HL7 WGM Atlanta May 2013
HL7 Security Workgroup
Meeting Minutes
HL7 WGM - Atlanta, Georgia, USA Security WG - AGENDA Attendees
-
Name
|
E-mail
|
Affiliation
|
Tue Q1
|
Tue Q2
|
Tue Q3
|
Tue Q4
|
Wed
Q3
|
Wed
Q4
|
Thu
Q1
|
Bernd Blobel
|
bernd.blobel@klinik.uni-regensburg.de
|
HL7 Germany
|
|
|
|
X
|
|
|
X
|
Bill Braithwaite
|
bill@braithwaites.com
|
consultant
|
|
|
|
|
|
|
|
Kathleen Connor
|
Kathleen_Connor@comcast.net
|
VA (Edmond Scientific Company)
|
X
|
X
|
X
|
X
|
|
|
X
|
Mike Davis
|
mike.davis@va.gov
|
VA
|
X
|
X
|
X
|
X
|
|
|
X
|
Christof Gessner
|
Christof.gessner@mxdx.de
|
HL7 Germany
|
|
|
|
|
|
|
|
Suzanne Gonzales0-Webb
|
Suzanne.Gonzales-Webb@va.gov
|
VA (DRC)
|
X
|
X
|
X
|
X
|
|
|
X
|
Trish Grimes
|
|
|
|
|
X
|
|
|
|
|
Beat Heggli
|
beat.heggli@nexus-schwiz.ch
|
HL7 Switzerland
|
|
|
|
|
|
|
X
|
Daniel Henzi
|
Daniel.henzi@standard.org.au
|
|
|
X
|
|
|
|
|
|
Don Jorgensen
|
djorgenson@inpriva.com
|
Inpriva
|
|
|
|
|
|
|
|
Andrzej Knafel
|
andrzej.knafel@roche.com
|
Roche Diagnostics Intl
|
|
|
|
|
|
|
|
Ken Lord
|
lord@firestarsoftware.com
|
|
X
|
|
|
|
|
|
|
Alexander Mense
|
alexander.mense@hl7.at
|
HL7 Austria
|
|
|
|
|
|
|
|
Hideyuki Miyohara
|
miyohara.hideyuki@ap.mitsubishielectric.co.jp
|
HL7 Japan
|
X
|
X
|
X
|
X
|
|
|
X
|
John Moehrke
|
john.moehrke@med.ge.com
|
GE Healthcare
|
X
|
X
|
X
|
X
|
|
|
X
|
Erik Pupo
|
erpupo@deloitte.com
|
|
X
|
|
|
|
|
|
|
Lori Reed-Fouquet
|
lfourquet@ehealthsign.com
|
eHealthSigns
|
X
|
X
|
X
|
|
|
|
X
|
Harry Rhodes
|
harry.rhodes@ahima.org
|
AHIMA
|
|
|
X
|
X
|
|
|
X
|
Martin Rosner
|
martin.rosner@philips.com
|
Philips
|
|
|
|
|
|
|
|
Avinash Sharbheg
|
avinash.sharbheg
|
ONC
|
|
|
|
|
|
|
|
Dan Smith
|
dsmith@apelon.com
|
Apelon
|
|
|
|
|
|
|
|
Walter Suarez
|
Dr. Walter Suarez [walter.g.suarez@kp.org]
|
Kaiser Permanente
|
|
|
|
|
|
|
|
Richard Thoreson
|
richard.thoreson@samhsa.hhs.gov
|
SAMHSA
|
|
|
|
|
|
|
|
Tony Weida
|
tweida@apelon.com
|
Apelon/VA
|
X
|
X
|
X
|
X
|
|
|
X
|
Trish Williams
|
trish.williams@ecu.edu.au
|
HL7 Australia
|
X
|
X
|
X
|
X
|
|
|
|
May 6, 2013
-
-
See CBCC WGM Minutes for Monday Q3 – 4
Atlanta Security WGM Meetings
Tuesday May 7, 2013
Tuesday Q1
-
Q1
|
9:00-10:30
|
|
Opening Security WG Meeting
-
Introductions
-
Approval of agenda
-
Approval of January Phoenix Minutes
|
Security
|
Room TBD
|
Presiding chair: Mike Davis
Agenda Approval
Mike walked the Security Work Group (SWG) the proposed agenda.
Mike suggested spending some portion of Q1 discussing Doug Fridsma's announcement that ONC would transition the Data Segmentation for Privacy Implementation Guide (DS4P IG), which was developed by ONC Standards and Interoperability Framework, to the Security WG for balloting and maintenance.
SOA joint is cancelled and replaced by joint reconciliation with CBCC.
Cochairs discussed the material to be presented at the Wednesday Q3-4 Educational Session, and the order of presentation.
-
Ioana will present on consent directive CDA.
-
Mike plans to present the HIMSS DS4P pilot video.
-
John described his intentions for the FHIR Security session. He will also discuss Audit Logging to support security surveillance.
Trish will be absent all day Thursday. John will be absent Thursday Q3-4.
SWG 3 year plan and WG health will be moved up to Monday Q1.
A Joint with EHR/SOA/Security/FHIR has preempted Security Reconciliation Thursday Q2.
Tentatively, Security Q3-4 will be cancelled.
-
Proposal
|
Mike asked for approval of the agenda with changes discussed.
|
|
|
|
Moved
|
Second
|
Opposed
|
Abstain
|
In Favor
|
|
|
0
|
0
|
8
|
Minute Approval
-
Proposal
|
Mike asked for a motion for approval of the January Phoenix WGM minutes.
|
|
|
|
Moved
|
Second
|
Opposed
|
Abstain
|
In Favor
|
John
|
Trish
|
0
|
0
|
8
|
Discussion about how to ballot the DS4P IG
SWG will handle the SOAP and DIRECT IGs and IHE will handle the REST IG to ensure that the IG is consistent with the IHE REST profile.
John suggested separating the content from the transport.
Mike proposed that the DS4P IG be packaged with HCS. John raised alternative view about whether the DS4P IG be balloted separately. That would require a new scope statement, which might delay the September balloting.
Mike asked whether to bring the DS4P IG as an international or US standard. If the DS4P IG were international, then the current DS4P IGs would be a profile. After discussion, Mike concludes that the SWG should be balloted as US profile initially, and if the international community wants to create an international version, then the SWG can reconsider. Further discussion on the proposed approach to balloting the IGs with or without the HCS will be continued with CBCC.
Trish stated that AU is not in a position to consider adopting the DS4P IG at this time.
Bernd reported on the progress on implementing the EU Directive.
Hideyuki Miyohara stated that Japan would want to create its own framework. Hideyuki said that if Japan were to adopt a DS4P approach, it would not work on a profile of the DS4P because core parts of it would be replaced with Japan's workflows and Japanese clinical document standards.
Mike wants a new scope statement with multiple deliverables. The first deliverable would be the US realm DS4P, and then the other realms could create their own DS4P IG and ballot in their realm.
-
Proposal
|
Mike asked for a motion about creating a new scope statement to take the DS4P to DSTU joint with CBCC.
|
|
|
|
Moved
|
Second
|
Opposed
|
Abstain
|
In Favor
|
John
|
Trish
|
1
|
0
|
7
|
Presiding chair: Trish Williams
Trish led the SWG discussion of the WG 3-Year Plan, SWOT, and WG health. Two items of inactive balloting: The Security Risk Cookbook, which is on hold for TSC instructions on how to ballot. The Privacy and Authorization Vocabulary project scope has been completed under the second ballot of the RBAC catalogue in 2009. Action Items: John will ask Austin about how to ballot or whether to ballot the Risk Cookbook.
Tuesday Q2
-
Q2
|
11:00-12:30
|
|
Security WG Review of Industry and SDO Activities Meeting
|
Security
|
Room TBD
|
Presiding chair: Mike Davis
International and SDO representatives provided updates on security and privacy activities.
Japanese activity
Hideyuki Miyohara presented the deck he presented to ONC, NIST and Kaiser Permanente about the Japanese Association of Healthcare Information Systems Industry (JAHIS), which is one of the Japanese SDOs. JAHIS is HL7 Japanese Realm, and has published many profiles using HL7 v2.5.
John and Mike asked about the Japanese healthcare PKI. Every provider has a government issued JPKI from Japanese national Certificate Authority. Patients use at 3rd party PKI. Patient can choose the permission table in the PHR to allow a service provider to access the patient's PHR. Transport is a web service.
John asked about authorization. Hideyuki said they use the permission table in the PHR. John asked about use of OAUTH. Hideyuki noted that in the future, that the permission tables would be managed centrally so that any organization meeting the clearance would have access to the patient's PHR rather than having the patient directly involved in authorizing each service provider.
John asked about digital signature types. Hideyuki stated that Japanese use all 3 types. John asked about whether partial digital signature, e.g., to decouple a portion of the payload from being bond to the attesting provider's digital signature if, for example, that provider is not the source of that portion of the payload.
HL7 Japan has developed a CDA for prescriptions rather than phone/fax. Japan requires prescriptions in a document form. Use has Patients prefer paper prescriptions.
[Action Item - Hideyuki will send pdf of ppt week after the WGM]
Australia
Tricia and Daniel Henzi talked about AU PCEHR security topics and use of digital signature.
Saudi Arabia
Lori reported on Saudi Arabia use of a national PKI, which is encouraged, but not mandated. It is not specific to healthcare. Providers and organizations will be issued PKI, but no plans for provisioning patients at this time. The Saudis are developing a provider registry and establishing professional roles.
GE has the project management contract for the analytics and specification development
ISO
Lori reported on the ISO meeting in Mexico City for 4 days in mid-April. Lori presented WG4 Report to Plenary for Mexico.ppt describing the meeting activities.
Tuesday Q3 - 4
-
Q3
|
1:45-3:00
|
|
Security WG Project Meeting
-
Ballot Reconciliation - Security and Privacy Ontology
-
Ballot Reconciliation - Healthcare Privacy and Security Classification System
|
Security
|
Room TBD
|
Q4
|
3:30 -5:00
|
|
Security WG Project Meeting
-
Ballot Reconciliation - Security and Privacy Ontology
-
Ballot Reconciliation - Healthcare Privacy and Security Classification System
|
Security
|
Room TBD
|
Presiding chair: Mike Davis
Mike added a time boxed review of the draft DS4P IG Project Scope statement. Edits were made in a revision that was distributed to the SWG. The proposal will continue to be refined during the Joint with CBCC Wednesday Q2.
Tony Weida presented on the current status of the Security and Privacy Ontology ballot (SPO). SWG discussed the utility and expected benefits for SPO, including its use in a HL7 Common Terminology Service for authoring and adjudicating e.g., security policies, consent directive, and security labels. Tony proposed dispositions to John Moehrke's comments. Several of the comments had to do with the conformance statement. Objections to their prescriptiveness and scope were discussed and reconciled. Members of the SWG thanked John for his thorough ballot review and thoughtful comments, which stimulated new thinking on future direction of the SPO.
-
Proposal
|
Mike asked for a motion for the SWG to accept the proposed dispositions to John Moehrke's SPO ballot comments.
|
|
|
|
Moved
|
Second
|
Opposed
|
Abstain
|
In Favor
|
John
|
Kathleen
|
0
|
0
|
8
|
Wednesday May 8, 2013
Wednesday Q1
-
Q1
|
9:00-10:30
|
|
Joint w/ EHR
-
data integrity tagging and continued “disambiguation” efforts
-
proposed: Structured Data (as presented by Doug Fridsma)
|
EHR
|
Room TBD
|
See EHR Minutes
Wednesday Q2
-
Q2
|
11:00-12:30
|
|
Joint with CBCC
Ballot Reconciliation - CBCC Ballots
|
CBCC (hosting)
|
Room: Garden Courtyard 215
|
See CBCC Minutes
Wednesday Q3 - 4
-
Q3
|
1:45 -3:00
|
|
Free Security Educational Session
HL7 Atlanta site brochure Course description - page 23
-
Privacy Consent Directive CDA - Trish Williams
-
Access Controls to enforce Privacy and Security - Including the use of User context (authentication), Patient context, Consent Context, Data context (ConfidentialityCode), and Request Context (PurposeOfUse) - Mike Davis
|
Security
|
Room TBD
|
Q4
|
3:30 -5:00
|
|
Free Security Educational Session
HL7 Atlanta site brochure Course description - page 23
-
FHIR Security Model - John Moehrke
-
Audit Logging to support security survelance and privacy accounting of disclosures -- Pat Pyette / John Moehrke
|
Security
|
Room TBD
|
Thursday May 9, 2013
Thursday Q1 – 2
-
Q1
|
9:00-10:30
|
.
|
Security WG Project Meeting
-
Ballot Reconciliation - Security and Privacy Ontology
-
Ballot Reconciliation - Healthcare Privacy and Security Classification System
|
Security
|
Room TBD
|
Q2
|
11:00-12:30
|
| |
Security
|
TBD
|
<>
Audio recording started: 11:58 AM Thursday, May 09, 2013
Presiding chair: Mike Davis
WG reviewed the agenda. A Joint EHR, SOA, and Security meeting for FHIR preempts the planned reconciliation in Q2. Key ballot commenters and cochairs will not be available for Q3 - 4. WG decided to cancel Q2 - 4 and to continue reconciliation on interim calls.
See ballot spreadsheet
Decisions outside of the spreadsheet:
-
WG agrees to use numbered headers and line numbers.
-
WG agrees to move the example codes to the guide.
-
WG reached consensus on the disposition of John Moehrke's negative comments on
-
Row
|
Item
|
Disposition
|
5
|
2
|
Not persuasive
|
7
|
4
|
Persuasive
|
16
|
13
|
Not persuasive with mod
|
17
|
14
|
Persuasive with mod
|
19
|
16
|
Persuasive with mod
|
-
Proposal
|
Mike asked for a motion for the SWG to accept the proposed dispositions to John Moehrke's HCS ballot comments listed above.
|
|
|
|
Moved
|
Second
|
Opposed
|
Abstain
|
In Favor
|
John
|
Suzanne
|
0
|
0
|
9
|
Thursday Q3
-
Q3
|
1:45 -3:00
|
|
Security WG Project Meeting
|
Security
|
Room TBD
|
CANCELED
Thursday Q4
-
Q4
|
3:30 -5:00
|
|
Security WG Administration Meeting
-
Co-Chair Administrative time (Charter review, items due to the Steering Division)
-
Security WG 3-Year Plan
|
Security
|
Room TBD
|
CANCELED
| Page
Share with your friends: |