November 14, 2017 Security Conference Call

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

1. (2 min) Roll Call, Agenda Approval
2. (3 min) Review and Approval of November 7, 2017 minutes
3. (10 min) 2017Nov HARM INTIALPROPOSAL SECURITY Sensitivity Codes.doc Update on questions to SAMHSA HL7 representatives. Need WG approval for final submission at next call November 21st. - Kathleen
4. (15 min) Consumer Centered Data Exchange (CCDE) Track for Jan Connectathon- Review of proposed CCDE Cascading OAuth Scenario. Looking for input from Security and CBCP WGs - Kathleen and Mohammad
5. (15 min) PSAF call report out on HL7 Security and Privacy Domain Model and PSAF SS revision - Mike Davis and Chris Shawn
6. (10 min) Need to Update HL7 V2 Privacy and Security section in HL7 v2. Should Security and CBCP collaborate on an update? Dallas Haselhorst, author of the v2 Security risks will present during the Nov. 21st call. - John and Kathleen
7. (5 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
8. (2 min) FHIR Security Call later? - John Moehrke

Minutes

• Chris Shawn chaired.
• Agenda informally approved.
• Minutes from November 7th were reviewed. Kathleen moved to approve; Suzanne seconded; and John abstained because he did not attend the call. Minutes approved 8-1-0.
• John asked about whether it makes sense to differentiate each sensitivity hot topic. Rather we could wait until a confluence of private tags. Kathleen stated that she was using access control concern as a criteria for determining whether a code is needed for data segmentation. John said that this should be documented in some kind of governance process. Mike stated that the governance criteria should be in the new information model. Kathleen suggested that the governance criteria be put into the parent code for a March 2018 Harmonization proposal.
• Kathleen reported that she and Mohammad are working of a Cascading OAuth scenario with a FHIR consent directive for the Consumer Centered Data Exchange track for January FHIR Connectathon, and have been reaching out to potential participants. This scenario would differ from the Smart on FHIR scenario which would not focus on a consent directive or which might retrospectively memorize the consumer's selection of an App as a FHIR Consent Resource.
• John mentioned that ONC Provenance project representative has been discussing the possibility of a FHIR Provenance track. Not clear whether this track would be ready for January. He wanted the WG to be aware of this possible track.
• Mike reported on the updated TF4FA, which now has different policy types because they handle different information. Confidentiality and sensitivity have different policies. Unrestricted is public information so there are no policies. Likely needs a human to review. Declassification or changing classifications as a discipline for national security. Vetting for classification may need to be manually performed. Mike is concerned about whether a system can do this. Kathleen mentioned HIPAA de-identification provisions, which could be used as an algorithmically implemented.
• Mike said the new version continues the discussion of a basic and composite policy. Table with medications classified with sensitivity and confidentiality. Then add another object with a different sensitivity and classification. So the merged list is an object with the highest classification of any of the elements subordinated to it. Combining all of the compound objects with a mixed set of sensitivities for medication and immunizations at the element level like a CDA. At the top level of the document would have the high water mark. This is a compound information object each with its own policies. This is a composite policy.
• Mike is now considering things that apply to users like roles, permissions, relationships that apply to initiators. New version has additional policies like MOU, obligations, data use agreements, which can apply generally, but particularly apply to the classification of medium and low. Extended the model now includes medium and low domains in addition to very restricted, restricted, and normal domains.
• Created another table to distinguish between different classification levels in terms of its components of sensitivity, integrity, and compartment and whether there are subdomains and whether or not it involved roles clearances and permissions of the users.
• Mike doesn't see a distinction between low and moderate. John stated that policy may dictate whether there's a need for low and moderate. Mike argued that the differentiators for access control are not clear for moderate. John pointed out that we have moderate because we mapped to ISO 13606. John suggested that a domain might not have policies for moderate could create a separate value set. The full hierarchy is here for jurisdictions that have policies for both. The complete hierarchy of non-overlapping classifications is needed to apply the Bell La Padula algorithm to prevent "writing down and reading up"
• V2 Security Guidance - Kathleen introduced a presentation by Dallas Haselhorst linked in HL7 V2 Privacy and Security. Discussion about whether the WG should get involved in guidance about how to improve HL7 V2 Security and Privacy.

Meeting Materials

See new HL7 Version 2 Privacy and Security wiki page.

Back to Security Main Page