This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "October 23, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 94: Line 94:
 
* Question: (John Moehrke)
 
* Question: (John Moehrke)
  
 +
 +
 +
'''Update to PASS Audit''' - Mike
 +
* No update
 +
 +
'''TF4FA Volume 3'''
 +
* No update
 +
 +
'''NIB to completed
 +
* Kathleen talking with Lynne regarding Volume 3
 +
** Note: Security WG has already voted to complete NIB
 +
 +
'''CUI Harmonization proposal'''
 +
* <<add link>> slide deck presented by Chris S on CUI PPT
 +
 +
(35:00?)
 
This is a US-Realm  
 
This is a US-Realm  
 
They don't know how to attach the label to an HL7 message.  This is what Kathleen has been working on. Per JohnM We have the labels and have the capability to attach the label--is this a celebration?
 
They don't know how to attach the label to an HL7 message.  This is what Kathleen has been working on. Per JohnM We have the labels and have the capability to attach the label--is this a celebration?
Line 105: Line 121:
 
* per Mike Health is a sub-category; Mike/Kathleen differ and will discuss offline
 
* per Mike Health is a sub-category; Mike/Kathleen differ and will discuss offline
  
 +
Review of Harmonization Proposal o
 
* location on ''RoseTree'' (under ActCode System); in SecurityPolicy we have the new codes ''Privacy Marks''
 
* location on ''RoseTree'' (under ActCode System); in SecurityPolicy we have the new codes ''Privacy Marks''
 
in Harmonization, Add Abstract Code PrivacyMark to ActCode System as a child of SecurityPolicy  
 
in Harmonization, Add Abstract Code PrivacyMark to ActCode System as a child of SecurityPolicy  
  
  
'''Update to PASS Audit''' - Mike
+
Request for initial Harmonization submission;  - Kathleen moves for approval of Harmonization Proposal PPT for initial submission
* No update
+
(Kathleen/Mike) Mike Seconds with theprovision - with clarification of category or subcategory is clarified), as mentioned before discussion will occur offline
 +
Vote: Objections: none; Abstnetions: none; Motion approved: <<add number>>
 +
 
 +
* Connectathon video link is above (Shown at the FHIR Connectathon/Baltimore WGM)
 +
 
 +
(50:00)
 +
Linke to presentation from Abigail Watson on their experience with Block Chain/FHIR as given at the Baltimore WGM
 +
Kathleen/John will be enhancing the FHIR Security Call so that alternatively weeks will focus on FHIR Connectathon capabilities of Security and Privacy in particular break glass of.... in support of moving maturity level up;
 +
* based on aviablity of time a new meeting time may be created (time-slot request may come to gather better time for participants)
 +
 
 +
streaming channel on data mining that was on today---ONC?  possibly on youtube.
 +
 
 +
Motion to adjorn.  Meeting adjorned at 12:59 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:59, 23 October 2018 (EDT)
 +
 
 +
 
 +
 
  
'''TF4FA Volume 3'''
 
* No update
 
  
'''NIB to completed
+
'''TF4FA Ballot Reconciliation'''
* Kathleen talking with Lynne regarding Volume 3
+
* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180918_sgw.xlsm Spreadsheet for 9/18]
** Note: Security WG has already voted to complete NIB
+
Reviewed Ballot comments: 129 - 161 for vote next week 10/23.
 +
*'''PASS Audit document update'''
 +
*'''Volume 3'''
 +
*'''Security WG 3 Year Plan'''
 +
*'''Securithy Confluence '''
 +
*'''FHIR Security Update'''
 +
*'''GDPR whitepaper on FHIR Update'''
  
'''CUI Harmonization proposal'''
 
* <<add link>> slide deck presented by Chris S on CUI PPT
 
  
 +
[[Security|Back to Security Main Page]]
  
* Connectathon video link is above (Shown at the FHIR Connectathon/Baltimore WGM)
 
  
  

Revision as of 19:59, 23 October 2018

Back to Security Main Page

Attendees

Back to Security Main Page

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Diana Proud-Madruga . Johnathan Coleman x Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Beth Pumo x Jim Kretz . Peter Bachman . Bo Dagnall
. [mailto: ] . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Review and Approval of Minutes
  3. (10 min) Review last block of TF4FA Vol 1 and 2 Ballot comments: 147 - 161 from TF4FA Recon call. Final vote on the last of the dispositions is scheduled for 10/30.
  4. (2 min)Update on revision of PASS Audit
  5. (5 min) TF4FA Trust Framework, Volume 3 - Update Mike
  6. (1 min) NOTE Need to get NIB done this week. Have to get HQ to set up NIB - Kathleen
  7. (15 min) CUI in Healthcare Background, history, general requirements, and implications for healthcare - Chris Shawn
  8. (15 min) CUI Harmonization Proposal - Kathleen
  9. (5 min) FHIR Security Update - John
    • Blockchain and FHIR use-cases as presented by Abigail Watson at the HL7 WGM. Link to the PDF version on their Google Drive. Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. link
    • FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - CarePlan scenario
  10. (5 min) GDPR whitepaper on FHIR Update - Alex

Back to Security Main Page

Meeting Materials

Introduction to Marking CUI (updated August 6, 2018) Introduction to Marking CUI (updated August 6, 2018) This video provides an overview of how to mark documents, emails, presentations, systems, and other files that contain CUI. It specifically addresses the designation indicator and the CUI banner marking, including the CUI control marking, CUI category markings, and Limited Dissemination Control Markings. It also discusses portion marking, the use of cover sheets, marking multi-page documents, and decontrolling CUI. NIST CUI Security Requirements Workshop 10/18/18 Everything you ever wanted to know about CUI

Meeting Minutes DRAFT

Chair, TBD Roll Taken, Agenda reviewed, updates made as requested

  • Reivew of October 16, 2018 Meeting Minutes
    • Motion to approve: (Suzanne/

JimK

    • objections: none; Abstentions: none; miutes approved: #

TF4FA Ballot Reconciliation


Update to PASS Audit - Mike

  • No update

TF4FA Volume 3

  • No update

NIB to completed

  • Kathleen talking with Lynne regarding Volume 3
    • Note: Security WG has already voted to complete NIB

CUI Harmonization proposal

  • <<add link>> slide deck presented by Chris S on CUI PPT

(35:00?) This is a US-Realm They don't know how to attach the label to an HL7 message. This is what Kathleen has been working on. Per JohnM We have the labels and have the capability to attach the label--is this a celebration? Mike: Sequoia project is redoing the DURSA and do not know how to attach the labels to the HL7 messages

  • kathleen - we have the framework and syntax to attach the labels to HL7 messages. in the meeting minutes we

In the CUI registry - there is a category setion 'category mark' and category help, their description is very broad (out of HIPAA) which is any kind of health information even through not all of it is discovered under HIPAA

  • "HLTH" - CUI/CategoryMarking/Limited Dissemination Control
    • things like no foreigner, only federal agencies only and the like; Kathleen doubts any agency adopting
  • per Mike: privacy marking should be privacy
    • Kathleen - its under privacy, but privacy is not a category... its an organizational group
  • per Mike Health is a sub-category; Mike/Kathleen differ and will discuss offline

Review of Harmonization Proposal o

  • location on RoseTree (under ActCode System); in SecurityPolicy we have the new codes Privacy Marks

in Harmonization, Add Abstract Code PrivacyMark to ActCode System as a child of SecurityPolicy


Request for initial Harmonization submission; - Kathleen moves for approval of Harmonization Proposal PPT for initial submission 

(Kathleen/Mike) Mike Seconds with theprovision - with clarification of category or subcategory is clarified), as mentioned before discussion will occur offline

Vote: Objections: none; Abstnetions: none; Motion approved: <<add number>>

  • Connectathon video link is above (Shown at the FHIR Connectathon/Baltimore WGM)

(50:00) Linke to presentation from Abigail Watson on their experience with Block Chain/FHIR as given at the Baltimore WGM Kathleen/John will be enhancing the FHIR Security Call so that alternatively weeks will focus on FHIR Connectathon capabilities of Security and Privacy in particular break glass of.... in support of moving maturity level up;

  • based on aviablity of time a new meeting time may be created (time-slot request may come to gather better time for participants)

streaming channel on data mining that was on today---ONC? possibly on youtube.

Motion to adjorn. Meeting adjorned at 12:59 Arizona Time --Suzannegw (talk) 15:59, 23 October 2018 (EDT)



TF4FA Ballot Reconciliation

Reviewed Ballot comments: 129 - 161 for vote next week 10/23.

  • PASS Audit document update
  • Volume 3
  • Security WG 3 Year Plan
  • Securithy Confluence
  • FHIR Security Update
  • GDPR whitepaper on FHIR Update


Back to Security Main Page





TF4FA Ballot Reconciliation

Reviewed Ballot comments: 129 - 161 for vote next week 10/23.

  • PASS Audit document update
  • Volume 3
  • Security WG 3 Year Plan
  • Securithy Confluence
  • FHIR Security Update
  • GDPR whitepaper on FHIR Update


Back to Security Main Page

Retrieved from "https://wiki.hl7.org/w/index.php?title=October_23,_2018_Security_Conference_Call&oldid=162809"