This wiki has undergone a migration to Confluence found Here

Difference between revisions of "October 23, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by 2 users not shown)
Line 8: Line 8:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''  
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''  
 
|-
 
|-
||  .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
+
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 
|-.
 
|-.
||  .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
+
||  x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
 
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:mike.davis@va.gov Mike Davis]
 
||||x|| [mailto:mike.davis@va.gov Mike Davis]
||||x|| [mailto:david.staggs@bookzurman.com David Staggs]
+
||||.|| [mailto:david.staggs@bookzurman.com David Staggs]
 
   
 
   
 
|-
 
|-
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
+
||||.|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy]
+
||||.|| [mailto:joe.lamy@aegis.net Joe Lamy]
 
|-
 
|-
||  .|| [mailto:rhonna.clark@va.gov Rhonna Clark]
+
||  .|| [mailto:acg.internasjonal@protonmail.com Theresa Ardal Connor]
 
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
 
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
 
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
 
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
+
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
 
||. || [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||. || [mailto:Beth.Pumo@kp.org Beth Pumo]
Line 34: Line 34:
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
 
|-
 
|-
||    .|| [mailto:  ]
+
 
||||.|| [mailto:  ]
 
||||.|| [mailto:  ]
 
||||.|| [mailto:  ]
 
|-
 
 
|-
 
|-
 
|}
 
|}
Line 52: Line 48:
 
#''(2 min)'''''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit]'''
 
#''(2 min)'''''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit]'''
 
#''(5 min)'' '''TF4FA Trust Framework, Volume 3''' - Update Mike  
 
#''(5 min)'' '''TF4FA Trust Framework, Volume 3''' - Update Mike  
#''(1 min)'' '''NOTE Need to get NIB done this week.''' Have to get HQ to set up NIB - Kathleen
+
#''(1 min)'' '''NOTE Need to get <<add project name>> NIB done this week.''' Have to get HQ to set up NIB - Kathleen
 
#''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/CUI%20in%20Healthcare.pptx CUI in Healthcare]''' Background, history, general requirements, and implications for healthcare - Chris Shawn
 
#''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/CUI%20in%20Healthcare.pptx CUI in Healthcare]''' Background, history, general requirements, and implications for healthcare - Chris Shawn
#''(15 min)'' '''CUI Harmonization Proposal''' - Kathleen
+
#''(15 min)'' '''Controlled Unclassified Information (CUI) Harmonization Proposal''' - Kathleen
 
#''(5 min)'' '''FHIR Security Update''' - John
 
#''(5 min)'' '''FHIR Security Update''' - John
#*  Blockchain and FHIR use-cases as presented by Abagail Watson at the HL7 WGM. Link to the PDF version on their Google Drive.  Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. [https://drive.google.com/file/d/1nejDmLo_LJkSnSvwGplL_uv7zDGXo9CG/view?usp=sharing link]
+
#*  Blockchain and FHIR use-cases as presented by Abigail Watson at the HL7 WGM. Link to the PDF version on their Google Drive.  Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. [https://drive.google.com/file/d/1nejDmLo_LJkSnSvwGplL_uv7zDGXo9CG/view?usp=sharing link]
#* FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - CarePlan scenario  
+
#* FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - Care Plan scenario  
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex
 
#''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex
  
Line 80: Line 76:
  
 
==Meeting Minutes DRAFT==
 
==Meeting Minutes DRAFT==
Chair, TBD
+
Chair, Chris Shawn
 
Roll Taken, Agenda reviewed, updates made as requested
 
Roll Taken, Agenda reviewed, updates made as requested
*Motion to approve 9/18 meeting minutes
 
*Move / Second 0-0-0
 
'''TF4FA Ballot Reconciliation'''
 
* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180918_sgw.xlsm Spreadsheet for 9/18]
 
Reviewed Ballot comments: 129 - 161 for vote next week 10/23.
 
*'''PASS Audit document update'''
 
*'''Volume 3'''
 
*'''Security WG 3 Year Plan'''
 
*'''Securithy Confluence '''
 
*'''FHIR Security Update'''
 
*'''GDPR whitepaper on FHIR Update'''
 
No additional discussion items brought forward
 
Meeting adjourned at 1258? --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 21:55, 19 September 2018 (EDT)
 
  
[[Security|Back to Security Main Page]]
+
* Review and vote for approval of [[http://wiki.hl7.org/index.php?title=October_16,_2018_Security_Conference_Call October 16, 2018] Meeting Minutes
 +
**Motion to approve: (Suzanne/JimK)
 +
**Vote: objections: none; Abstentions: none; Minutes approved: 8
 +
 
 +
'''TF4FA Ballot Reconciliation'''
 +
* Finished the last few of ballot comments on the spreadsheet (sans one or two); we will send the link out for the group to review the handful completed.  Vote will occur at this meeting next week.
 +
* ChrisS will send link to ballot reconciliation sheet/information to Kathleen to add to the minutes
 +
* Ballot Reconciliation Sheet completed 10/23:  https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20181023_sgw.xlsm
 +
 
 +
 
 +
'''Update to PASS Audit''' - Mike
 +
* No update
 +
 
 +
'''TF4FA Volume 3''' - Mike
 +
* No update
 +
 
 +
'''TF4FA Volume 3 NIB to completed'''
 +
* Kathleen talking with Lynne at HL7 office regarding Volume 3 to post NIB
 +
** Note: Security WG has already voted to complete NIB
 +
 
 +
'''CUI Harmonization Proposal''' - Kathleen
 +
* <<add link>> slide deck presented by ChrisS on CUI PPT
 +
** ''presented to level-set for those not familiar to CUI''
 +
** applications currently CUI are directed toward 'paper'
 +
 
 +
* 'The so-what about CUI is this is a US-Realm requirement---they don't know how to attach the label to an HL7 message. they need a mechanism to leverage our existing labels, this is what Kathleen has been working on. Per JohnM We have the labels and have the capability to attach the label--is this a celebration, that we're ahead of the curve?
 +
* Mike: Sequoia project is redoing the DURSA and do not know how to attach the labels to the HL7 messages.  Per John, the Sequoia specification explains how to do this.
 +
 
 +
 
 +
 
 +
Review of Harmonization Proposal
 +
'' '''In today's meeting materials section are several materials for CUI'' '''
 +
* Kathleen - we have the framework and syntax to attach the labels to HL7 messages. In the CUI registry - there is a category section 'category mark' and category help, their description is very broad (out of HIPAA) which is any kind of health information even though not all of it is discovered under HIPAA
 +
**"HLTH" - CUI/CategoryMarking/Limited Dissemination Control
 +
**things like no foreigner, only federal agencies only and the like; Kathleen doubts any agency adopting
 +
* per Mike: category marking should be ''privacy'' Health is a sub-category
 +
** Kathleen - I checked that, its under privacy, but privacy is not a category in the same sense, it’s an organizational grouping
 +
* per Mike Health is a sub-category; Mike/Kathleen differ and will discuss offline
 +
* location on ''RoseTree'' (under ActCode System); in SecurityPolicy we have the new codes ''Privacy Marks''
 +
in Harmonization, Add Abstract Code PrivacyMark to ActCode System as a child of SecurityPolicy
 +
 
 +
'''Request for Approval of Harmonization (Initial submission)'''
 +
* Kathleen made motion for approval of Harmonization Proposal PPT for initial submission as presented
 +
(Kathleen/Mike) Note: Mike Seconds with the motion, with clarification of category or subcategory is clarified), as mentioned before discussion will occur offline
 +
Vote: Objections: none; Abstentions: none; Motion approved: 8
 +
 
 +
* Connectathon video link is above (Shown at the FHIR Connectathon/Baltimore WGM)
 +
 
 +
'''Block Chain / FHIR Presentation''' (presented by Abigail Watson, Baltimore WGM)
 +
* Link added for presentation from Abigail Watson on their experience with Block Chain/FHIR as given at the Baltimore WGM
 +
 
 +
'''FHIR Security Call'''
 +
* Kathleen/John will be enhancing the FHIR Security Call so that alternative weeks will focus on FHIR Connectathon use of Privacy and Security capabilities in particular Care Plan, with break glass in support of moving maturity level up;
 +
* based on availability of time a new meeting time may be created (time-slot request may come to gather better time for participants)
 +
 
 +
Kathleen mention of webinar/streaming channel on data mining out of ONC?  possibly on YouTube / unsure if recorded
 +
 
 +
Motion to adjourn.  Meeting adjourned at 12:59 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:59, 23 October 2018 (EDT)

Latest revision as of 22:09, 29 October 2018

Back to Security Main Page

Attendees

Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui . Joe Lamy
. Theresa Ardal Connor . Greg Linden . Grahame Grieve . Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes
  3. (10 min) Review last block of TF4FA Vol 1 and 2 Ballot comments: 147 - 161 from TF4FA Recon call. Final vote on the last of the dispositions is scheduled for 10/30.
  4. (2 min)Update on revision of PASS Audit
  5. (5 min) TF4FA Trust Framework, Volume 3 - Update Mike
  6. (1 min) NOTE Need to get <<add project name>> NIB done this week. Have to get HQ to set up NIB - Kathleen
  7. (15 min) CUI in Healthcare Background, history, general requirements, and implications for healthcare - Chris Shawn
  8. (15 min) Controlled Unclassified Information (CUI) Harmonization Proposal - Kathleen
  9. (5 min) FHIR Security Update - John
    • Blockchain and FHIR use-cases as presented by Abigail Watson at the HL7 WGM. Link to the PDF version on their Google Drive. Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. link
    • FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - Care Plan scenario
  10. (5 min) GDPR whitepaper on FHIR Update - Alex

Back to Security Main Page

Meeting Materials

Introduction to Marking CUI (updated August 6, 2018) Introduction to Marking CUI (updated August 6, 2018) This video provides an overview of how to mark documents, emails, presentations, systems, and other files that contain CUI. It specifically addresses the designation indicator and the CUI banner marking, including the CUI control marking, CUI category markings, and Limited Dissemination Control Markings. It also discusses portion marking, the use of cover sheets, marking multi-page documents, and decontrolling CUI. NIST CUI Security Requirements Workshop 10/18/18 Everything you ever wanted to know about CUI

Meeting Minutes DRAFT

Chair, Chris Shawn Roll Taken, Agenda reviewed, updates made as requested

  • Review and vote for approval of [October 16, 2018 Meeting Minutes
    • Motion to approve: (Suzanne/JimK)
    • Vote: objections: none; Abstentions: none; Minutes approved: 8

TF4FA Ballot Reconciliation


Update to PASS Audit - Mike

  • No update

TF4FA Volume 3 - Mike

  • No update

TF4FA Volume 3 NIB to completed

  • Kathleen talking with Lynne at HL7 office regarding Volume 3 to post NIB
    • Note: Security WG has already voted to complete NIB

CUI Harmonization Proposal - Kathleen

  • <<add link>> slide deck presented by ChrisS on CUI PPT
    • presented to level-set for those not familiar to CUI
    • applications currently CUI are directed toward 'paper'
  • 'The so-what about CUI is this is a US-Realm requirement---they don't know how to attach the label to an HL7 message. they need a mechanism to leverage our existing labels, this is what Kathleen has been working on. Per JohnM We have the labels and have the capability to attach the label--is this a celebration, that we're ahead of the curve?
  • Mike: Sequoia project is redoing the DURSA and do not know how to attach the labels to the HL7 messages. Per John, the Sequoia specification explains how to do this.


Review of Harmonization Proposal In today's meeting materials section are several materials for CUI

  • Kathleen - we have the framework and syntax to attach the labels to HL7 messages. In the CUI registry - there is a category section 'category mark' and category help, their description is very broad (out of HIPAA) which is any kind of health information even though not all of it is discovered under HIPAA
    • "HLTH" - CUI/CategoryMarking/Limited Dissemination Control
    • things like no foreigner, only federal agencies only and the like; Kathleen doubts any agency adopting
  • per Mike: category marking should be privacy Health is a sub-category
    • Kathleen - I checked that, its under privacy, but privacy is not a category in the same sense, it’s an organizational grouping
  • per Mike Health is a sub-category; Mike/Kathleen differ and will discuss offline
  • location on RoseTree (under ActCode System); in SecurityPolicy we have the new codes Privacy Marks

in Harmonization, Add Abstract Code PrivacyMark to ActCode System as a child of SecurityPolicy

Request for Approval of Harmonization (Initial submission)

  • Kathleen made motion for approval of Harmonization Proposal PPT for initial submission as presented

(Kathleen/Mike) Note: Mike Seconds with the motion, with clarification of category or subcategory is clarified), as mentioned before discussion will occur offline Vote: Objections: none; Abstentions: none; Motion approved: 8

  • Connectathon video link is above (Shown at the FHIR Connectathon/Baltimore WGM)

Block Chain / FHIR Presentation (presented by Abigail Watson, Baltimore WGM)

  • Link added for presentation from Abigail Watson on their experience with Block Chain/FHIR as given at the Baltimore WGM

FHIR Security Call

  • Kathleen/John will be enhancing the FHIR Security Call so that alternative weeks will focus on FHIR Connectathon use of Privacy and Security capabilities in particular Care Plan, with break glass in support of moving maturity level up;
  • based on availability of time a new meeting time may be created (time-slot request may come to gather better time for participants)

Kathleen mention of webinar/streaming channel on data mining out of ONC? possibly on YouTube / unsure if recorded

Motion to adjourn. Meeting adjourned at 12:59 Arizona Time --Suzannegw (talk) 15:59, 23 October 2018 (EDT)