Difference between revisions of "October 21, 2014 Security WG Conference Call"
| (12 intermediate revisions by 4 users not shown) | |||
| Line 2: | Line 2: | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
| + | |||
| + | using GotoMeeting.com with ID of 667556909 | ||
==Attendees== | ==Attendees== | ||
| Line 12: | Line 14: | ||
||||x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair | ||||x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair | ||
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||
| − | |||| | + | ||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair |
|- | |- | ||
|| .|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | || .|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | ||
| − | |||| | + | ||||x|| [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair |
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] | ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] | ||
| − | |||| | + | ||||x|| [mailto:duane.decouteau@gmail.com Duane DeCouteau] |
|- | |- | ||
| Line 29: | Line 31: | ||
|| .|| [mailto:mjafari@edmondsci.com Mohammed Jafari] | || .|| [mailto:mjafari@edmondsci.com Mohammed Jafari] | ||
||||.|| [mailto:djorgenson@inpriva.com Don Jorgenson] | ||||.|| [mailto:djorgenson@inpriva.com Don Jorgenson] | ||
| − | |||| | + | ||||x|| Galen Mulrooney |
||||.|| [mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||||.|| [mailto:amanda.j.nash@accenturefederal.com Amanda Nash] | ||
|- | |- | ||
| Line 55: | Line 57: | ||
==Agenda '''DRAFT'''== | ==Agenda '''DRAFT'''== | ||
| − | # ''(05 min)'' '''Roll Call, [http://wiki.hl7.org/index.php?title= | + | # ''(05 min)'' '''Roll Call, [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14] Meeting Minutes''' |
# ''(15 min)'' '''FHIM S&P Information Model''' - Galen and Kathleen | # ''(15 min)'' '''FHIM S&P Information Model''' - Galen and Kathleen | ||
# ''(05 min)'' '''Data Provenance & [http://gforge.hl7.org/gf/download/docmanfileversion/8389/12449/FHIR%20Consent%20Directive%20Resource%20Suite.pptx Patient Friendly Language/FHIR CD] Update''' - Kathleen and Suzanne | # ''(05 min)'' '''Data Provenance & [http://gforge.hl7.org/gf/download/docmanfileversion/8389/12449/FHIR%20Consent%20Directive%20Resource%20Suite.pptx Patient Friendly Language/FHIR CD] Update''' - Kathleen and Suzanne | ||
# ''(10 min)'' '''Bringing SPO to SNOMED CT''' | # ''(10 min)'' '''Bringing SPO to SNOMED CT''' | ||
| − | # ''(10 min)'' '''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - | + | # ''(10 min)'' '''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - Diana |
# ''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/8410/12475/Question%20on%20the%20FHIR%20Security%20Event%20sensitivity%20wrt%20to%20Security%20Labels.docx Question on the FHIR Security Event sensitivity wrt to Security Labels] | # ''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/8410/12475/Question%20on%20the%20FHIR%20Security%20Event%20sensitivity%20wrt%20to%20Security%20Labels.docx Question on the FHIR Security Event sensitivity wrt to Security Labels] | ||
# ''(as time allows)'' '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion, ongoing agenda item | # ''(as time allows)'' '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion, ongoing agenda item | ||
| Line 67: | Line 69: | ||
==Meeting Minutes== | ==Meeting Minutes== | ||
'''Approval of meeting minutes''' | '''Approval of meeting minutes''' | ||
| − | Meeting minutes for [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14] | + | Meeting minutes for [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14] unanimously approved. |
| − | ( | + | |
| + | '''FHIM S&P Information Model''' - Galen and Kathleen | ||
| + | |||
| + | Galen Mulrooney presented a brief overview on the Federal Health Information Model (FHIM). Galen's intention is to move the modeling effort from the FHIM modeling team to the Security WG teleconferences, seeking Security's expertise on the code systems. John Moehrke requested that Galen create an itemized list of issues with the FHIM from which the Security WG can work. | ||
| + | |||
| + | '''Data Provenance & Patient Friendly Language/FHIR CD Update''' - Kathleen and Suzanne | ||
| + | |||
| + | Kathleen requested that Suzanne include the CBCC and Security WGs to the Thursday meeting with Paul Knapp at 4 p.m. Eastern. | ||
| + | |||
| + | Kathleen addressed the next steps for this portion of the project now that Paul has made the Contract Resource available on the FHIR continuous build site. These next steps include Kathleen's creation of four FHIR Consent Directive Profiles, all of which need proposals and new names (Kathleen has created placeholder names). The Contract Resource spreadsheet has 21 data elements that each need a consent directive. John Moehrke advised that individuals need to walk through the spreadsheet themselves and elaborate on the details. | ||
| + | |||
| + | '''Bringing SPO to SNOMED CT''' | ||
| + | |||
| + | The Security WG is currently lacking the resources to bring the SPO to SNOMED CT. Therefore, this activity is in a holding pattern for now. | ||
| + | |||
| + | '''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - Diana | ||
| + | |||
| + | The EHR Interoperability WG is still looking for an individual that can take the lead on this project. An invitation is out for members of the CBCC and Security WGs to lend their efforts to the project. | ||
| + | |||
| + | '''Question on the FHIR Security Event sensitivity with respect to Security Labels''' | ||
| + | |||
| + | John said: "Kathleen noticed that within the Security Event - a resource in FHIR that can be used for doing audit logging - when you describe an event and an object that was describing use of data, in the object description there is the sensitivity tag and it’s unclear, using today’s understanding of sensitivity, what one would do with this sensitivity value." | ||
| + | |||
| + | '''FHIR disposition''' - review/discussion, ongoing agenda item | ||
| + | |||
| + | No changes have been made. John looked at the “binary resources can be subverted for cross-site scripting” item, and says we need to craft a readable message and provide instructions on where the text should go, suggesting that all content pulled/pushed upon ingestion must be validated as being of the form expected. He wanted to know if Duane agreed or disagreed with this statement. | ||
| + | |||
| + | Meeting adjourned at 1800 PDT | ||
Latest revision as of 18:35, 24 October 2014
using GotoMeeting.com with ID of 667556909
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | x | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | . | Alexander Mense Security Co-chair | ||||
| . | Chris Clark | x | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | x | Duane DeCouteau | ||||
| . | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | x | Rick Grow | . | Ken Salyards | ||||
| . | Mohammed Jafari | . | Don Jorgenson | x | Galen Mulrooney | . | Amanda Nash | ||||
| . | Paul PetronelliMobile Health Security Co-chair | x | Diana Proud-Madruga | . | Harry Rhodes | . | Aaron Seib | ||||
| . | Ioana Singureanu | . | Walter Suarez | . | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
| . | Paul Knapp | . | Steve Hufnagel | . | Gary Dickinson | . | Tim McKay |
Agenda DRAFT
- (05 min) Roll Call, October 14 Meeting Minutes
- (15 min) FHIM S&P Information Model - Galen and Kathleen
- (05 min) Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne
- (10 min) Bringing SPO to SNOMED CT
- (10 min) PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana
- (10 min) Question on the FHIR Security Event sensitivity wrt to Security Labels
- (as time allows) FHIR disposition - review/discussion, ongoing agenda item
- separate call/additional time for Security/Privacy DAM revision/update (January Informative ballot, Security-SOA ballot)
- (05 min) Other business, action items, and adjournment
Meeting Minutes
Approval of meeting minutes Meeting minutes for October 14 unanimously approved.
FHIM S&P Information Model - Galen and Kathleen
Galen Mulrooney presented a brief overview on the Federal Health Information Model (FHIM). Galen's intention is to move the modeling effort from the FHIM modeling team to the Security WG teleconferences, seeking Security's expertise on the code systems. John Moehrke requested that Galen create an itemized list of issues with the FHIM from which the Security WG can work.
Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne
Kathleen requested that Suzanne include the CBCC and Security WGs to the Thursday meeting with Paul Knapp at 4 p.m. Eastern.
Kathleen addressed the next steps for this portion of the project now that Paul has made the Contract Resource available on the FHIR continuous build site. These next steps include Kathleen's creation of four FHIR Consent Directive Profiles, all of which need proposals and new names (Kathleen has created placeholder names). The Contract Resource spreadsheet has 21 data elements that each need a consent directive. John Moehrke advised that individuals need to walk through the spreadsheet themselves and elaborate on the details.
Bringing SPO to SNOMED CT
The Security WG is currently lacking the resources to bring the SPO to SNOMED CT. Therefore, this activity is in a holding pattern for now.
PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana
The EHR Interoperability WG is still looking for an individual that can take the lead on this project. An invitation is out for members of the CBCC and Security WGs to lend their efforts to the project.
Question on the FHIR Security Event sensitivity with respect to Security Labels
John said: "Kathleen noticed that within the Security Event - a resource in FHIR that can be used for doing audit logging - when you describe an event and an object that was describing use of data, in the object description there is the sensitivity tag and it’s unclear, using today’s understanding of sensitivity, what one would do with this sensitivity value."
FHIR disposition - review/discussion, ongoing agenda item
No changes have been made. John looked at the “binary resources can be subverted for cross-site scripting” item, and says we need to craft a readable message and provide instructions on where the text should go, suggesting that all content pulled/pushed upon ingestion must be validated as being of the form expected. He wanted to know if Duane agreed or disagreed with this statement.
Meeting adjourned at 1800 PDT
