Stern Kostenlose Vektoren, Fotos und PSD-Dateien

WGM Minutes approved 2020-05-26 Security WG Agenda/Minutes

Date: 5/19/2020

Q3 (1:30 - 3:00 PM ET)

Security Joint with Biomedical Research and Regulation (BR&B) - Research Provenance Use Cases, collaboration

Kathleen presented background about PSAF Provenance DAM based on W3C PROV and IVOA.

She referred the group to Relationship of PSAF Provenance with Other Provenance Standards and Profiles for more detail.

Now working with implementers looking for real research use cases to test.

VA and health system vendors had prepped a Provenance demonstration for HIMSS. 

The planned vignette involved the Million Veteran Program research project.

Looking for another opportunity to demonstrate research provenance.

Security WG is interested in collaborating with BR&R on use cases and development of a FHIR Research Provenance profile.

Possibly a Connectathon Provenance Track to test a FHIR Research Provenance profile being exchanged via a Federated Provenance Server with perhaps a blockchain component.

Possible research use cases discussed:

Peter Bromberg has been emphasizing the importance of tracking status changes wrt 5 Ws (who, what, where, when, and why).

Craig Andersen - Canadian product labeling use case for chaining provenance of product label version changes.

Matt Natter Boston's Children's Hospital FDA Patient Reported Outcomes [PRO] provenance from clinical trials - whether the patient or someone on behalf of the patient - using audit log to check the hash of sender signature

Other FDA participants - Mark Gray, Norman Gregory

John Moehrke joined to discuss possible research provenance profile that could be tested at Connectathon.  

Topic will be followed up at FHIR Security.

Date: 5/21/2020

Quarter: 5 (5pm - 6:30 pm EST)

Chair: Alex Mense

Scribe: Alex Mense

No more international reports, no liaison reports at all because of lack of people.

No motions, no decisions.

Adjourned 5:35

Date: 5/22/2020

Quarter: 2

Minutes Approved as Presented 


Approved with addition of WG Health discussion

Work Group Health

The 2020May WG Health reports and the Project and Ballot Health report have been posted here:

Links to individual reports:

Project and Ballot Health Metrics Report:

WG Health Reports:

Administrative Steering Division

Clinical Steering Division

Infrastructure Steering Division

Organizational Support Steering Division

Kathleen cleaned up deficiencies so Security now has clean bill of health.  Virtual Stars to all.
FHIR DS4P IG Ballot Outcome

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

Sept NIB by July 5 per Security WG Admin

SMART Web Messaging PSS

Brett Marquard - Request that Security co-sponsor

Deferred until 2020-05-26 Security WG Agenda/Minutes
Security and Privacy  Information Model (S&P DAM REFRESH)

Review and seek approval of the HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

Need to complete PSS milestones per Security WG Admin Upcoming PSS and NIB Deadline Dates for Future Ballot Cycles

Security WG approval June 5, 2020

ISD approval - by July

TSC before August 23, 2020

Motion to Approve HL7 Privacy and Security Information Model PSS


Vote - Approve/Abstain/Oppose: #- 0 - 0

WG decided that PSS needs revisions shown below


1a. Project Name

HL7 Privacy and Security Information Model PSS

1b. Project ID

1c. Is Your Project an Investigative Project (aka PSS-Lite)?


1d. Is your Project Artifact being Reaffirmed or proceeding to Normative directly after being either Informative or STU?


1e. Today's Date

1f. Name of standard being reaffirmed

1g. Project Artifact Information

1h. ISO/IEC Standard to Adopt

1i. Does the standard include excerpted text from one or more ISO, IEC or ISO/IEC standards, but is not an identical or modified adoption?

1j. Unit of Measure

2a. Primary/Sponsor WG


2b. Co-Sponsor WG

Community Based Care and Privacy

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Mike Davis

2e. Other Interested Parties (and roles)

Kathleen Connor-Security WG Co-Chair

Suzanne Gonzales-Webb-CBCP WG Co-Chair Bernd Blobel to provide input based on ISO DIS 23903 Interoperability and Integration Reference Architecture - Model and Framework

2f. Modeling Facilitator

Mike Davis

2g. Publishing Facilitator

Mike Davis

2h. Vocabulary Facilitator

Kathleen Connor

2i. Domain Expert Representative

Suzanne Gonzales-Webb Alexander Mense Mohammad Jafari Beth Pumo  [Need more diverse and international input here.]

2j. Business Requirements Analyst

2k. Conformance Facilitator

2l. Other Facilitators

2m. Implementers

Department of Veterans Affairs NEED More implementers

3a. Project Scope

Develop and publish up-to-date Security and Privacy Information Model  NEED to define Information Model.  Can't just reference v3 DMIMs as those are specific to a particular syntax, which uses v3 RIM classes, attributes, datatypes, and semantics (vocabulary) - absolutely not applicable in a conceptual model.  Need to clearly make Behavioral Model out of scope since the DAM and PSAF include behavioral models.


3b. Project Need

Current Wording: The current HL7 Security Information models is out of date (dates back to 2014). Since that time significant changes to class relationships including new relationships and need to connect more holistically to modern HL7 standards have emerged.

Proposed revision:

The current HL7 Composite Security and Privacy Domain Analysis Model information models  is out of date (dates back to were completed in 2014). Since that time significant changes to class relationships including new relationships to other Security models have been developed such as Security Labeling, Audit, Trust and Provenance.  These models need to connect more holistically in an updated, overarching conceptual model.

[KC -  No changes have been made to the DAM models in TF4FA - mostly because BB raised a fuss whenever the TF4FA strayed from ISO 22600 S&P DAM models have NOT been deprecated or overridden by PSAF - so best to characterize this as an enhancement.]

3c. Security Risk


3d. External Drivers


3e. Objectives/Deliverables and Target Dates

For comment ballot. STU in May 2021

3f. Common Names / Keywords / Aliases:

Security and Privacy Information Model

3g. Lineage

Builds upon previous 2014 model

3h. Project Dependencies


3i. HL7-Managed Project Document Repository URL:

3j. Backwards Compatibility

No Yes - all of the S&P DAM classes and attributes are in PSAF.  In what way is this conceptual model not backwards compatible?

3k. Additional Backwards Compatibility Information (if applicable)

3l. Using Current V3 Data Types?

3l. Reason for not using current V3 data types?

3m. External Vocabularies

3n. List of Vocabularies

3o. Earliest prior release and/or version to which the compatibility applies

4a. Products

V3 Conceptual Information Model Domain Information Model (DIM / DMIM) You may want to meet with ARB to ask for guidance on how to characterize the model you are proposing.  Pretty sure it is not a V3 DIM/DDMIM

4b. For FHIR IGs and FHIR Profiles, what product version(s) will the profiles apply to?

4c. FHIR Profiles Version

4d. Please define your New Product Definition

4d. Please define your New Product Family

5a. Project Intent

Revise current standard

5a. White Paper Type

5a. Is the project adopting/endorsing an externally developed IG?

5a. Externally developed IG is to be (select one)

5a. Specify external organization

5a. Revising Current Standard Info

Composite Security and Privacy Domain Analysis Model

5b. Project Ballot Type

Normative (no STU)

5c. Additional Ballot Info

5d. Joint Copyright


5e. I understand I must submit a Joint Copyright Letter of Agreement to the TSC in order for the PSS to receive TSC approval.


6a. External Project Collaboration

6b. Content Already Developed


6c. Content externally developed?


6d. List Developers of Externally Developed Content

6e. Is this a hosted (externally funded) project?


6f. Stakeholders

Clinical and Public Health Laboratories, Immunization Registries, Quality Reporting Agencies, Regulatory Agency, Standards Development Organizations (SDOs), Payors

6f. Other Stakeholders

6g. Vendors

EHR, PHR, Health Care IT, Clinical Decision Support Systems, Lab

6g. Other Vendors

6h. Providers

Clinical and Public Health Laboratories, Emergency Services, Local and State Departments of Health

6h. Other Providers

6i. Realm


7d. US Realm Approval Date

7a. Management Group(s) to Review PSS

7b. Sponsoring WG Approval Date

7c. Co-Sponsor Approval Date

7c. Co-Sponsor 2 Approval Date

7c. Co-Sponsor 3 Approval Date

7c. Co-Sponsor 4 Approval Date

7c. Co-Sponsor 5 Approval Date

7c. Co-Sponsor 6 Approval Date

7c. Co-Sponsor 7 Approval Date

7c. Co-Sponsor 8 Approval Date

7c. Co-Sponsor 9 Approval Date

7c. Co-Sponsor 10 Approval Date

7e. CDA MG Approval Date

7f. FMG Approval Date

7g. V2 MG Approval Date

7h. Architecture Review Board Approval Date

7i. Steering Division Approval Date

7j. TSC Approval Date

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."


Set goals, objectives or some context for this meeting.

Discussion items

5minAgenda itemName

Notes for this agenda item

Action items