HL7 wgm atlanta, Georgia, usa security wg agenda



Download 104.88 Kb.
Date10.08.2017
Size104.88 Kb.
#30047

HL7 WGM Atlanta May 2013


HL7 Security Workgroup

Meeting Minutes

HL7 WGM - Atlanta, Georgia, USA Security WG - AGENDA

 Attendees


 

Name

E-mail

Affiliation

Tue Q1

Tue Q2

Tue Q3

Tue Q4

Wed

Q3

Wed

Q4

Thu

Q1

Bernd Blobel

bernd.blobel@klinik.uni-regensburg.de

HL7 Germany

 

 

 

 X

 

 

 X

Bill Braithwaite

bill@braithwaites.com

consultant

 

 

 

 

 

 

 

Kathleen Connor

Kathleen_Connor@comcast.net

VA (Edmond Scientific Company)

 X

 X

 X

 X

 

 

 X

Mike Davis

mike.davis@va.gov

VA

 X

 X

 X



 

 

 X

Christof Gessner

Christof.gessner@mxdx.de

HL7 Germany

 

 

 

 

 

 

 

Suzanne Gonzales0-Webb

Suzanne.Gonzales-Webb@va.gov

VA (DRC)

 X

 X

 X

 X

 

 

 X

Trish Grimes

 

 

 

 

X

 

 

 

 

Beat Heggli

beat.heggli@nexus-schwiz.ch

HL7 Switzerland

 

 

 

 

 

 

 X

Daniel Henzi

Daniel.henzi@standard.org.au

 

 

X

 

 

 

 

 

Don Jorgensen

djorgenson@inpriva.com

Inpriva

 

 

 

 

 

 

 

Andrzej Knafel

andrzej.knafel@roche.com

Roche Diagnostics Intl

 

 

 

 

 

 

 

Ken Lord

lord@firestarsoftware.com

 

X

 

 

 

 

 

 

Alexander Mense

alexander.mense@hl7.at

 


HL7 Austria

 

 

 

 

 

 

 

Hideyuki Miyohara

miyohara.hideyuki@ap.mitsubishielectric.co.jp

HL7 Japan

 X



 X

 X

 

 

 X

John Moehrke

john.moehrke@med.ge.com

GE Healthcare

 X

 X

 X

 X

 

 

 X

Erik Pupo

erpupo@deloitte.com




X



















Lori Reed-Fouquet

lfourquet@ehealthsign.com

eHealthSigns

 X

 X

X

 


 

 

 

 X

Harry Rhodes

harry.rhodes@ahima.org

AHIMA

 

 

 X



 

 

 X

Martin Rosner

martin.rosner@philips.com

Philips

 

 

 

 

 

 

 

Avinash Sharbheg

avinash.sharbheg

ONC

 

 

 

 

 

 

 

Dan Smith

dsmith@apelon.com

Apelon

 

 

 

 

 

 

 

Walter Suarez

Dr. Walter Suarez [walter.g.suarez@kp.org]

Kaiser Permanente

 

 

 

 

 

 

 

Richard Thoreson

richard.thoreson@samhsa.hhs.gov

SAMHSA

 

 

 

 

 

 

 

Tony Weida

tweida@apelon.com

Apelon/VA



 X



 X

 

 



Trish Williams

trish.williams@ecu.edu.au

HL7 Australia



 X

 X

 X

 

 

 

 

May 6, 2013

 


Qtr

Time

Session Type

Event

Session Leader

Room

Q3

1:45 -3:00

business meeting

 

technical meeting



Joint with CBCC

      • Welcome and Introductions

      • Agenda Review

Ballot Overview:

      • Healthcare Privacy and Security Classification Scheme (HCS) Ballot

      • Security and Privacy Ontology

      • Composite Security and Privacy DAM/Information Model

      • Behavioral Health Informational Guide (BH IG))

      • Behavioral Health Domain Analysis Model (BH DAM)

      • FHIR Update

New Items:

      • Privacy Consent

      • Next steps including Consent to Share (an extension of DS4P)

Other CBCC-Security Joint Project Updates (5-10 min each)

CBCC

Room TBD

Q4

3:30 -5:00

business meeting

 

technical meeting



Joint with CBCC – New discussion items and projects

      • (continuation of Q3)

      • Realm report out

Security

 

 

  • See CBCC WGM Minutes for Monday Q3 – 4



Atlanta Security WGM Meetings


Tuesday May 7, 2013

Tuesday Q1

 


 Q1

9:00-10:30

business meeting

Opening Security WG Meeting

      • Introductions

      • Approval of agenda

      •  Approval of January Phoenix Minutes

Security

Room TBD

 Presiding chair: Mike Davis

 Agenda Approval

 

Mike walked the Security Work Group (SWG) the proposed agenda.



 

Mike suggested spending some portion of Q1 discussing Doug Fridsma's announcement that ONC would transition the Data Segmentation for Privacy Implementation Guide (DS4P IG), which was developed by ONC Standards and Interoperability Framework, to the Security WG for balloting and maintenance.

 

SOA joint is cancelled and replaced by joint reconciliation with CBCC.



 

Cochairs discussed the material to be presented at the Wednesday Q3-4 Educational Session, and the order of presentation.



    • Ioana will present on consent directive CDA.

    • Mike plans to present the HIMSS DS4P pilot video.

    • John described his intentions for the FHIR Security session. He will also discuss Audit Logging to support security surveillance.

 

Trish will be absent all day Thursday. John will be absent Thursday Q3-4.

 

SWG 3 year plan and WG health will be moved up to Monday Q1.



A Joint with EHR/SOA/Security/FHIR has preempted Security Reconciliation Thursday Q2.
Tentatively, Security Q3-4 will be cancelled.

 


Proposal

Mike asked for approval of the agenda with changes discussed.

 

 

 

Moved

Second

Opposed

Abstain

In Favor

 

 

0

0

8

 

Minute Approval

 


Proposal

Mike asked for a motion for approval of the January Phoenix WGM minutes.

 


 

 

 

Moved

Second

Opposed

Abstain

In Favor

John

Trish

0

0

8

 

Discussion about how to ballot the DS4P IG


 SWG will handle the SOAP and DIRECT IGs and IHE will handle the REST IG to ensure that the IG is consistent with the IHE REST profile.

 

John suggested separating the content from the transport.



 

Mike proposed that the DS4P IG be packaged with HCS. John raised alternative view about whether the DS4P IG be balloted separately. That would require a new scope statement, which might delay the September balloting.

 

Mike asked whether to bring the DS4P IG as an international or US standard. If the DS4P IG were international, then the current DS4P IGs would be a profile. After discussion, Mike concludes that the SWG should be balloted as US profile initially, and if the international community wants to create an international version, then the SWG can reconsider. Further discussion on the proposed approach to balloting the IGs with or without the HCS will be continued with CBCC.



 

Trish stated that AU is not in a position to consider adopting the DS4P IG at this time.

 

Bernd reported on the progress on implementing the EU Directive.



 

Hideyuki Miyohara stated that Japan would want to create its own framework. Hideyuki said that if Japan were to adopt a DS4P approach, it would not work on a profile of the DS4P because core parts of it would be replaced with Japan's workflows and Japanese clinical document standards.

 

Mike wants a new scope statement with multiple deliverables. The first deliverable would be the US realm DS4P, and then the other realms could create their own DS4P IG and ballot in their realm.



 

Proposal

Mike asked for a motion about creating a new scope statement to take the DS4P to DSTU joint with CBCC.

 


 

 

 

Moved

Second

Opposed

Abstain

In Favor

John

Trish

1

0

7

Presiding chair: Trish Williams

 

Trish led the SWG discussion of the WG 3-Year Plan, SWOT, and WG health. Two items of inactive balloting: The Security Risk Cookbook, which is on hold for TSC instructions on how to ballot. The Privacy and Authorization Vocabulary project scope has been completed under the second ballot of the RBAC catalogue in 2009. Action Items: John will ask Austin about how to ballot or whether to ballot the Risk Cookbook.



 

Tuesday Q2

 


Q2

11:00-12:30

business meeting

Security WG Review of Industry and SDO Activities Meeting

Security

Room TBD

 Presiding chair: Mike Davis

 

International and SDO representatives provided updates on security and privacy activities.



 

Japanese activity

 

Hideyuki Miyohara presented the deck he presented to ONC, NIST and Kaiser Permanente about the Japanese Association of Healthcare Information Systems Industry (JAHIS), which is one of the Japanese SDOs. JAHIS is HL7 Japanese Realm, and has published many profiles using HL7 v2.5.



 

John and Mike asked about the Japanese healthcare PKI. Every provider has a government issued JPKI from Japanese national Certificate Authority. Patients use at 3rd party PKI. Patient can choose the permission table in the PHR to allow a service provider to access the patient's PHR. Transport is a web service.

 

John asked about authorization. Hideyuki said they use the permission table in the PHR. John asked about use of OAUTH. Hideyuki noted that in the future, that the permission tables would be managed centrally so that any organization meeting the clearance would have access to the patient's PHR rather than having the patient directly involved in authorizing each service provider.



 

John asked about digital signature types. Hideyuki stated that Japanese use all 3 types. John asked about whether partial digital signature, e.g., to decouple a portion of the payload from being bond to the attesting provider's digital signature if, for example, that provider is not the source of that portion of the payload.

 machine generated alternative text: detached signature he has profiled this t,jpe of signature enveloping signature w3c xml slg,iature - supports a partial ságnature digital signature enveloped signature cda dlgtal snture
 

 

HL7 Japan has developed a CDA for prescriptions rather than phone/fax. Japan requires prescriptions in a document form. Use has Patients prefer paper prescriptions.



 

[Action Item - Hideyuki will send pdf of ppt week after the WGM]

 

Australia

 

Tricia and Daniel Henzi talked about AU PCEHR security topics and use of digital signature.



 

Saudi Arabia

 

Lori reported on Saudi Arabia use of a national PKI, which is encouraged, but not mandated. It is not specific to healthcare. Providers and organizations will be issued PKI, but no plans for provisioning patients at this time. The Saudis are developing a provider registry and establishing professional roles.



GE has the project management contract for the analytics and specification development

 

ISO

 

Lori reported on the ISO meeting in Mexico City for 4 days in mid-April. Lori presented WG4 Report to Plenary for Mexico.ppt describing the meeting activities.



 

Tuesday Q3 - 4

Q3

1:45-3:00

business meeting

Security WG Project Meeting

      • Ballot Reconciliation - Security and Privacy Ontology

      • Ballot Reconciliation - Healthcare Privacy and Security Classification System

Security

Room TBD

Q4

3:30 -5:00

business meeting

Security WG Project Meeting

      • Ballot Reconciliation - Security and Privacy Ontology

      • Ballot Reconciliation - Healthcare Privacy and Security Classification System

Security

Room TBD

Presiding chair: Mike Davis

 Mike added a time boxed review of the draft DS4P IG Project Scope statement. Edits were made in a revision that was distributed to the SWG. The proposal will continue to be refined during the Joint with CBCC Wednesday Q2.

Tony Weida presented on the current status of the Security and Privacy Ontology ballot (SPO). SWG discussed the utility and expected benefits for SPO, including its use in a HL7 Common Terminology Service for authoring and adjudicating e.g., security policies, consent directive, and security labels. Tony proposed dispositions to John Moehrke's comments. Several of the comments had to do with the conformance statement. Objections to their prescriptiveness and scope were discussed and reconciled. Members of the SWG thanked John for his thorough ballot review and thoughtful comments, which stimulated new thinking on future direction of the SPO.

 


Proposal

Mike asked for a motion for the SWG to accept the proposed dispositions to John Moehrke's SPO ballot comments. 

 

 

 

Moved

Second

Opposed

Abstain

In Favor

John

Kathleen

0

0

8

 

Wednesday May 8, 2013



Wednesday Q1

Q1

9:00-10:30

business meeting

 

technical meeting



Joint w/ EHR

      • data integrity tagging and continued “disambiguation” efforts

      • proposed: Structured Data (as presented by Doug Fridsma)

EHR

Room TBD

 

See EHR Minutes

 

Wednesday Q2


Q2

11:00-12:30

business meeting

 

technical meeting



Joint with CBCC

Ballot Reconciliation - CBCC Ballots



CBCC (hosting)

Room: Garden Courtyard 215

 

See CBCC Minutes

 

Wednesday Q3 - 4


Q3

1:45 -3:00

business meeting

 

free security educational session



Free Security Educational Session

HL7 Atlanta site brochure Course description - page 23



      • Privacy Consent Directive CDA - Trish Williams

      • Access Controls to enforce Privacy and Security - Including the use of User context (authentication), Patient context, Consent Context, Data context (ConfidentialityCode), and Request Context (PurposeOfUse) - Mike Davis

Security

Room TBD

Q4

3:30 -5:00

business meeting

 

free security educational session



Free Security Educational Session

HL7 Atlanta site brochure Course description - page 23



      • FHIR Security Model - John Moehrke

      • Audit Logging to support security survelance and privacy accounting of disclosures -- Pat Pyette / John Moehrke

Security

Room TBD

 

Thursday May 9, 2013



Thursday Q1 – 2

Q1

9:00-10:30

.

Security WG Project Meeting

      • Ballot Reconciliation - Security and Privacy Ontology

      • Ballot Reconciliation - Healthcare Privacy and Security Classification System

Security

Room TBD

Q2

11:00-12:30

business meeting

Security

TBD

 

<>

 

Audio recording started: 11:58 AM Thursday, May 09, 2013



 

Presiding chair: Mike Davis

 

WG reviewed the agenda. A Joint EHR, SOA, and Security meeting for FHIR preempts the planned reconciliation in Q2. Key ballot commenters and cochairs will not be available for Q3 - 4. WG decided to cancel Q2 - 4 and to continue reconciliation on interim calls.



 

 See ballot spreadsheet

Decisions outside of the spreadsheet:


    • WG agrees to use numbered headers and line numbers.

    • WG agrees to move the example codes to the guide.

    • WG reached consensus on the disposition of John Moehrke's negative comments on

Row

Item

Disposition

5

2

Not persuasive

7

4

Persuasive

16

13

Not persuasive with mod

17

14

Persuasive with mod

19

16

Persuasive with mod

 

 


Proposal

Mike asked for a motion for the SWG to accept the proposed dispositions to John Moehrke's HCS ballot comments listed above. 

 

 

 

Moved

Second

Opposed

Abstain

In Favor

John

Suzanne

0

0

9

 

 

Thursday Q3



Q3

1:45 -3:00

 

Security WG Project Meeting

Security

Room TBD

 

 CANCELED

 

Thursday Q4


Q4

3:30 -5:00

business meeting

Security WG Administration Meeting

      • Co-Chair Administrative time (Charter review, items due to the Steering Division)

      • Security WG 3-Year Plan

Security

Room TBD

 

CANCELED


| Page



Download 104.88 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page