This wiki has undergone a migration to Confluence found Here
Difference between revisions of "November 6, 2018 Security Conference Call"
Jump to navigation
Jump to search
| (One intermediate revision by the same user not shown) | |||
| Line 58: | Line 58: | ||
Discussion/ updates to be made - add count to vote under DS4P | Discussion/ updates to be made - add count to vote under DS4P | ||
(Suzanne / Joe L) | (Suzanne / Joe L) | ||
| − | Objection: none; Abstain: none Approval: 8 | + | Vote: Objection: none; Abstain: none Approval: 8 |
| Line 69: | Line 69: | ||
**Kathleen's understanding was we were waiting on updates to the document | **Kathleen's understanding was we were waiting on updates to the document | ||
| − | Harmonization proposals | + | '''Harmonization proposals''' |
| + | *Tonight is when final proposals need to be in | ||
* We have reviewed them all earlier | * We have reviewed them all earlier | ||
** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code | ** Additional CUIs need to be added per Kathleen (specific to the portion marking in the ''print name'' code | ||
| Line 93: | Line 94: | ||
* Agreement during meeting that there is a difference in POU and purpose of processing | * Agreement during meeting that there is a difference in POU and purpose of processing | ||
** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing | ** Peter is currently working (in company for proposal) for possible codes to better define purpose of processing | ||
| − | * Peter is trying to mesh | + | * Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing |
| − | * (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at | + | * (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - ''codes specifically not related to healthcare'' ; when Peter is ready to share codes, Kathleen will assist to push through harmonization |
| − | * | + | * next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary |
| + | *vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together | ||
| + | * In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio) | ||
| + | ** one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call ''care plan/care plan track'' | ||
| + | * next call on November 19 ''NEW TIME''- at noon Eastern on Monday | ||
| − | + | '''Upcoming Connectathon''' | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
* Note: MiHIN is willing to join in the Montréal Connectathon | * Note: MiHIN is willing to join in the Montréal Connectathon | ||
* finished storyboard in June, people involved in SLS, consent will also be involved in January and in May. | * finished storyboard in June, people involved in SLS, consent will also be involved in January and in May. | ||
Meeting adjourned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST) | Meeting adjourned at 1:44 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:46, 6 November 2018 (EST) | ||
| − | https://fccdl.in/q8Ci7x2ZYP | + | |
| + | Temporary Recoding; https://fccdl.in/q8Ci7x2ZYP | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
Latest revision as of 18:52, 13 November 2018
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| x | Diana Proud-Madruga | . | Johnathan Coleman | . | Francisco Jauregui | . | Joe Lamy | |||
| . | Theresa Ardal Connor | . | Greg Linden | . | Grahame Grieve | . | Dave Silver | |||
| . | Beth Pumo | x | Jim Kretz | . | Peter Bachman | . | Bo Dagnall |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Review and Approval of Minutes October 30, 2018
- (2 min) Update on revision of PASS Audit - reconciliation is ready for upload - Mike
- (30 min) Review of Final Security Harmonization proposals
- Submission deadline at 12AM ET 11/6. Harmonization meeting scheduled for 11/8 & 11/9 from 12PM to 6PM ET.
- Policy Vocabulary spreadsheet
- Policy proposal
- Adding the v3 Policy codes to HL7 v2 Table 0717 for security labeling
- (5 min) GDPR whitepaper on FHIR Update - Alex
- No FHIR Security call update - John sends his regrets
Meeting Minutes
Meeting Chair - Kathleen
Meeting Minute approval for 10/30 Discussion/ updates to be made - add count to vote under DS4P (Suzanne / Joe L) Vote: Objection: none; Abstain: none Approval: 8
PASS AUDIT Revision
- Unknown if ballot reconciliation sheet was ever uploaded to ballot site
- If it hasn't, it needs to (Mike/Diana/Kathleen - need to decide plan of action to review)
- Unsure if withdrawals have been requested
- Approximately 50 of the comments had been addressed; to the best of knowledge nothing has been done since then
- DaveS - thought Mike had said that reconciliation is done is to request to withdraw negative votes
- Kathleen's understanding was we were waiting on updates to the document
Harmonization proposals
- Tonight is when final proposals need to be in
- We have reviewed them all earlier
- Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
- Only a slight variation/change is needed to correct
- Reviewed a spreadsheet instead of word document
- It was noted that banners do not have parenthesis around them, but when you go to the portion marking, there are, and a different CUI marking is needed) as shown under 'Marking Multiple Pages'
- Additional CUIs need to be added per Kathleen (specific to the portion marking in the print name code
- Additional issue -
- under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
- SecurityPolicy(Security Policy)
- adding privacy marker; one for CUI, second for security labeling mark - talked about last week. These are marks that you display which may be in the description (i.e. confidential, high water mark; 42CFR42, etc.)
- under Rose Tree, xml used in version 3 if you look at code system; under _ActCodeSystem
<<add link to harmonization proposal>> Proposal has been reviewed by co-sponsor Patient Administration - they have reviewed the presented and final.
- VOTE: Motion to approve Harmonization Proposal as presented (Suzanne/Theresa) with addition of CUI changes
- Opposed: none: abstention: none; Approve: 8
- Kathleen will submit today (tonight) with additional CUI changes
GDPR White Paper
- Low attendance, would like more people from EU
- Peter started discussion with POU which fits very nicely with current POU vocabulary definition
- Agreement during meeting that there is a difference in POU and purpose of processing
- Peter is currently working (in company for proposal) for possible codes to better define purpose of processing
- Peter is trying to mesh POU in Europe - some of the items do not make sense when applied to purpose of processing; based on purpose i.e. law, xx or xx (is this policy per Kathleen?); saying marketing or data analysis may not be enough of a description when describing purpose of processing
- (Kathleen) There is a branch that is not healthcare specific which may be helpful to look at. (shown in Rose Tree by Kathleen) - codes specifically not related to healthcare ; when Peter is ready to share codes, Kathleen will assist to push through harmonization
- next GDPR call in two weeks - we will discuss proposal; come up with harmonized list. Will send out to Security and European group to spread out to their organizations and get feedback on the vocabulary
- vocabulary can be updated to be more granular or robust per Kathleen--or even get rid of all together
- In order to check our definitions we have decided upon a few use cases--one of the use cases will be from national summary? (from Giorgio)
- one will be from John, as described during Baltimore WGM from---one big scenario revolving around patient care with a link to the model from FHIR call care plan/care plan track
- next call on November 19 NEW TIME- at noon Eastern on Monday
Upcoming Connectathon
- Note: MiHIN is willing to join in the Montréal Connectathon
- finished storyboard in June, people involved in SLS, consent will also be involved in January and in May.
Meeting adjourned at 1:44 Arizona Time --Suzannegw (talk) 15:46, 6 November 2018 (EST)
Temporary Recoding; https://fccdl.in/q8Ci7x2ZYP
