This wiki has undergone a migration to Confluence found Here

Difference between revisions of "May 23, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 76: Line 76:
  
 
=='''Minutes'''==
 
=='''Minutes'''==
+
 
*Chaired by Kathleen  
 
*Chaired by Kathleen  
 
   
 
   
 
 
*Agenda Approval
 
*Agenda Approval
 
   
 
   
+
*Review and Approval of Security WG Call Minutes April 25, 2017
+
*Approved  of Security WG Call Minutes April 25, 2017
+
 
 
* Madrid Debrief - Review of Minutes, presentations - cochairs  
 
* Madrid Debrief - Review of Minutes, presentations - cochairs  
+
 
 
* (Kathleen)
 
* (Kathleen)
+
 
 
** Highlights from Madrid Meeting:  
 
** Highlights from Madrid Meeting:  
+
 
 
** (1) David Pikes: Privilage Management Access Control ISO 2600
 
** (1) David Pikes: Privilage Management Access Control ISO 2600
+
 
 
*** based on our Security Privacy Domain Analysis Model (Modeling Domains)  
 
*** based on our Security Privacy Domain Analysis Model (Modeling Domains)  
+
 
 
*** His main audience was the clinical modeling Information initiative
 
*** His main audience was the clinical modeling Information initiative
+
 
 
*** He presented on the European Data Protection Regulation (More regulated than the U.S.)
 
*** He presented on the European Data Protection Regulation (More regulated than the U.S.)
+
 
 
*** It may have possible interoprability issues with storing between European and American Health info
 
*** It may have possible interoprability issues with storing between European and American Health info
+
 
 
** (2) The Trusted eHealth project
 
** (2) The Trusted eHealth project
+
 
 
*** part of it is option national health exchange scheme
 
*** part of it is option national health exchange scheme
+
 
 
*** Free to consumer
 
*** Free to consumer
+
 
 
*** It provides healthcare delivery to consumer available  
 
*** It provides healthcare delivery to consumer available  
+
 
 
*** (3) Clinical Decision Support ( Kathleen, John)  
 
*** (3) Clinical Decision Support ( Kathleen, John)  
+
 
 
*** Discussed Hooking up EHR's to apps external to EHR  
 
*** Discussed Hooking up EHR's to apps external to EHR  
+
 
 
*** Drug Drug interactions  
 
*** Drug Drug interactions  
+
 
 
 
*** How to secure CDS hooks  
 
*** How to secure CDS hooks  
+
 
 
 
 
*(John)
 
*(John)
+
+
**  (4) Held a meeting with SMART on FHIR team
**  (4) Held a meeting with SMART on FHIR team  
+
** Came to understanding what users it covers
+
** Came up with other patterns that SMART may not cover such as server to server communication
+
** Discussed Testing security and privacy resources
** Came to understanding what users it covers
+
** We sent out an opportunity for other work groups to work together on their security needs
+
** Gary and Kathleen came up with a proposal on test scripts on provenance
 
** Came up with other patterns that SMART may not cover such as server to server communication
 
 
 
** Discussed Testing security and privacy resources  
 
 
 
** We sent out an opportunity for other work groups to work together on their security needs
 
 
 
** Gary and Kathleen came up with a proposal on test scripts on provenance  
 
 
 
 
 
 
 
 
HL7 WGM MAY 2017 - Madrid Spain Minutes
 
HL7 WGM MAY 2017 - Madrid Spain Minutes
+
* TF4FA Ballot Reconciliation - Kathleen
 
(10 min) [...TF4FA Ballot Reconciliation] - Kathleen
 
 
 
 
** Completed spreadsheet
 
** Completed spreadsheet
+
** proposed disposition of the  DoD comments (Dr. Mark kramer)
+
** He raised the need for discussion on how negotiations take place, to include in the next version
** proposed disposition of the  DoD comments (Dr. Mark kramer)  
 
 
 
** He raised the need for discussion on how negotiations take place, to include in the next version
 
 
 
 
** ISO 600 has a tutorial how to build policy bridging, can be a starting place of behavioral models of different component used for composite policy (How to compose Composition Policy )
 
** ISO 600 has a tutorial how to build policy bridging, can be a starting place of behavioral models of different component used for composite policy (How to compose Composition Policy )
 
   
 
   
 
 
 
** He asserts basic policy should have nested policy  
 
** He asserts basic policy should have nested policy  
+
 
+
 
* PASS Audit Ballot Reconciliation - Diana
 
* PASS Audit Ballot Reconciliation - Diana
 
   
 
   

Revision as of 19:01, 30 May 2017

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes April 25, 2017
  3. (15 min) Madrid Debrief - Review of Minutes, presentations - cochairs
  1. (10 min) TF4FA Ballot Reconciliation - Kathleen
  2. (10 min) PASS Audit Ballot Reconciliation - Diana
  3. (5 min) FHIR Security Call - Please review front matter - John Moehrke

Tuesday Security WG Session: Kevin Skekleton and Josh Mandel presented on FHIR CDS Hooks CDS-Hooks uses SMART on FHIR to specify services to create vendor-independent “substitutable apps” that can be plugged into a variety of EHR and other systems. The services equips a native EHR with an event model, triggering calls to remote CDS services when specific user activities occur (e.g., "prescribe a drug", or "open a patient record"). These CDS Hook services can respond with advice, alternative suggestions, and in-context app launch links that can be presented to the user in accordance with explicit user experience guidelines.  The following videos provide excellent presentations on CDS Hooks:

This CDS-Hook services might be an approach for creating “break glass” alerts for e.g., drug-drug interactions where the treating provider did not have clearance to view the entire record – e.g., where a patient has not consented for this provider to access sensitive information.  The SLS would provide the CDS with unmasked record while permitting the treating provider to only access the masked record until provider executed break glass based on the CDS alert. 

Minutes

  • Chaired by Kathleen
  • Agenda Approval


  • Approved of Security WG Call Minutes April 25, 2017
  • Madrid Debrief - Review of Minutes, presentations - cochairs
  • (Kathleen)
    • Highlights from Madrid Meeting:
    • (1) David Pikes: Privilage Management Access Control ISO 2600
      • based on our Security Privacy Domain Analysis Model (Modeling Domains)
      • His main audience was the clinical modeling Information initiative
      • He presented on the European Data Protection Regulation (More regulated than the U.S.)
      • It may have possible interoprability issues with storing between European and American Health info
    • (2) The Trusted eHealth project
      • part of it is option national health exchange scheme
      • Free to consumer
      • It provides healthcare delivery to consumer available
      • (3) Clinical Decision Support ( Kathleen, John)
      • Discussed Hooking up EHR's to apps external to EHR
      • Drug Drug interactions
      • How to secure CDS hooks
  • (John)
    • (4) Held a meeting with SMART on FHIR team
    • Came to understanding what users it covers
    • Came up with other patterns that SMART may not cover such as server to server communication
    • Discussed Testing security and privacy resources
    • We sent out an opportunity for other work groups to work together on their security needs
    • Gary and Kathleen came up with a proposal on test scripts on provenance

HL7 WGM MAY 2017 - Madrid Spain Minutes

  • TF4FA Ballot Reconciliation - Kathleen
    • Completed spreadsheet
    • proposed disposition of the DoD comments (Dr. Mark kramer)
    • He raised the need for discussion on how negotiations take place, to include in the next version
    • ISO 600 has a tutorial how to build policy bridging, can be a starting place of behavioral models of different component used for composite policy (How to compose Composition Policy )

    • He asserts basic policy should have nested policy


  • PASS Audit Ballot Reconciliation - Diana

  • FHIR Security Call - Please review front matter - John Moehrke

− Healthcare Requirements for Emergency Access by Mike Davis VA

− Veterans Choice Program FAQ

− Bernd Blobel Madrid Presentations

− HIMSS 2017 Patient Choice on FHIR

− Tuesday Security WG Session: Kevin Skekleton and Josh Mandel presented on FHIR CDS Hooks CDS-Hooks uses SMART on FHIR to specify services to create vendor-independent “substitutable apps” that can be plugged into a variety of EHR and other systems. The services equips a native EHR with an event model, triggering calls to remote CDS services when specific user activities occur (e.g., "prescribe a drug", or "open a patient record"). These CDS Hook services can respond with advice, alternative suggestions, and in-context app launch links that can be presented to the user in accordance with explicit user experience guidelines. The following videos provide excellent presentations on CDS Hooks:

− Josh Mandel CDS Hooks Video

− Kevin Skekleton [Cerner Presentations]

− Remote Decision Support with CDS Hooks Kevin Skekleton

− This CDS-Hook services might be an approach for creating “break glass” alerts for e.g., drug-drug interactions where the treating provider did not have clearance to view the entire record – e.g., where a patient has not consented for this provider to access sensitive information. The SLS would provide the CDS with unmasked record while permitting the treating provider to only access the masked record until provider executed break glass based on the CDS alert.