This is the home page for the HL7 Security Work Group. Security is an early adopter of the functions being developed as part of the JIRACon Project. In this environment, attendance logs, meeting agendas and notes, and other work group functions are enabled to assist the work group participants in developing standards as well as necessary housekeeping functions for standards development organizations. Use JIRA to document issues, change requests, questions, and comments for documentation and resolution.

202209 Security WGM Agenda/Minutes

Charter

Work Products and Contributions to HL7 Processes

• Standards
  • Develop and maintain a Composite Security and Privacy Domain Analysis Model as the basis for work products and artifacts.
  • Security and privacy policy management, by communicating security and privacy policies among trading partners,
  • Role engineering and management, e.g., defining, managing, and communicating structural and functional roles to which security and privacy policies apply,
  • Privilege management, e.g., defining, managing, and communicating the association of security and privacy policies with roles,
  • Access control, e.g, defining, managing, and communicating the association of entities (people, systems, etc.) with privileges, and accountability auditing for use of privileges,
  • Security and privacy policy modeling and associated association of terminologies to facilitate interoperability,
  • Security auditing to support surveillance and privacy use cases.

• Informational documents and resources
  • Standards for roles and participations (such as ISO structural and functional roles),
  • Supporting infrastructure and environmental assumptions for security and privacy,
  • Security and privacy threat models for healthcare IT systems and networks,
  • Functional models for security and privacy infrastructure and security and privacy services needed for advanced interoperability based on HL7 V3
  • Use cases to define requirements and model-based specifications for both communication and application security and privacy services.

• Advise all HL7 committees regarding security and privacy considerations plus the relevant technologies (e.g. Security Risk Assessment Cookbook, Standards Privacy Assessment Process,  and FHIR Implementer's Safety Checklist).
• Coordinate and support the activities of the HL7 Fast Healthcare Interoperability Resources (FHIR) processes.
• Develop specifications using the principles and language of the Services Aware Interoperability Framework (SAIF) Canonical Definition (CD) and the restrictions and specializations of?the HL7 SAIF Implementation Guide (IG) to ensure traceability from conceptual to logical to implementable specifications.? When submitting artifacts or methodology to the HL7 SAIF IG the Work Group will develop this content in compliance with the principles and language of the SAIF CD.?

Formal Relationships With Other HL7 Groups

The Security Work Group will interact via regular joint meetings with EHR, MnM, Structured Documents, CBCP, and SOA Work Groups. Additional unscheduled interactions may occur with most other HL7 Work Groups, and national affiliates, e.g., advice on selection and application of security and privacy standards and technologies for specific healthcare use cases.

Formal Relationship With Groups Outside of HL7

Formal relationships have been established by the HL7 board with the following groups that are directly relevant to the Security WG’s work:

• ASTM E31
• ANSI-INCITS
• CEN/TC 251
• DICOM
• OASIS
• OMG
• US government agencies such as NIST
• Government agencies, in association with HL7's national affiliates
• ISO/TC 215
• IHE

2017 Work Group Health All-Star Award Winner

This WG earned a WG Healthiest Star rating in each of the three trimesters measured in 2017.