This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 21, 2014 Security WG Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(10 intermediate revisions by 2 users not shown)
Line 11: Line 11:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''!!
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''!!
 
|-
 
|-
||  .|| [mailto:mike.davis@va.gov Mike Davis]Security Co-chair
+
||  x|| [mailto:mike.davis@va.gov Mike Davis]Security Co-chair
 
||||x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
 
||||x|| [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
Line 20: Line 20:
 
||||x||  [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
 
||||x||  [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
 
||||x||  [mailto:Kathleen_Connor@comcast.net Kathleen Connor]
 
||||x||  [mailto:Kathleen_Connor@comcast.net Kathleen Connor]
||||.||  [mailto:duane.decouteau@gmail.com Duane DeCouteau]
+
||||x||  [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
|-
 
|-
  
 
||  .||  [mailto:r.gelzer@myfairpoint.net Reed Gelzer]
 
||  .||  [mailto:r.gelzer@myfairpoint.net Reed Gelzer]
||||.||  [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]CBCC Co-chair
+
||||x||  [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]CBCC Co-chair
 
||||x||  [mailto:rgrow@technatomy.com Rick Grow]
 
||||x||  [mailto:rgrow@technatomy.com Rick Grow]
 
||||.||  [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards]
 
||||.||  [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards]
Line 57: Line 57:
  
 
==Agenda '''DRAFT'''==
 
==Agenda '''DRAFT'''==
# ''(05 min)'' '''Roll Call, [http://wiki.hl7.org/index.php?title=October_07,_2014_Security_WG_Conference_Call October 07] Meeting Minutes'''
+
# ''(05 min)'' '''Roll Call, [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14] Meeting Minutes'''
 
# ''(15 min)'' '''FHIM S&P Information Model''' - Galen and Kathleen
 
# ''(15 min)'' '''FHIM S&P Information Model''' - Galen and Kathleen
 
# ''(05 min)'' '''Data Provenance & [http://gforge.hl7.org/gf/download/docmanfileversion/8389/12449/FHIR%20Consent%20Directive%20Resource%20Suite.pptx Patient Friendly Language/FHIR CD] Update''' - Kathleen and Suzanne
 
# ''(05 min)'' '''Data Provenance & [http://gforge.hl7.org/gf/download/docmanfileversion/8389/12449/FHIR%20Consent%20Directive%20Resource%20Suite.pptx Patient Friendly Language/FHIR CD] Update''' - Kathleen and Suzanne
 
# ''(10 min)'' '''Bringing SPO to SNOMED CT'''
 
# ''(10 min)'' '''Bringing SPO to SNOMED CT'''
# ''(10 min)'' '''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - Diane
+
# ''(10 min)'' '''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - Diana
 
# ''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/8410/12475/Question%20on%20the%20FHIR%20Security%20Event%20sensitivity%20wrt%20to%20Security%20Labels.docx Question on the FHIR Security Event sensitivity wrt to Security Labels]
 
# ''(10 min)'' [http://gforge.hl7.org/gf/download/docmanfileversion/8410/12475/Question%20on%20the%20FHIR%20Security%20Event%20sensitivity%20wrt%20to%20Security%20Labels.docx Question on the FHIR Security Event sensitivity wrt to Security Labels]
 
# ''(as time allows)''  '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion, ongoing agenda item
 
# ''(as time allows)''  '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion, ongoing agenda item
Line 69: Line 69:
 
==Meeting Minutes==
 
==Meeting Minutes==
 
'''Approval of meeting minutes'''
 
'''Approval of meeting minutes'''
Meeting minutes for [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14]
+
Meeting minutes for [http://wiki.hl7.org/index.php?title=October_14,_2014_Security_WG_Conference_Call October 14] unanimously approved.
(Unanimous approval)
+
 
 +
'''FHIM S&P Information Model''' - Galen and Kathleen
 +
 
 +
Galen Mulrooney presented a brief overview on the Federal Health Information Model (FHIM). Galen's intention is to move the modeling effort from the FHIM modeling team to the Security WG teleconferences, seeking Security's expertise on the code systems. John Moehrke requested that Galen create an itemized list of issues with the FHIM from which the Security WG can work.
 +
 
 +
'''Data Provenance & Patient Friendly Language/FHIR CD Update''' - Kathleen and Suzanne
 +
 
 +
Kathleen requested that Suzanne include the CBCC and Security WGs to the Thursday meeting with Paul Knapp at 4 p.m. Eastern.
 +
 
 +
Kathleen addressed the next steps for this portion of the project now that Paul has made the Contract Resource available on the FHIR continuous build site. These next steps include Kathleen's creation of four FHIR Consent Directive Profiles, all of which need proposals and new names (Kathleen has created placeholder names). The Contract Resource spreadsheet has 21 data elements that each need a consent directive. John Moehrke advised that individuals need to walk through the spreadsheet themselves and elaborate on the details.
 +
 
 +
'''Bringing SPO to SNOMED CT'''
 +
 
 +
The Security WG is currently lacking the resources to bring the SPO to SNOMED CT. Therefore, this activity is in a holding pattern for now.
 +
 
 +
'''PSS EHR, Privacy and Security Joint Vocabulary Alignment Project''' - Diana
 +
 
 +
The EHR Interoperability WG is still looking for an individual that can take the lead on this project. An invitation is out for members of the CBCC and Security WGs to lend their efforts to the project.
 +
 
 +
'''Question on the FHIR Security Event sensitivity with respect to Security Labels'''
 +
 
 +
John said: "Kathleen noticed that within the Security Event - a resource in FHIR that can be used for doing audit logging - when you describe an event and an object that was describing use of data, in the object description there is the sensitivity tag and it’s unclear, using today’s understanding of sensitivity, what one would do with this sensitivity value."
 +
 
 +
'''FHIR disposition''' - review/discussion, ongoing agenda item
 +
 
 +
No changes have been made. John looked at the “binary resources can be subverted for cross-site scripting” item, and says we need to craft a readable message and provide instructions on where the text should go, suggesting that all content pulled/pushed upon ingestion must be validated as being of the form expected. He wanted to know if Duane agreed or disagreed with this statement.
 +
 
 +
Meeting adjourned at 1800 PDT

Latest revision as of 18:35, 24 October 2014

Meeting Information

Back to Security Main Page

using GotoMeeting.com with ID of 667556909

Attendees

x Member Name x Member Name x Member Name x Member Name
x Mike DavisSecurity Co-chair x John MoehrkeSecurity Co-chair . Trish WilliamsSecurity Co-chair . Alexander Mense Security Co-chair
. Chris Clark x Johnathan ColemanCBCC Co-Chair x Kathleen Connor x Duane DeCouteau
. Reed Gelzer x Suzanne Gonzales-WebbCBCC Co-chair x Rick Grow . Ken Salyards
. Mohammed Jafari . Don Jorgenson x Galen Mulrooney . Amanda Nash
. Paul PetronelliMobile Health Security Co-chair x Diana Proud-Madruga . Harry Rhodes . Aaron Seib
. Ioana Singureanu . Walter Suarez . Tony Weida . Paul PetronellimHealth Co-chair
. Paul Knapp . Steve Hufnagel . Gary Dickinson . Tim McKay

Back to Security Main Page

Agenda DRAFT

  1. (05 min) Roll Call, October 14 Meeting Minutes
  2. (15 min) FHIM S&P Information Model - Galen and Kathleen
  3. (05 min) Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne
  4. (10 min) Bringing SPO to SNOMED CT
  5. (10 min) PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana
  6. (10 min) Question on the FHIR Security Event sensitivity wrt to Security Labels
  7. (as time allows) FHIR disposition - review/discussion, ongoing agenda item
  8. separate call/additional time for Security/Privacy DAM revision/update (January Informative ballot, Security-SOA ballot)
  9. (05 min) Other business, action items, and adjournment

Meeting Minutes

Approval of meeting minutes Meeting minutes for October 14 unanimously approved.

FHIM S&P Information Model - Galen and Kathleen

Galen Mulrooney presented a brief overview on the Federal Health Information Model (FHIM). Galen's intention is to move the modeling effort from the FHIM modeling team to the Security WG teleconferences, seeking Security's expertise on the code systems. John Moehrke requested that Galen create an itemized list of issues with the FHIM from which the Security WG can work.

Data Provenance & Patient Friendly Language/FHIR CD Update - Kathleen and Suzanne

Kathleen requested that Suzanne include the CBCC and Security WGs to the Thursday meeting with Paul Knapp at 4 p.m. Eastern.

Kathleen addressed the next steps for this portion of the project now that Paul has made the Contract Resource available on the FHIR continuous build site. These next steps include Kathleen's creation of four FHIR Consent Directive Profiles, all of which need proposals and new names (Kathleen has created placeholder names). The Contract Resource spreadsheet has 21 data elements that each need a consent directive. John Moehrke advised that individuals need to walk through the spreadsheet themselves and elaborate on the details.

Bringing SPO to SNOMED CT

The Security WG is currently lacking the resources to bring the SPO to SNOMED CT. Therefore, this activity is in a holding pattern for now.

PSS EHR, Privacy and Security Joint Vocabulary Alignment Project - Diana

The EHR Interoperability WG is still looking for an individual that can take the lead on this project. An invitation is out for members of the CBCC and Security WGs to lend their efforts to the project.

Question on the FHIR Security Event sensitivity with respect to Security Labels

John said: "Kathleen noticed that within the Security Event - a resource in FHIR that can be used for doing audit logging - when you describe an event and an object that was describing use of data, in the object description there is the sensitivity tag and it’s unclear, using today’s understanding of sensitivity, what one would do with this sensitivity value."

FHIR disposition - review/discussion, ongoing agenda item

No changes have been made. John looked at the “binary resources can be subverted for cross-site scripting” item, and says we need to craft a readable message and provide instructions on where the text should go, suggesting that all content pulled/pushed upon ingestion must be validated as being of the form expected. He wanted to know if Duane agreed or disagreed with this statement.

Meeting adjourned at 1800 PDT