This wiki has undergone a migration to Confluence found Here

Difference between revisions of "Security"

From HL7Wiki
Jump to navigation Jump to search
 
(669 intermediate revisions by 11 users not shown)
Line 1: Line 1:
=Leadership=
+
<div style="background-color: white; border: 1px solid red; margin: 4px; padding: 2px; font-weight: bold; text-align: center;">
* [mailto:bernd.blobel@klinik.uni-regensburg.de Bernd Blobel PhD] - HL7 Germany
+
Current Content related to this page can be found on Confluence [https://confluence.hl7.org/display/SEC/Security+Work+Group Here]</div>
* [mailto:mike.davis@va.gov Mike Davis] - U.S. Department of Veterans Affairs
 
* [mailto:john.moehrke@med.ge.com John Moehrke] - GE Healthcare IT
 
  
==Governance==
+
{| {{table}}
# ''Security ''Decision Making Processes
+
{| border="10"
# Security Mission Statement
+
| align="center" width="200pt" style="background:#f0f0f0;"|'''Leadership'''
# Security SWOT
+
| align="center" width="200pt" style="background:#f0f0f0;"|'''Governance'''
 +
| align="center" width="200pt" style="background:#f0f0f0;"|'''Weekly_Meeting_Information'''
 +
|-
 +
|-valign="top"
 +
|
 +
[mailto:mense@technikum-wien.at Alexander Mense] - Program Director Information Management und IT-Security University of Applied Sciences Technikum Wien
  
=Security Project Space=
+
[mailto:kathleen_connor@comcast.net Kathleen Connor] - VHA Security Architecture – Framework Engineering (Book Zurman Inc.)
* [[Security & CBCC Work Group Response to Meaningful Use IFR]]
+
 
* Issue tracking, releases, documentation available at: [http://hl7projects.hl7.nscee.edu/projects/security/ HL7 Homebase Project]
+
[mailto:JohnMoehrke@gmail.com John Moehrke] - By-Light Professional IT Services, Inc
* [http://gforge.hl7.org/gf/project/security/ Security G-Forge site]
+
 
* Web page: [http://www.hl7.org/Special/committees/secure/index.cfm Security Working Group Web Page]
+
[mailto:patricia.williams@flinders.edu.au Trish Williams PhD] - Flinders University 
* [[Cookbook for Security Considerations]] - Instructions for HL7 standards authors and workgroup members
+
 
*Security and Privacy Ontology Project - [http://wiki.hl7.org/index.php?title=Security_and_Privacy_Ontology#Draft_Ontology Weekly updates to the draft Security & Privacy Ontology]
+
[mailto:Christopher.Shawn2@va.gov Christopher Shawn] - VHA Security Architecture
 +
 
 +
||
 +
[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20WG%20Administrative%20Documents/Security%20WG%20Mission%20and%20Charter/2017%20HL7%20Security%20WG%20Mission%20and%20Charter%20v4.doc Security Mission & Charter 2017]
 +
 
 +
[http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20WG%20Administrative%20Documents/May%202017%20Madrid%20Admin/Security%20HL7%20WG%20DMP%20V6.0%202017.docx Security Decision Making Processes 2017]
 +
 
 +
[http://www.hl7.org/documentcenter/public/wg/secure/HL7%20Security%20SWOT%20Sep%202016.doc SWOT Sep 2016]
 +
 
 +
[[Security 3-Year Plan]]  
 +
 
 +
[http://www.hl7tsc.org/wiki/index.php?title=Foundation_%26_Technology_Steering_Division_Home Infrastructure Steering Division Home]
  
 +
[[Relevant HL7 Policies and Procedures]]
  
==Schedule==
+
[https://confluence.hl7.org/display/SEC/Security+Work+Group Security Confluence]
 +
||
  
Weekly, Tuesday at 1 pm EST '''(10 am PST)'''
+
Weekly, '''Tuesday at 3 pm EST''' (12 pm PST)  
* Meeting - Audio and Web Meeting Access Information:  
+
Beginning March 28 -   [https://join.freeconferencecall.com/security36 Security WG FreeConference web meeting]
  Conference Audio: '''770-657-9270,''' Access: '''845692 '''
+
* [https://www.freeconferencecall.com/join/security36 Online Meeting Link]
  (''US Callers may also use: 888-321-4501'')
+
* Dial-in Number: (515) 604-9567 Access Code: 880898
 
  '' '''A new meeting link has been sent to the Security WG listserve. Thank you.''' ''
 
Join the meeting (copy and paste link):  meet:sip:Suzanne.Gonzales-Webb@va.gov;gruu;opaque=app:conf:focus:id:3fbd1ba55ee74219abd26892264ddef6%3Fconf-key=7536
 
  
Make sure the Office Live Meeting client is installed before the meeting:
+
Call Weekly Call Agenda Links below on this home page.
* [http://vaww.cis.va.gov/sites/ocs/default.aspx I am connecting from inside the Corporation network]
+
''' ''Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes'' '''
* [http://r.office.microsoft.com/r/rlidOCSR2?clid=1033&p1=livemeeting I am connecting from outside the Corporation network]
+
|}
  
  
 +
[[Category:Foundation_and_Technology_Steering_Division]]
 +
[http://www.hl7tsc.org/wiki/index.php?title=Foundation_%26_Technology_Steering_Division_Home Foundation and Technology Steering Division Home Page]
 
[[Category:Work_Group]]
 
[[Category:Work_Group]]
  
==Upcoming Security Calendar==
+
==Security WGM Calendar and Minutes==
 +
===January 2019 WGM San Antonio===
 +
* Confluence [https://confluence.hl7.org/pages/viewpage.action?pageId=39159947&src=contextnavpagetreemode January 2019 Security WGM Agenda/Minutes/Attendance] - DRAFT
 +
* Wiki [[January 2019 Security Working Group Meeting Agenda - San Antonio]] - DRAFT
  
==Minutes and Agenda==
+
====Previous WGM Links:====
  
'''AGENDA: [[May 2012 Working Group Meeting - Vancouver, Canada | May 2012 - Working Group Meeting - Vancouver]]'''
+
*[http://www.hl7.org/documentcenter/public_temp_F0279555-1C23-BA17-0C0C093F748E646F/schedules/balloting_schedule/January%202019%20Balloting%20Schedule.pdf January 2019 Balloting Schedule]
 +
*[[September 2018 Security Working Group Meeting Agenda - Baltimore]]
 +
*[[September 2018 Security Working Group Meeting Agenda- Baltimore (DRAFT)]]
 +
*[http://wiki.hl7.org/index.php?title=HL7_September_2018_WGM_MINUTES HL7 September 2018 WGM MINUTES - Baltimore final]
  
 +
===[[Security FHIR Connectathons]]===
  
Per April 24 meeting discussion, the ''May 1,'' ''May 8'' and ''May 15'' Security WG teleconference meetings have been cancelled. '''The next Security Working Group Conference Call will be on MAY 29th.'''
+
==Security WG Weekly Meeting Minutes and Agenda==
* [[April 24, 2012 Security Working Group Conference Call]]
 
* [[April 17, 2012 Security Working Group Conference Call]]
 
* [[April 10, 2012 Security Working Group Conference Call]]
 
* April 3, 2012 Security Working Group Conference Call - cancelled
 
* [[March 27, 2012 Security Working Group Conference Call]]
 
* March 20, 2012 Security Working Group Conference Call - Meeting Cancelled
 
* [[March 13, 2012 Security Working Group Conference Call]]
 
* [[March 6, 2012 Security Working Group Conference Call]]
 
* [[February 28th, 2012 Security Working Group Conference Call]]
 
* [[February 21st, 2012 Security Working Group Conference Call]]
 
* [[February 14th, 2012 Security Working Group Conference Call]]
 
* [[February 7th, 2012 Security Working Group Conference Call]]
 
* [[January 24th, 2012 Security Working Group Conference Call]]
 
* '''[http://wiki.hl7.org/index.php?title=January_2012_Working_Group_Meeting_-_San_Antonio,_TX,_USA_-_Security_WG_Agenda January 2012 WGM San Antonio]'''  ''January 15-20, 2012''
 
* [[January 9th, 2012 Security Working Group Conference Call]]
 
* [[January 3rd, 2012 Security Working Group Conference Call]]
 
 
===Meeting Archive===
 
* '''2012 Meeting Minutes''' (placeholder)
 
** '''[http://wiki.hl7.org/index.php?title=January_2012_Working_Group_Meeting_-_San_Antonio,_TX,_USA_-_Security_WG_Agenda January 2012 Working Group Meeting - San Antonio, Texas USA]'''
 
  
* '''2011 Meeting Minutes - [[2011 Security Conference Call - ARCHIVE]]'''
+
* [https://confluence.hl7.org/display/SEC/2019-01-08+Security+Meeting+Conference+Call+Agenda Security Conference Call, January 8, 2019] Meeting Agenda and Minutes are now located on Confluence!! 
** September 2011 Working Group Meeting - San Diego, California USA
+
** Please do not forget to sign-up for a Confluence Account!!
** [[May 2011 Working Group Meeting - Orlando, Florida USA, Security WG Agenda]] '''DRAFT'''
+
** Link to request an account for Jira/Confluence, https://confluence.hl7.org/#space-menu-link-content  If you have an account for other Work Groups, you do not need to request a new account.
** [[January 2011 Working Group Meeting - Sydney, Australia]] AGENDA
 
  
* '''2010 Meeting Minutes - [[2010 Security Conference Call - ARCHIVE]]''' to October 2010
+
* Calls cancelled for holidays until January 8, 2019
** [[October 2010 Working Group Meeting - Cambridge/Boston, Massachusetts USA, Security WG Agenda]]  
+
* [[December 11, 2018 Security Conference Call]]
** '''[http://wiki.hl7.org/index.php?title=May_2010_Security_Working_Group_Meeting_-_Rio_de_Janeiro May 2010 Working Group Meeting - Rio de Janeiro, Security WG Agenda]'''
+
* [[December 4, 2018 Security Conference Call]]
 +
* [[November 27, 2018 Security Conference Call]]
 +
* [[November 20, 2018 Security Conference Call]]
 +
* [[November 13, 2018 Security Conference Call]]
 +
* [[November 6, 2018 Security Conference Call]]
 +
* [[October 30, 2018 Security Conference Call]]
 +
* [[October 23, 2018 Security Conference Call]]
 +
* [[October 16, 2018 Security Conference Call]]
 +
* Calls cancelled to prepare for, attend, and do follow up to September Baltimore WGM Sept 28 - October 5
 +
* [[September 18, 2018 Security Conference Call]]
 +
* [[September 11, 2018 Security Conference Call]]
 +
* [[September 4, 2018 Security Conference Call]]
 +
* [[August 28, 2018 Security Conference Call]]
 +
* [[August 21, 2018 Security Conference Call]]
 +
* [[August 14, 2018 Security Conference Call]]
 +
* [[August 07, 2018 Security Conference Call]]
  
* '''2009 Meeting Minutes - [[2009 Security Conference Call - ARCHIVE]]''' to December 2009
 
* '''2008 Meeting Minutes - [[2008 Security Conference Call - ARCHIVE]]'''
 
  
  [[Security WG Meeting Minutes Template]]
+
*[[Security WG Meeting Minutes Template]]
  
[[Security|Back to Meetings]]
+
==[[Archive - Security WG WGM and Weekly Meeting Minutes and Agenda]]==
 +
===[http://wiki.hl7.org/index.php?title=HL7_FHIR_security_topics HL7 FHIR Security Calls]===
  
=='''Action Item List'''==
+
=Security Project Space=
 +
=='''HL7 Security Review and Comment Topics'''==
 +
===[[GDPR (General Data Protection Regulation)]]===
 +
===''[["Is Privacy Obsolete" Study Group Page"]]''===
 +
===[[HL7 Kantara and OASIS X-Paradigm Research by Mohammad Jafari]]===
 +
Features papers and blogs were developed to encourage collaborative development across several standards supporting emerging healthcare privacy and security use cases.
 +
===''[[ONC Interoperability Standards Advisory 2018 Review and Comment Page]]''===
 +
===''[[ONC Trusted Exchange Common Agreement Framework Comments Page]]''===
 +
*Links for ONC Trusted Exchange Common Agreement Kick Off
 +
**[https://www.healthit.gov/21st-century-cures-act-trusted-exchange-and-common-agreement-tfca-kick-meeting-1 Presentation Recordings]
 +
**[https://www.healthit.gov/sites/default/files/july24trustedexchangeframework.pdf ONC Trusted Exchange Common Agreement deck]
 +
*[https://oncprojectracking.healthit.gov/wiki/display/INTEROP/Common+Agreement+and+Exchange+Framework 21st Century Cures Act Trusted Exchange Framework and Common Agreement Public Comment Submission site]
 +
*Comments due Aug. 25
 +
===[[FHIR Bulk Data Transfer Privacy and Security Concerns]]===
 +
===[[FHIR Consumer Centered Data Exchange (CCDE) Connectathon]]===
 +
*[http://wiki.hl7.org/index.php?title=September_2018_Baltimore_CCDE_Connectathon_Track_4 201809 Integrated Care Plan, Clinical Decision Support and Consumer Mediated Exchange tracks]
 +
*[http://wiki.hl7.org/index.php?title=June_2018_MiHIN_Consumer_Mediated_Exchange_(CME)_Connectathon_Track_3 MIHIN June 2018 Consumer Mediated Exchange Connectathon Track 3]
 +
*[[January 2018 New Orleans CCDE Connectathon Track 2]]
 +
*[[September 2017 San Diego CCDE Connectathon Track 1]]
  
==Documents==
+
===[[HL7 Version 2 Privacy and Security]]===
* [http://www.hl7.org/documentcenter/public/harmonization/2011Nov/final/2011Nov_HARM_FINALPROPOSAL_VOCAB_SECURE_ioana_singureanu_Confidentiality%20Codes_20111028165539.docx Final Refactored Confidentiality Codes Harmonization Proposal]
 
* [http://www.hl7.org/documentcenter/public/harmonization/2011Nov/final/2011Nov_HARM_FINALPROPOSAL_VOCAB_SECURE_ioana_singureanu_ActPolicyType_20111028165614.docx Final Act Policy Type Harmonization Proposal]
 
* [http://gforge.hl7.org/gf/download/docmanfileversion/6524/8834/HL7PublicationRequestfortheSecurityandPrivacyDAMDSTU.doc HL7 Publication Request for the Security and Privacy DAM DSTU]
 
* [http://gforge.hl7.org/gf/project/security/scmsvn/?action=browse&path=%2Ftrunk%2FSecurity%2520Domain%2520Analysis%2Fdocs%2FMay_2010_Security_DAM_DSTU_v1_r2%2FComposite%2520Security%2520and%2520Privacy%2520DAM%2520v1_r2%2520Post%2520Ballot%2520Reconciliation.zipx&view=log Composite Security and Privacy Domain Analysis Model v1_r2 (post 2010May ballot reconciliation)]
 
* Decision Making Practices (TBD)
 
* [[Requirement Analysis]]
 
** [[Security Use Cases]]
 
** [[Role-Based Access Control (RBAC) Use Cases]]
 
** [http://www.hl7.org/v3ballot/html/infrastructure/security/security_glossary.htm Security Glossary] HL7 2008(c), Version 3 Std
 
* [http://gforge.hl7.org/gf/project/security/docman/ Documents on HL7 Project Homebase] aka HL7 GForge
 
** [http://www.hl7.org/v3ballot2009sep/html/infrastructure/security/security.htm Role Based Access Control (RBAC) Role Engineering Overview, N1 Sept 2009 HL7 baltot site]
 
**[http://gforge.hl7.org/gf/download/docmanfileversion/4679/5772/2009SeptemberBallot_HL7_RBAC_Healthcare_Permission_Catalog_v4.00.docx HL7 RBAC Permission Catalog]
 
** [http://www.hl7.org/v3ballot2009sep/html/infrastructure/security/2009HL7SeptemberBallot_RBAC_Constraint_Catalog_v1.36.pdf HL7 RBAC Constraint Catalog]
 
**[http://gforge.hl7.org/gf/project/security/docman/?subdir=105 HL7 RBAC Role Engineering Process (supporting data)]
 
** [http://hl7projects.hl7.nscee.edu/docman/view.php/59/331/2008.08.01%20ANALYSIS%20SNOMED%20CT%20to%20RBAC%20Permission%20Catalog.xls HL7 RBAC Permission Catalog mapping to SNOMED CT (initial)]
 
** [http://hl7projects.hl7.nscee.edu/docman/view.php/59/937/ArtifactProcessRBAC_mapping.xls HL7 RBAC Permission Catalog mapping to SNOMED CT II]
 
**[http://wwwi.wu-wien.ac.at/home/mark/publications/sacmat02.pdf A Scenario driven Role Engineering Process for Functional RBAC Roles] ('''RBAC Reference''') ''G. Neumann and M. Strembeck'' A Scenario-driven Role Engineering Process for Functional RBAC Roles, proc. of the 7th ACM Symposium on Access Control Models and Technologies, pp 33-42, 2002
 
  
* [[Cookbook for Security Considerations]]-Instructions for HL7 standards editors and workgroups
+
=='''[[Archive of HL7 Security Review and Comment Topics]]'''==
* [http://www.hl7.org/documentcenter/ballots/2009may/downloads/V3_OIDS_R1_I2_2009MAY.zip HL7 Document on OIDS from May 2009 ballot]
+
=='''Approved Security WG Projects'''==
* [http://gforge.hl7.org/gf/project/security/docman/?subdir=137 Draft Security DAM Diagram]
+
==[http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF) Privacy and Security Framework Architecture (PSAF), ''' ''TF4FA Ballot Reconciliation''' '']==
* [http://gforge.hl7.org/gf/project/security/docman/?subdir=137 Security DAM use cases and their representation in the class diagram]
+
* latest [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202018/PSAF%20TF4FA%20May%202018%20Reconciliation/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated.xls Ballot Reconciliation Sheet]
* [http://gforge.hl7.org/gf/download/docmanfileversion/5358/6693/SecurityDAMValueSets.xlsx DRAFT Security DAM Value Sets - US Realm] 12/01/2009
+
* <<add link>> Ballot Document
 +
==[[PASS Healthcare Audit Services]] Project==
 +
* [<<add link>> Ballot Reconciliation Sheet]
 +
* <<add link>> Ballot Document
  
==Approved Projects==
+
===[http://wiki.hl7.org/index.php?title=HL7_FHIR_security_topics HL7 FHIR Security Topics (wiki page)]]===
 +
===[[HL7 Patient Friendly Consent Directive Project]]===
 +
===[[Trust Label]]===
 +
===[[Security Labeling Service Project|Security Labeling Service Project Wiki]]===
 +
===[[Healthcare Privacy and Security Classification System]]===
 +
===[[Security and Privacy Ontology|Security and Privacy Ontology Project Wiki]]===
 +
===[[HL7 DS4P CBCC-Security WG Joint Project]]===
  
*[[Security and Privacy Ontology|Security and Privacy Ontology Project Wiki]]
+
*[http://hl7projects.hl7.nscee.edu/docman/view.php/52/49/RBAC%20Privacy%20and%20Authorization%20Terminology%20Project%20Scope%20Statement%20v0%202.doc RBAC Privacy and Authorization Terminology Project Scope Statement v0 2.doc] joint with [[Community-Based Collaborative Care]]
* [http://hl7projects.hl7.nscee.edu/docman/view.php/52/49/RBAC%20Privacy%20and%20Authorization%20Terminology%20Project%20Scope%20Statement%20v0%202.doc RBAC Privacy and Authorization Terminology Project Scope Statement v0 2.doc] joint with [[Community-Based Collaborative Care]]
+
**[http://healthlevelseven.projectinsight.net/Content/Folders/FolderDisplay.aspx?Id=167add16c33a41968e70be6e22d8d807&ReturnUrl=/Content/Folders/FolderDisplay.aspx%3FId%3Dddbc44e93a52422089595248f65bc993%26ReturnUrl%3D%252fContent%252fFolders%252fFolderDisplay.aspx%253fId%253dddbc44e93a52422089595248f65bc993%2526ReturnUrl%253d%25252fContent%25252fFolders%25252fFolderDisplay.aspx%25253fId%25253dddbc44e93a52422089595248f65bc993%252526ReturnUrl%25253d%2525252fContent%2525252fFolders%2525252fFolderDisplay.aspx%252526_sx%25253d0%252526_sy%25253d0%2526_sx%253d0%2526_sy%253d0%26_sx%3D0%26_sy%3D0 Project Insight - Project Plan]
** [http://healthlevelseven.projectinsight.net/Content/Folders/FolderDisplay.aspx?Id=167add16c33a41968e70be6e22d8d807&ReturnUrl=/Content/Folders/FolderDisplay.aspx%3FId%3Dddbc44e93a52422089595248f65bc993%26ReturnUrl%3D%252fContent%252fFolders%252fFolderDisplay.aspx%253fId%253dddbc44e93a52422089595248f65bc993%2526ReturnUrl%253d%25252fContent%25252fFolders%25252fFolderDisplay.aspx%25253fId%25253dddbc44e93a52422089595248f65bc993%252526ReturnUrl%25253d%2525252fContent%2525252fFolders%2525252fFolderDisplay.aspx%252526_sx%25253d0%252526_sy%25253d0%2526_sx%253d0%2526_sy%253d0%26_sx%3D0%26_sy%3D0 Project Insight - Project Plan]
 
 
* [http://gforge.hl7.org/gf/project/cbcc/scmsvn/?action=browse&path=%2Ftrunk%2FCDA%2520Implementation%2520Guide%2Fdocs%2FCDAR2_CD_IG%2520_D2_2010MAY.pdf&view=log CDA R2 Implementation Guide for Privacy Consent Directives May 2010] joint with [[Community-Based Collaborative Care]]
 
* [http://gforge.hl7.org/gf/project/cbcc/scmsvn/?action=browse&path=%2Ftrunk%2FCDA%2520Implementation%2520Guide%2Fdocs%2FCDAR2_CD_IG%2520_D2_2010MAY.pdf&view=log CDA R2 Implementation Guide for Privacy Consent Directives May 2010] joint with [[Community-Based Collaborative Care]]
  
  
[[Category:Foundation_and_Technology_Steering_Division]]
+
===Joint Vocabulary Alignment Project===
[[Category:Work_Group]]
+
*[[Record Lifecycle, Security, Privacy, and Provenance Vocabulary Alignment]]
 +
*[[Way with Verbs: Operations Ontology Project]] (Deprecated)
 +
 
 +
==='''Joint Projects with ONC and Others'''===
 +
 
 +
==Updates to the FHIR Security Pages per ONC Precision Medicine Initiative and API Privacy and Security Considerations==
 +
*[https://www.healthit.gov/sites/default/files/privacy-security-api.pdf KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)]
 +
*[https://beta.healthit.gov/ ONC Role in Precision Medicine Initiative (PMI)]
 +
*[https://beta.healthit.gov/topic/privacy-security-and-hipaa/health-it-privacy-and-security-resources-providers Health IT Privacy and Security Resources for Providers ]
 +
 
 +
===[[Consent on FHIR]]===
 +
Security WG members collaborating on [http://confluence.siframework.org/display/PATCH/The+Patient+Choice+Technical+Project+Homepage ONC Patient Choice Project] Mike Davis, Duane Decouteau,  Mohammad Jafari, and Tony Mallia participated in the ONC Patient Choice Basic Consent Pilots at the HL7 Connectathon. Presentations, demonstration, and other material available on this page.
 +
===[[HIMSS 2017 Patient Choice]]===
 +
Featuring FHIR Consent and Consent2Share with UMA and Smart on FHIR Authorization Servers, ONC Patient Choice pilots VA and MiHIN join SAMHSA to demonstrate how emerging technologies can protect sensitive patient health information in implementer friendly ways.  See this page for HIMSS collateral, vignette, and demonstration links.
 +
[[File:Patient_Choice_on_FHIR_Image.png|400px|thumb|right|HIMSS 2017 Patient Choice on FHIR]]
 +
 
 +
==Security Ballot Information==
 +
 
 +
==Security Harmonization Information==
 +
*[[July 2018 Harmonization Cycle]]
 +
*[[Security Harmonization Archive]]
 +
 
 +
=='''[[HL7 Security Video Library]]'''==
 +
[[File:PoF_Icon.png|400px|thumb|right|Privacy on FHIR]]
 +
*[https://www.youtube.com/watch?v=Sj0ZOi1AxhY HL7 Cascading UMA OAuth video - Duane Decouteau]
 +
*[http://va.edmondsci.com:8080/ehtac/sof/ Privacy on FHIR HIMSS 2015 Security Labeling Demo]
 +
*[https://www.youtube.com/watch?v=SKHUdiLcC0w Security Labels for the FHIR Connectathon]
 +
* [https://www.youtube.com/watch?v=4lMG96nmWS0 HIMSS 2013 Interoperability Showcase Demonstrations (DS4P) Using Healthcare Security Labels - eHealth Exchange]
 +
 
 +
=='''[[HL7 Security Document Library]]'''==
 +
*[http://www.hl7.org/search/viewSearchResult.cfm?search_id=393442&search_result_url=%2Fdocumentcenter%2Fpublic%2Fwg%2Fsecure%2FHL7%20Emergency%20Access%2Edoc Healthcare Requirements for Emergency Access by Mike Davis VA]
 +
*[[Bernd Blobel Presentations at 2017 Madrid WGM and other publications]]
 +
*[[HL7 Policy Advisory Committee: Security, Privacy, Trust, and Provenance Considerations]]
 +
*[[Purpose of Use]]
 +
*[[International and National Security and Privacy Policy and SDO Reports]]
 +
*[[Privacy and Security, Big Data, Provenance and Privacy Reference Materials]]
 +
*[http://www.nist.gov/itl/csd/upload/nist_privacy_engr_objectives_risk_model_discussion_deck.pdf NIST Privacy Engineering Objectives and Risk Model - Discussion Deck Objective-Based Design for Improving Privacy in Information Systems]
 +
*[http://wiki.hl7.org/index.php?title=HL7_Security_Document_Library Jan 2014 WGM Security Education Session Presentations]
 +
*[http://www.hl7.org/Special/committees/secure/docs.cfm Security Educational Tutorial on Wed 26th Sept, 2013 at Cambridge, MA.]
 +
* [http://wiki.hl7.org/index.php?title=HL7_Security_Document_Library Jan 2013 WGM Security Education Session presentations''']
 +
* [[Security and Privacy Tutorial 2012]]
 +
* [[Security and Privacy mHealth]]
 +
* [[HL7 Security and Privacy Requirements for CDA R3]]
 +
* [[Security & CBCC Work Group Response to Meaningful Use IFR]]
 +
* Issue tracking, releases, documentation available at: [http://hl7projects.hl7.nscee.edu/projects/security/ HL7 Homebase Project]
 +
* [http://gforge.hl7.org/gf/project/security/ Security G-Forge site]
 +
* HL7 Web page: [http://www.hl7.org/Special/committees/secure/index.cfm Security Working Group Web Page]
 +
* [[Cookbook for Security Considerations]] - Instructions for HL7 standards authors and workgroup members
 +
*Security and Privacy Ontology Project - [http://wiki.hl7.org/index.php?title=Security_and_Privacy_Ontology#Draft_Ontology Weekly updates to the draft Security & Privacy Ontology]
 +
* [http://wiki.hl7.org/index.php?title=Role-Based_Access_Control_(RBAC)_Use_Cases RBAC Use Cases]
 +
 
 +
=='''Security WG Reference Model Code'''==
 +
* [https://github.com/ddecouteau/HIMSS2015PrivacyOnFHIR Developed Reference Model code for HIMSS 2015 Privacy on FHIR Demonstration - publicly available]
 +
 
 +
=='''Action Item List'''==
 +
 
 +
===Tracking List===

Latest revision as of 18:49, 26 April 2019

Current Content related to this page can be found on Confluence Here
Leadership Governance Weekly_Meeting_Information

Alexander Mense - Program Director Information Management und IT-Security University of Applied Sciences Technikum Wien

Kathleen Connor - VHA Security Architecture – Framework Engineering (Book Zurman Inc.)

John Moehrke - By-Light Professional IT Services, Inc

Trish Williams PhD - Flinders University

Christopher Shawn - VHA Security Architecture

Security Mission & Charter 2017

Security Decision Making Processes 2017

SWOT Sep 2016

Security 3-Year Plan

Infrastructure Steering Division Home

Relevant HL7 Policies and Procedures

Security Confluence

Weekly, Tuesday at 3 pm EST (12 pm PST) Beginning March 28 - Security WG FreeConference web meeting

Call Weekly Call Agenda Links below on this home page. Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Foundation and Technology Steering Division Home Page

Contents

Security WGM Calendar and Minutes

January 2019 WGM San Antonio

Previous WGM Links:

Security FHIR Connectathons

Security WG Weekly Meeting Minutes and Agenda


Archive - Security WG WGM and Weekly Meeting Minutes and Agenda

HL7 FHIR Security Calls

Security Project Space

HL7 Security Review and Comment Topics

GDPR (General Data Protection Regulation)

"Is Privacy Obsolete" Study Group Page"

HL7 Kantara and OASIS X-Paradigm Research by Mohammad Jafari

Features papers and blogs were developed to encourage collaborative development across several standards supporting emerging healthcare privacy and security use cases.

ONC Interoperability Standards Advisory 2018 Review and Comment Page

ONC Trusted Exchange Common Agreement Framework Comments Page

FHIR Bulk Data Transfer Privacy and Security Concerns

FHIR Consumer Centered Data Exchange (CCDE) Connectathon

HL7 Version 2 Privacy and Security

Archive of HL7 Security Review and Comment Topics

Approved Security WG Projects

Privacy and Security Framework Architecture (PSAF), TF4FA Ballot Reconciliation

PASS Healthcare Audit Services Project

  • [<<add link>> Ballot Reconciliation Sheet]
  • <<add link>> Ballot Document

HL7 FHIR Security Topics (wiki page)]

HL7 Patient Friendly Consent Directive Project

Trust Label

Security Labeling Service Project Wiki

Healthcare Privacy and Security Classification System

Security and Privacy Ontology Project Wiki

HL7 DS4P CBCC-Security WG Joint Project


Joint Vocabulary Alignment Project

Joint Projects with ONC and Others

Updates to the FHIR Security Pages per ONC Precision Medicine Initiative and API Privacy and Security Considerations

Consent on FHIR

Security WG members collaborating on ONC Patient Choice Project Mike Davis, Duane Decouteau, Mohammad Jafari, and Tony Mallia participated in the ONC Patient Choice Basic Consent Pilots at the HL7 Connectathon. Presentations, demonstration, and other material available on this page.

HIMSS 2017 Patient Choice

Featuring FHIR Consent and Consent2Share with UMA and Smart on FHIR Authorization Servers, ONC Patient Choice pilots VA and MiHIN join SAMHSA to demonstrate how emerging technologies can protect sensitive patient health information in implementer friendly ways. See this page for HIMSS collateral, vignette, and demonstration links.

HIMSS 2017 Patient Choice on FHIR

Security Ballot Information

Security Harmonization Information

HL7 Security Video Library

Privacy on FHIR

HL7 Security Document Library

Security WG Reference Model Code

Action Item List

Tracking List