This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 6, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(5 intermediate revisions by 2 users not shown)
Line 19: Line 19:
 
   
 
   
 
|-
 
|-
||   x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
+
|| x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
 
||||.|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
Line 43: Line 43:
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
 
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_30,_2018_Security_Conference_Call Review and Approval of Minutes October 30, 2018]
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconcilation is ready for upload]''' - Mike
+
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit - reconciliation is ready for upload]''' - Mike
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
#''(30 min)'' '''Review of Final Security Harmonization proposals'''  
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
 
*Submission deadline at 12AM ET 11/6.  Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.   
Line 51: Line 51:
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex
 
*No FHIR Security call update - John sends his regrets
 
*No FHIR Security call update - John sends his regrets
==Minutes==
 
 
[[Security|Back to Security Main Page]]
 
  
 
==Meeting Minutes==
 
==Meeting Minutes==
Line 61: Line 58:
 
Discussion/ updates to be made - add count to vote under DS4P
 
Discussion/ updates to be made - add count to vote under DS4P
 
(Suzanne / Joe L)
 
(Suzanne / Joe L)
object/abstain: none approval:  
+
Vote: Objection: none; Abstain: none Approval: 8
  
  
 
'''PASS AUDIT Revision'''
 
'''PASS AUDIT Revision'''
* unknown if ballot reconciliation sheet was ever uploaded to ballot site
+
* Unknown if ballot reconciliation sheet was ever uploaded to ballot site
** if it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
+
** If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
** unsure if withdrawals have been requested
+
** Unsure if withdrawals have been requested
* approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
+
* Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
 
** DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
 
** DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
 
**Kathleen's understanding was we were waiting on updates to the document
 
**Kathleen's understanding was we were waiting on updates to the document
  
Harmonization proposals - tonight is final proposals nneed to be in
+
'''Harmonization proposals'''
* we have reviewed them all earlier
+
*Tonight is when final proposals need to be in
** additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
+
* We have reviewed them all earlier
*** only a slight variation/change is needed to correct
+
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code
** reviewed a spreadsheet instead of word document
+
*** Only a slight variation/change is needed to correct
**banners do not have parenthesis around them, but when you go to the portion marking, there are and  a differnt CUI marking is needed) as shown under 'Marking Multiple Pages'
+
** Reviewed a spreadsheet instead of word document
 +
** It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and  a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  
* additional issue -
+
* Additional issue -
** under RoseTree, xml used in version 3 if you look at code system; under _ActCodeSystem
+
** under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
***SecurityPolicy(security Polcy)
+
***SecurityPolicy(Security Policy)
***adding privacy marker; one for CUI, second for security labeling mark - alked about last week.  These are marks that you display which may be in the descritipn (i.e. confidential, high water mark; 42CFR42, etc)
+
***adding privacy marker; one for CUI, second for security labeling mark - talked about last week.  These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)
  
 
<<add link to harmonization proposal>>
 
<<add link to harmonization proposal>>
 +
Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.
 +
 +
* VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) ''with addition of CUI changes''
 +
** Opposed: none: abstention: none; Approve: 8
 +
** Kathleen will submit today (tonight) with additional CUI changes
 +
 +
'''GDPR White Paper'''
 +
* Low attendance, would like more people from EU
 +
* Peter started discussion with POU which fits very nicely with current POU vocabulary definition
 +
* Agreement during meeting that there is a difference in POU and purpose of processing
 +
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
 +
* Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
 +
* (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - ''codes specifically not related to healthcare'' ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
 +
* next GDPR call in two weeks - we will discuss proposal; come up with harmonized list.  Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
 +
*vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
 +
* In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
 +
** one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call ''care plan/care plan track''
 +
* next call on November 19 ''NEW TIME''- at noon Eastern on Monday
 +
 +
'''Upcoming Connectathon'''
 +
* Note:  MiHIN is willing to join in the Montréal Connectathon
 +
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.
 +
 +
Meeting adjourned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST)
 +
 +
Temporary Recoding;  https://fccdl.in/q8Ci7x2ZYP
 +
 +
[[Security|Back to Security Main Page]]

Latest revision as of 18:52, 13 November 2018

Back to Security Main Page

Attendees

Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui . Joe Lamy
. Theresa Ardal Connor . Greg Linden . Grahame Grieve . Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes October 30, 2018
  3. (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
  4. (30 min) Review of Final Security Harmonization proposals
  1. (5 min) GDPR whitepaper on FHIR Update - Alex
  • No FHIR Security call update - John sends his regrets

Meeting Minutes

Meeting Chair - Kathleen

Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Vote: Objection: none; Abstain: none Approval: 8


PASS AUDIT Revision

  • Unknown if ballot reconciliation sheet was ever uploaded to ballot site
    • If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
    • Unsure if withdrawals have been requested
  • Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
    • DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
    • Kathleen's understanding was we were waiting on updates to the document

Harmonization proposals

  • Tonight is when final proposals need to be in
  • We have reviewed them all earlier
    • Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
      • Only a slight variation/change is needed to correct
    • Reviewed a spreadsheet instead of word document
    • It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
  • Additional issue -
    • under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
      • SecurityPolicy(Security Policy)
      • adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)

<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.

  • VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
    • Opposed: none: abstention: none; Approve: 8
    • Kathleen will submit today (tonight) with additional CUI changes

GDPR White Paper

  • Low attendance, would like more people from EU
  • Peter started discussion with POU which fits very nicely with current POU vocabulary definition
  • Agreement during meeting that there is a difference in POU and purpose of processing
    • Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
  • Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
  • (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - codes specifically not related to healthcare ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
  • next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
  • vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
  • In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
    • one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call care plan/care plan track
  • next call on November 19 NEW TIME- at noon Eastern on Monday

Upcoming Connectathon

  • Note: MiHIN is willing to join in the Montréal Connectathon
  • finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.

Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST)

Temporary Recoding; https://fccdl.in/q8Ci7x2ZYP

Back to Security Main Page