Stern Kostenlose Vektoren, Fotos und PSD-Dateien

WGM Minutes approved 2020-05-26 Security WG Agenda/Minutes

Date: 5/19/2020

Q3 (1:30 - 3:00 PM ET)

Security Joint with Biomedical Research and Regulation (BR&B) - Research Provenance Use Cases, collaboration

Kathleen presented background about PSAF Provenance DAM based on W3C PROV and IVOA.

She referred the group to Relationship of PSAF Provenance with Other Provenance Standards and Profiles for more detail.

Now working with implementers looking for real research use cases to test.

VA and health system vendors had prepped a Provenance demonstration for HIMSS. 

The planned vignette involved the Million Veteran Program research project.

Looking for another opportunity to demonstrate research provenance.

Security WG is interested in collaborating with BR&R on use cases and development of a FHIR Research Provenance profile.

Possibly a Connectathon Provenance Track to test a FHIR Research Provenance profile being exchanged via a Federated Provenance Server with perhaps a blockchain component.

Possible research use cases discussed:

Peter Bromberg has been emphasizing the importance of tracking status changes wrt 5 Ws (who, what, where, when, and why).

Craig Andersen - Canadian product labeling use case for chaining provenance of product label version changes.

Matt Natter Boston's Children's Hospital FDA Patient Reported Outcomes [PRO] provenance from clinical trials - whether the patient or someone on behalf of the patient - using audit log to check the hash of sender signature

Other FDA participants - Mark Gray, Norman Gregory

John Moehrke joined to discuss possible research provenance profile that could be tested at Connectathon.  

Topic will be followed up at FHIR Security.

Date: 5/21/2020

Quarter: 5 (5pm - 6:30 pm EST)

Chair: Alex Mense

Scribe: Alex Mense

No more international reports, no liaison reports at all because of lack of people.

No motions, no decisions.

Adjourned 5:35

Date: 5/22/2020

Quarter: 2

Minutes Approved as Presented 

Agenda

Approved with addition of WG Health discussion


Work Group Health

The 2020May WG Health reports and the Project and Ballot Health report have been posted here: https://confluence.hl7.org/display/TSC/2020May+Final+Reports

Links to individual reports:

Project and Ballot Health Metrics Report:

https://confluence.hl7.org/download/attachments/82913321/ProjectBallotHealthMetrics2020MayWGM.xlsx?api=v2

WG Health Reports:

Administrative Steering Division

Clinical Steering Division

Infrastructure Steering Division

Organizational Support Steering Division

Kathleen cleaned up deficiencies so Security now has clean bill of health.  Virtual Stars to all.
FHIR DS4P IG Ballot Outcome

Ballot results:

Quorum met - 107 voters, FHIR DS4P IG Ballot Passed

  • Affirmative - 26
  • Negative - 13
  • Abstain - 35

Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is.  Only the profiles are implementable.

https://www.hl7.org/documentcenter/public/wg/tsc/HL7%20May%202020%20Ballot%20Results.zip

Sept NIB by July 5 per Security WG Admin

SMART Web Messaging PSS

Brett Marquard - Request that Security co-sponsor

https://confluence.hl7.org/display/FHIRI/SMART+Web+Messaging+PSS

Deferred until 2020-05-26 Security WG Agenda/Minutes
Security and Privacy  Information Model (S&P DAM REFRESH)

Review and seek approval of the HL7 Privacy and Security Information Model PSS

Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models)  mapped to Access Control services.

Need to complete PSS milestones per Security WG Admin Upcoming PSS and NIB Deadline Dates for Future Ballot Cycles

Security WG approval June 5, 2020

ISD approval - by July

TSC before August 23, 2020

Motion to Approve HL7 Privacy and Security Information Model PSS

Moved/Second:

Vote - Approve/Abstain/Oppose: #- 0 - 0

WG decided that PSS needs revisions shown below




 Delete



1a. Project Name

HL7 Privacy and Security Information Model PSS


1b. Project ID



1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No


1d. Is your Project Artifact being Reaffirmed or proceeding to Normative directly after being either Informative or STU?

No


1e. Today's Date



1f. Name of standard being reaffirmed



1g. Project Artifact Information



1h. ISO/IEC Standard to Adopt



1i. Does the standard include excerpted text from one or more ISO, IEC or ISO/IEC standards, but is not an identical or modified adoption?



1j. Unit of Measure



2a. Primary/Sponsor WG

Security


2b. Co-Sponsor WG

Community Based Care and Privacy


2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot


2d. Project Facilitator

Mike Davis


2e. Other Interested Parties (and roles)

Kathleen Connor-Security WG Co-Chair

Suzanne Gonzales-Webb-CBCP WG Co-Chair Bernd Blobel to provide input based on ISO DIS 23903 Interoperability and Integration Reference Architecture - Model and Framework


2f. Modeling Facilitator

Mike Davis


2g. Publishing Facilitator

Mike Davis


2h. Vocabulary Facilitator

Kathleen Connor


2i. Domain Expert Representative

Suzanne Gonzales-Webb Alexander Mense Mohammad Jafari Beth Pumo  [Need more diverse and international input here.]


2j. Business Requirements Analyst



2k. Conformance Facilitator



2l. Other Facilitators



2m. Implementers

Department of Veterans Affairs NEED More implementers


3a. Project Scope

Develop and publish up-to-date Security and Privacy Information Model  NEED to define Information Model.  Can't just reference v3 DMIMs as those are specific to a particular syntax, which uses v3 RIM classes, attributes, datatypes, and semantics (vocabulary) - absolutely not applicable in a conceptual model.  Need to clearly make Behavioral Model out of scope since the DAM and PSAF include behavioral models.


Attachments



3b. Project Need

Current Wording: The current HL7 Security Information models is out of date (dates back to 2014). Since that time significant changes to class relationships including new relationships and need to connect more holistically to modern HL7 standards have emerged.

Proposed revision:

The current HL7 Composite Security and Privacy Domain Analysis Model information models  is out of date (dates back to were completed in 2014). Since that time significant changes to class relationships including new relationships to other Security models have been developed such as Security Labeling, Audit, Trust and Provenance.  These models need to connect more holistically in an updated, overarching conceptual model.

[KC -  No changes have been made to the DAM models in TF4FA - mostly because BB raised a fuss whenever the TF4FA strayed from ISO 22600 S&P DAM models have NOT been deprecated or overridden by PSAF - so best to characterize this as an enhancement.]


3c. Security Risk

No


3d. External Drivers

None


3e. Objectives/Deliverables and Target Dates

For comment ballot. STU in May 2021


3f. Common Names / Keywords / Aliases:

Security and Privacy Information Model


3g. Lineage

Builds upon previous 2014 model


3h. Project Dependencies

None


3i. HL7-Managed Project Document Repository URL:

https://confluence.hl7.org/display/SEC/HL7+Privacy+and+Security+Information+Model


3j. Backwards Compatibility

No Yes - all of the S&P DAM classes and attributes are in PSAF.  In what way is this conceptual model not backwards compatible?


3k. Additional Backwards Compatibility Information (if applicable)



3l. Using Current V3 Data Types?



3l. Reason for not using current V3 data types?



3m. External Vocabularies



3n. List of Vocabularies



3o. Earliest prior release and/or version to which the compatibility applies



4a. Products

V3 Conceptual Information Model Domain Information Model (DIM / DMIM) You may want to meet with ARB to ask for guidance on how to characterize the model you are proposing.  Pretty sure it is not a V3 DIM/DDMIM


4b. For FHIR IGs and FHIR Profiles, what product version(s) will the profiles apply to?



4c. FHIR Profiles Version



4d. Please define your New Product Definition



4d. Please define your New Product Family



5a. Project Intent

Revise current standard


5a. White Paper Type



5a. Is the project adopting/endorsing an externally developed IG?



5a. Externally developed IG is to be (select one)



5a. Specify external organization



5a. Revising Current Standard Info

Composite Security and Privacy Domain Analysis Model


5b. Project Ballot Type

Normative (no STU)


5c. Additional Ballot Info



5d. Joint Copyright

No


5e. I understand I must submit a Joint Copyright Letter of Agreement to the TSC in order for the PSS to receive TSC approval.

no


6a. External Project Collaboration



6b. Content Already Developed

40%


6c. Content externally developed?

No


6d. List Developers of Externally Developed Content



6e. Is this a hosted (externally funded) project?

No


6f. Stakeholders

Clinical and Public Health Laboratories, Immunization Registries, Quality Reporting Agencies, Regulatory Agency, Standards Development Organizations (SDOs), Payors


6f. Other Stakeholders



6g. Vendors

EHR, PHR, Health Care IT, Clinical Decision Support Systems, Lab


6g. Other Vendors



6h. Providers

Clinical and Public Health Laboratories, Emergency Services, Local and State Departments of Health


6h. Other Providers



6i. Realm

Universal


7d. US Realm Approval Date



7a. Management Group(s) to Review PSS



7b. Sponsoring WG Approval Date



7c. Co-Sponsor Approval Date



7c. Co-Sponsor 2 Approval Date



7c. Co-Sponsor 3 Approval Date



7c. Co-Sponsor 4 Approval Date



7c. Co-Sponsor 5 Approval Date



7c. Co-Sponsor 6 Approval Date



7c. Co-Sponsor 7 Approval Date



7c. Co-Sponsor 8 Approval Date



7c. Co-Sponsor 9 Approval Date



7c. Co-Sponsor 10 Approval Date



7e. CDA MG Approval Date



7f. FMG Approval Date



7g. V2 MG Approval Date



7h. Architecture Review Board Approval Date



7i. Steering Division Approval Date



7j. TSC Approval Date



This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Goals

Set goals, objectives or some context for this meeting.

Discussion items

TimeItemWhoNotes
5minAgenda itemName

Notes for this agenda item





Action items