HL7 Meeting Sydney, Australia

Security Technical Committee

Meeting Minutes

Attendees

Name / E-mail / Tue Q1 / Tue Q2 / Tue Q3 / Tue Q4 / Thu
Q1 / Thu Q2 / Thu Q3 / Thu Q4
Allen Hobbs /
Bernd Blobel / / X / X / X
Bill Braithwaite /
Dan Anderson /
David Staggs /
David Fusari /
Ed Larsen /
Gila Pyke /
Alexander Mense / / X / X / X
Zoran Milosevic / / X
Hideyuki Miyohara / / X / X / X
John Moehrke /
John Travis /
Kathleen Connor /
Lori Fourquet /
Mike Davis /
Andrzej Knafel / / X / X
Paul Knapp /
Rich Furr /
Stefan Sabutsch / / X
Steve Wagner /
Trish WIlliams / / X / X / X

10January 2011 Joint Meeting with Community Based Collaborative Care (CBCC) for Joint Project Progress Report

Discussion of the Semantic Health Information Performance and Privacy Standard (SHIPPS)  The 4 present Security WG representatives emphasized that the project’s topic should be strongly impacted by the Security WG.

The discussion of a new project proposals has been summarized as not realistic and too ambitious. It was recommended to limit scope and focus of the project.

Minutes

  1. Introductions
  2. Agenda approval Motion by Blobel/Miyohara 5/0/0
  3. Reports from other security-relevant organizations activities:
  • ISO/TC 215 WG4/CEN
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat forward ISO 21091, "Health informatics: Directory Services for healthcare providers, subjects of care and other entities” to the ISO Central Secretariat for circulation as a 2nd DIS ballot. A revised document with separate revisable figure files and a completed table of comments will arrive at the TC secretariat no later than January 30, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat forward ISO TS14265, “Classification of Purposes for processing personal health information” to the ISO Central Secretariat for publication, and that the document arrives at the TC Secretariat no later than October 22, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat circulates the NWIP ballot, “Health informatics — Data Protection in trans-border flows of personal health information” for approval as a new work item targeting an International Standard via the Vienna Agreement with an ISO lead and the Form 4 and the document arrives at the TC Secretariat no later than October 20, 2010 to be placed on the ISO/TC 215 balloting portal no later than November 3, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat circulates ISO 20301, “Health Informatics – Health Cards – General Characteristics” as a 2 month CD and a document arrives at the TC Secretariat no later than October 20,2010 to be placed on the ISO/TC web site no later than November 3, 2010.
  • ISO/TC 215 approves the WG4 recommendation that the ISO/TC 215 Secretariat to forward to ISO 21549-1 Patient Health Card Data Part 1 General Structure for ISO Central Secretariat to confirm with editorial corrections, and that the document arrives at the TC secretariat no later than October 20, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat forward DIS 21549-2 “Patient Health Card Data Part 2 Common Objects” to the ISO Central Secretariat for circulation as a 2 month CD ballot. A revised document, separate revisable figure files and a completed table of comments will arrive at the TC secretariat no later than October 20, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat forward DIS 21549-3, “Patient Health Card Data Part 3 Limited Clinical Data ” to the ISO Central Secretariat for circulation as a 2 month CD ballot. A revised document, separate revisable figure files and a completed table of comments will arrive at the TC secretariat no later than October 20, 2010.
  • ISO/TC215 approves the WG4 recommendation that the ISO/TC215 Secretariat forward DIS 21549-4, “Health Cards – General Characteristics” to the ISO Central Secretariat for circulation as a 2 month CD ballot. A revised document, separate revisable figure files and a completed table of comments will arrive at the TC secretariat no later than October 20, 2010.
  • ISO/TC215 approves the WG4 recommendation that TS 25238, “Classification of Safety risks from health software” to be revised and support the intent to withdraw the standard once a new standard is available from the ISO/TC215 program of work.
  • ISO/TC215 approves the WG4 recommendation that Health informatics -- Privilege management and access control part 3 Implementations be brought forward for systematic review at the earliest time so that the review of parts 1 Overview and Policy Management and 2 Formal Models of TS22600, “Health informatics -- Privilege management and access control” can be managed efficiently.
  • ISO/TC215 approves the WG4 recommendation that ISO/TC 215 WG4 support the work to leverage Standards Knowledge Management Tool of ISO TC 215 for the ISO/TMB Privacy Steering Committee 01.
  • DICOM WG 14
  • The SHA-2 Encryption Package has been developed
  • Supplement 142 Anonymization for Testing is now balloted
  • National Efforts
  • Australia:
  • The national agency NEHTA is driving the Security Access Framework -1
  • Implementation of a national health ID covering providers (individual) and organizations
  • Implementation of ISO 27799
  • Japan:
  • The government has decided and started a project to enable communication between hospitals using a standardized format. The project’s final objective is the move towards a patient-managed PHR, stored in a centralized database
  • Germany:
  • German health telematics platform is still under development. For overcoming the period of stagnation, the national infrastructure project has been separated into single parts dedicated to the organization mainly managing the routine project in practice. Other projects deal with EHR pilots as well as the national standardization of EHR and EHR architecture in a project funded by the Federal Ministry for Economy and Technology and led by the national eHealth Competence Center Regensburg.
  • EU-Projects:
  • The multi-national project for EU citizens information communication epSOS (European Patients Smart Open Services) continues its health related chapter. The project will be extended beyond the core members to integrate further EU countries.
  1. Coordination with other HL7 committees will continue as defined.

12 January 2011 Joint Meeting with EHR WG

In the meeting, possible contributions of the Security WG in the context of the EHR-FM R2 have been discussed. Here, the collection of all the knowledge provided by domain experts has to be formalized step by step, following different levels of ontology presentation styles.

12 January 2011 Joint Meeting with SOA for Joint Project Progress Report

4 representatives of the Security WG have been participating in the meeting. Main topic of the meeting was the discussion of the PASS project. After presenting an access control specification based on OASIS work, the following basic issues have been discussed:

A repetition of the OASIS work should be avoided. For providing an access control service within the family of OMG SOA infrastructure specifications, the possible reuse of the existing DSS specifications should be checked.

As all Agenda topics not dedicated to US members of the Security WG have been fully managed in time, the Thursday meeting was switched to bilateral discussions limited to the first two Quarters.

1