health Data was provided by Kathleen and was submitted (Diana)
- Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- Skipped
- [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- Comments from DoD were reviewed, 2 sets of comments (Duplicates)
- Majority of comments were persuasive or persuasive with Mod
- Only comment deemed not persuasive: In Pass Audit we have the Audit Functional Model with two capabilities, a third capability is recommended:
- Recommendation: Audit Service should pin a Audit Client to determine the Audit is enabled
- Mike Davis Comment: The Audit Client is configured with Audit On, if Audit is turned off it will send out a pin tot Audit service that it is off. It does not need to specified with a separate capability. (Non-persuasive with Mod)
- Symantec Requirements were changed to Disclosure
- Capability of Complete Audit Record is upto the implementer to determine if it is complete since there is no international standard
- Motion Passed: 53-88 (Rick, Diana)
- Security Labeling Service Revision Update - Diana
- NTR
- No FHIR Security Call this week - Please review front matter - http://build.fhir.org/secpriv-module.html
