This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "September 2016 Baltimore WGM - Security WG Agenda"

From HL7Wiki
Jump to navigation Jump to search
 
(23 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
[[http://www.hl7.org/documentcenter/public/calendarofevents/Baltimore_Onsite_v7.pdf On-Site Meeting Schedule & Hotel Guide]
 
[[http://www.hl7.org/documentcenter/public/calendarofevents/Baltimore_Onsite_v7.pdf On-Site Meeting Schedule & Hotel Guide]
  
Minutes: [September 2016 Baltimore WGM - Security (add link)]
+
Minutes: [http://www.hl7.org/documentcenter/public/wg/secure/minutes/2016-09-22_SEC_WGM_Minutes.rtf September 2016 Baltimore WGM - Security]
  
 
[[Security|Back to Security Meetings]]
 
[[Security|Back to Security Meetings]]
Line 41: Line 41:
 
||''' Joint CBCC - Security'''
 
||''' Joint CBCC - Security'''
 
* ''[http://wiki.hl7.org/index.php?title=September_2016_CBCC_Working_Group_Meeting_-_Baltimore,_Maryland] for agenda items
 
* ''[http://wiki.hl7.org/index.php?title=September_2016_CBCC_Working_Group_Meeting_-_Baltimore,_Maryland] for agenda items
||CBCC
+
||CBCC||Constellation F
||Room TBA
 
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
Line 49: Line 48:
 
* ''[http://wiki.hl7.org/index.php?title=September_2016_CBCC_Working_Group_Meeting_-_Baltimore,_Maryland] for agenda items
 
* ''[http://wiki.hl7.org/index.php?title=September_2016_CBCC_Working_Group_Meeting_-_Baltimore,_Maryland] for agenda items
 
||CBCC
 
||CBCC
||Room TBA
+
||Constellation F
 
|-
 
|-
 
|-
 
|-
Line 59: Line 58:
 
* Approval of agenda
 
* Approval of agenda
 
* International Report outs
 
* International Report outs
* keep? Liaison Reports: ISO, IHE, ONC (HEART)
+
* [http://gforge.hl7.org/gf/download/docmanfileversion/9376/14661/2017%20Draft%20Interoperability%20Standards%20Advisory-HL7%20Response%20Draft%20-%2020160907%20-%20Markup.docx ONC ISA Comments] - Consider resending and requesting that ONC give rationale for what is or is not adopted. Forward to PAC for Board review.
 +
* Liaison Reports: ISO, IHE, ONC (HEART)
 
* HL7 Project status and updates:
 
* HL7 Project status and updates:
 
** Standards Privacy Impact Assessment (formerly: ''Privacy Impact Assessment and P&SbD'')  
 
** Standards Privacy Impact Assessment (formerly: ''Privacy Impact Assessment and P&SbD'')  
Line 67: Line 67:
 
** SOA Audit
 
** SOA Audit
 
||Security
 
||Security
||Room TBA
+
||Columbia
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
 
| ||||Q2||11:00-12:30
 
| ||||Q2||11:00-12:30
 
||'''Trust Framework Work Session'''
 
||'''Trust Framework Work Session'''
* Review Current Trust Framework Efforts:
+
*Review Current Trust Framework Efforts tracked in [http://wiki.hl7.org/index.php?title=Trust_Label Security Trust Library]
** Trust Framework Governance initiatives
+
*[http://gforge.hl7.org/gf/download/docmanfileversion/9383/14677/MIT%20MedRec%20ONC%20Blockchain%20Challenge.pdf A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data]
** Trust Framework established and emerging standards
+
*Trust Framework Governance initiatives
** Perspective on Trust Framework requirements from various jurisdictions
+
*Trust Framework established and emerging standards including blockchain and smart contracts for dynamic trust frameworks
** Action Items - e.g., could Security develop requirements, functional model, vocabulary etc. as part of PSAF
+
*Trust and POU: [http://gforge.hl7.org/gf/download/docmanfileversion/9377/14662/Purpose%20of%20Use-20160918%20JMD.docx Refocus on POU functions in Trust, Privacy, and Security Policies, and how to capture in PSAF]
 +
*Perspective on Trust Framework requirements from various jurisdictions
 +
*Action Items - e.g., could Security develop requirements, functional model, vocabulary etc. as part of PSAF.  Potential FHIR Trust Policy?
 
||Security
 
||Security
||Room TBA
+
||Columbia
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
 
| ||||Q3||1:45-3:00
 
| ||||Q3||1:45-3:00
||'''CBCC FHIR-I Joint on FHIR ConsentDirective'''
 
*[http://hl7-fhir.github.io/pcd/consentdirective.html FHIR Consent Directive work, resolution and IG creation]
 
||CBCC
 
||Room TBA
 
|-
 
|-valign="top"
 
| ||||Q4||3:30 -5:00
 
 
||'''Security WG Project Meeting'''  
 
||'''Security WG Project Meeting'''  
 
* FHIR AuditEvent, Provenance Resource
 
* FHIR AuditEvent, Provenance Resource
 
** Outstanding CP Review
 
** Outstanding CP Review
** Front Matter Documentation updates
+
*[http://gforge.hl7.org/gf/download/docmanfileversion/9384/14678/PSAF_R1_O1Amalgamated%20ballotcomments%202016SEP.xls PSAF Ballot Reconciliation]
** Vocabulary binding to v.3 and FHIR value sets
 
 
||Security
 
||Security
||Room TBA
+
||Columbia
 +
|-
 +
|-valign="top"
 +
| ||||Q4||3:30 -5:00
 +
||'''CBCC FHIR-I Joint on FHIR ConsentDirective'''
 +
*[http://hl7-fhir.github.io/pcd/consentdirective.html FHIR Consent Directive work, resolution and IG creation]
 +
||CBCC
 +
||Columbia
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
 
|WED||SEP 21||Q1||9:00-10:30
 
|WED||SEP 21||Q1||9:00-10:30
 
||'''Joint w/ EHR, CBCC, FHIR, SOA, Security'''
 
||'''Joint w/ EHR, CBCC, FHIR, SOA, Security'''
* FHIR Connectathon - Security WG is providing a VA hosted DSTU3 FHIR Server with SLS/PPS supported natively. The servers labels out-going data on a dynamic per-request basis labeling at resource level and providing high-water mark to resource bundle.  It uses a limited set of clinical sensitivity and organizational policyset.
+
* FHIR server with the capability to enforce patient consent via a third-party authorization server (UMA) as well as enforcing overarching organizational Security Labeling Service (SLS)/Privacy Protective Service (PPS) services. The server modifies and labels the outgoing bundles on a dynamic per-request basis based on applicable patient consents as well as the overarching SLS and PPS rules (including the high-watermark label on the bundle).  
* Security WG FHIR STU3 Server http://vha.edmondsci.com:8080/hapi15
+
* Security WG FHIR STU3 Server http://mhs.edmondsci.com:8080/fhir-uma-client-demo/
 +
*[http://gforge.hl7.org/gf/download/docmanfileversion/9385/14679/FHIR-Consent-UMA-20160919.pptx VA ONC Patient Choice Pilot FHIR Consent UMA Connectathon]
 
||Security
 
||Security
||Room TBA
+
||Constellation C
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
Line 110: Line 112:
 
* Tentative Agenda Items:
 
* Tentative Agenda Items:
 
** PASS Audit topics (joint w Security, CBCC, SOA)
 
** PASS Audit topics (joint w Security, CBCC, SOA)
** Privacy and Security Architecture Framework [PSAF]and SOA PASS Conceptual Models
+
** Privacy and Security Architecture Framework [PSAF] and SOA PASS Conceptual Models
 
||SOA
 
||SOA
||Room TBA
+
||Frederick
 
|-
 
|-
 
|-valign="top"
 
|-valign="top"
| ||||Q3-split||1:45 -3:00
+
| ||||Q3||1:45 -3:00
||
+
||'''Security WG Prep for THURs Q1 CBCC FHIR-I Joint'''
'''Tenative: EHR/Vocab alignment sub-group (EHR Hosting)'''
+
*Review of all FHIR Security and Consent related guidance to ensure alignment with Security and CBCC WG positions [http://hl7-fhir.github.io/secpriv-module.html FHIR STU3 Security and Privacy Module] as this material was not previously reviewed or approved by the WGs.
||CBCC
+
*FHIR Security Label Guidance - Align with HCS, co-occurrence constraint on Confidentiality, include trust and integrity security label vocabulary
||Room TBA
+
*FHIR Privacy Impact and Security Risk Assessments
|-valign="top"
+
** For Infrastructure - e.g., versioning, updates, history and impact on persistence of security labels if required by policy
| ||||Q3-split||1:45 -3:00
 
||'''Security WG Joint with FHIR-I'''
 
* FHIR Security Label Guidance
 
* FHIR Privacy Impact and Security Risk Assessments
 
** For Infrastructure - e.g., versioning, updates, history
 
 
** By Resources - optional Privacy and Security Notes
 
** By Resources - optional Privacy and Security Notes
 
||Security
 
||Security
Line 138: Line 135:
 
** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan]
 
** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan]
 
** [http://gforge.hl7.org/gf/download/docmanfileversion/9155/14164/Security%20CBCC%20Products%20and%20Projects%20May%202016.xlsx Current Project/Product status]
 
** [http://gforge.hl7.org/gf/download/docmanfileversion/9155/14164/Security%20CBCC%20Products%20and%20Projects%20May%202016.xlsx Current Project/Product status]
** [http://gforge.hl7.org/gf/download/docmanfileversion/9156/14165/Security%20WG%20May%202016%20Health.pptx Security Health Report]
+
** [http://gforge.hl7.org/gf/download/docmanfileversion/9381/14666/HL7%20Baltimore%202016%20Security%20WGM%20Governance%20and%20Health.pptx Security Health Report]
 
||Security
 
||Security
 
||Room TBA
 
||Room TBA
Line 152: Line 149:
 
| ||||Q2||11:00-12:30
 
| ||||Q2||11:00-12:30
 
||'''Security WG Project Meeting'''
 
||'''Security WG Project Meeting'''
* July Harmonization Proposals
+
* Nov Harmonization Proposals
 +
**New Obligation to render human readable notices, such as Part 2 Redisclosure w/o Consent Prohibition
 
** POU additions - HTEST, Research Consent POUs
 
** POU additions - HTEST, Research Consent POUs
 
** Research Consent Refrains, Obligations
 
** Research Consent Refrains, Obligations

Latest revision as of 06:09, 4 October 2016

September 2016 Security Working Group Meeting - Baltimore Maryland USA

HL7 WGM Event BROCHURE Link

[On-Site Meeting Schedule & Hotel Guide

Minutes: September 2016 Baltimore WGM - Security

Back to Security Meetings

Day Date Qtr Time Event Session Leader Room
SUN SEP 18 Q1 9:00-10:30 . No Meeting .
Q2 11:00-12:30 . No Meeting .
Q3 1:45 -3:00 . No Meeting .
Q4 3:30 -5:00 . No Meeting .
MON SEP 19 Q1 9:00-10:30 . No Meeting .
Q2 11:00-12:30 . No Meeting .
Q3 1:45 -3:00 Joint CBCC - Security
  • [1] for agenda items
 CBCC Constellation F
Q4 3:30 -5:00 Joint with CBCC – New discussion items and projects
  • [2] for agenda items
 CBCC Constellation F
TUE SEP 20 Q1 9:00-10:30 Opening Security WG Meeting
  • Introductions
  • Approval of agenda
  • International Report outs
  • ONC ISA Comments - Consider resending and requesting that ONC give rationale for what is or is not adopted. Forward to PAC for Board review.
  • Liaison Reports: ISO, IHE, ONC (HEART)
  • HL7 Project status and updates:
    • Standards Privacy Impact Assessment (formerly: Privacy Impact Assessment and P&SbD)
    • FHIR Security - AuditEvent, Provenance, Security Labels
    • FHIR Consent Directive work (with CBCC)
    • Trust Framework - plan for Q2 work session
    • SOA Audit
 Security Columbia
Q2 11:00-12:30 Trust Framework Work Session Security Columbia
Q3 1:45-3:00 Security WG Project Meeting Security Columbia
Q4 3:30 -5:00 CBCC FHIR-I Joint on FHIR ConsentDirective CBCC Columbia
WED SEP 21 Q1 9:00-10:30 Joint w/ EHR, CBCC, FHIR, SOA, Security
  • FHIR server with the capability to enforce patient consent via a third-party authorization server (UMA) as well as enforcing overarching organizational Security Labeling Service (SLS)/Privacy Protective Service (PPS) services. The server modifies and labels the outgoing bundles on a dynamic per-request basis based on applicable patient consents as well as the overarching SLS and PPS rules (including the high-watermark label on the bundle).
  • Security WG FHIR STU3 Server http://mhs.edmondsci.com:8080/fhir-uma-client-demo/
  • VA ONC Patient Choice Pilot FHIR Consent UMA Connectathon
 Security Constellation C
Q2 11:00-12:30 Joint w/ SOA
  • Tentative Agenda Items:
    • PASS Audit topics (joint w Security, CBCC, SOA)
    • Privacy and Security Architecture Framework [PSAF] and SOA PASS Conceptual Models
 SOA Frederick
Q3 1:45 -3:00 Security WG Prep for THURs Q1 CBCC FHIR-I Joint
  • Review of all FHIR Security and Consent related guidance to ensure alignment with Security and CBCC WG positions FHIR STU3 Security and Privacy Module as this material was not previously reviewed or approved by the WGs.
  • FHIR Security Label Guidance - Align with HCS, co-occurrence constraint on Confidentiality, include trust and integrity security label vocabulary
  • FHIR Privacy Impact and Security Risk Assessments
    • For Infrastructure - e.g., versioning, updates, history and impact on persistence of security labels if required by policy
    • By Resources - optional Privacy and Security Notes
 Security Room TBA
Q4 3:30 -5:00 Security WG Project Meeting Security Room TBA
THU SEP 22 Q1 9:00-10:00 Security Joint with FHIR-I
  • Tentative Agenda Item
    • FHIR Connectathon Privacy and Security testing scenarios
 Security Room TBA
Q2 11:00-12:30 Security WG Project Meeting
  • Nov Harmonization Proposals
    • New Obligation to render human readable notices, such as Part 2 Redisclosure w/o Consent Prohibition
    • POU additions - HTEST, Research Consent POUs
    • Research Consent Refrains, Obligations
 Security Room TBA
Q3 1:45 -3:00 .
Q4 3:30 -5:00 . No Meeting .
FRI SEP 23 Q1 9:00-10:30 . No Meeting .
Q2 11:00-12:30 . No Meeting .
Q3 1:45 -3:00 . No Meeting .
Q4 3:30 -5:00 . No Meeting

Back to Security Wiki Meetings


Session Type:

Business Meeting
Technical Meeting
Ballot Reconciliation
Retrieved from "https://wiki.hl7.org/w/index.php?title=September_2016_Baltimore_WGM_-_Security_WG_Agenda&oldid=126928"