HL7 Meeting Atlanta, GA September, 2009

HL7 Security WorkgroupMeeting Minutes

Attendees

Name E-mailTue

Q1

Tue

Q2

Tue Q3

Tue

Q4

Thu

Q1

Thu Q2

Thu Q3

Thu

Q4Alex Dejong alex.dejong@siemens.com XAndy Bond andy.bond@nehta.gov.au XBernd Blobel bernd.blobel@klinik.uni-regenburg.de X X X X XBill Braithwaite bill@braithwaites.com X XDavid Staggs david.staggs@va.gov X X XDon Jorgenson djorgenson@inpriva.com XGlen Marshall glen.f.marshall@siemens.com X X X X X X XHarry Rhodes harry.rhodes@ahima.org XHideyuki Miyohara miyohara.hideyuki@ap.mitsubishielectric.co.j

p X X X X X X X

John Moehrke john.moehrke@med.ge.com X X X X X X XLori Reed-Fourquet lori.fourquet@sbcglobal.net X X XMike Davis mike.davis@va.gov X X X X X X XRay Krasinski raymond.krasinski@philips.com X X X XRichard Thorenson richard.thoreson@samhsa.hhs.gov X XSteven Connolly sconnolly@apelon.com X X X X XSteven Ward stw@lilly.com X Suzanne Gonzales-Webb

suzanne.gonzales-webb@va.gov X X X X

Minutes

1. Introductions

2. Agenda approval

3. Reports from other security-relevant organizations’ activities ISO -

o Next ISO meeting @ Durham, NCo Audit trails for electronic health records. Revisions made. The revision broke

desired continuity with RFC 3881. Sent to Joint CEN-ISO-HL7 committee for harmonization.

o NWIP Classification of Data Purpose-of-use will be brought forth.o NWIP Security & Privacy requirements for compliance testing in EHR

systems (part 2 is PP for small-scale EHRs)o TR Dynamic on-demand VPN for health information infrastructureo Guidelines on data protection to facilitate trans-border flows of health

information updated

1

HL7 Meeting Atlanta, GA September, 2009

o TS 13606-4 - EHRs Communicationo TS 21547-1 and TR 21547-2 - Secure Archiving of EHRs.TS 21091 -

Directory Services - going to full IS HITSP work done and under-way

o Service Collaborationso Consumer Preferenceso Common Data Transport

ASTMo E1986 - coded values for role codeso Proposing E31.25 security joint with next HL7 meetings - suggest Friday

8am-noon OASIS

o XSPA - profile of SAML, XACML, and WS-Trust plus HL7 RBAC and ASTM E1986 have reached technical committee approval and expect full standard by November 1. Probably will incorporated into HITSP C19, TP20, TP30

IHE o Change proposals to clear-up BPPC profile confusiono Add new Syslog protocol (RFC 5424, 5425, 5426), replacing UDP and

deprecating RFC 3194.o Access control white paper

EuropeSlides presented by Bernd Blobel:

Japano Slides presented by Hideyuki Miyohara (not provided)

4. Project Review Project database clean-up Security Domain Analysis Model (DAM)

o Approved by motion in joint meeting. Security to leado Project plan to be submittedo Submitted to Steering Division, to be discussed on October 6 call.o Target is January 2010 DSTU balloto Will utilize Tuesday 1pm-2pm t-con time

Implementation guide for Composite Privacy Consent Directiveo Approved by motion in joint meeting. CBCC to leado Project plan to be submittedo Submitted to Steering Division, to be e-voted.o Target is January 2010 DSTU balloto Will utilize Tuesday 1pm-2pm t-con time

Risk Management Assessment update

2

HL7 Meeting Atlanta, GA September, 2009

o Suzanne Gonzales-Webb owns this for the WG, working with Diana Medrugao Delayed until January 2010o Plan to conduct live class in January. No current plan to put it online, but it is

possible after the tutorial is conducted a few times to mature it. New Proposals, including joint projects with other WGs

o None known

5. Action Items Formal harmonization pathway with ISO/TC 215 WG4

o Joint HL7-ISO-CEN (JIC) committee is the pathway. o Item closed for this WG.

RBAC Tutorial o Owned by Mike Davis.o Has been on-hold pending RBAC ballot, which is now complete.o Will formalize as a project, at least to determine need, with objective of

creating tutorial. - Motion: Project to create RBAC tutorial project [Davis, Braithwaite] vote:

no 1, abstain 0, passed 10-1. - Motion: Project to create access control technical & management tutorial

[Davis, Moehrke] Bernd is also an interested party. vote: unanimous (11) Digital Rights Management (DRM)

o We have asked Kathleen Connor to participate in Security WG for this.o No action since September 2008.o No interest in this as a project at this time. Will include it on 3-year plan.

Break Glass/Emergency Accesso Owned by Mike Davis and John Moehrke.o Need to distinguish between “break glass” and “emergency access” concepts. o PASS already has use cases to cover this.o No need for project for the Security WG. o Item closed for this WG.

HL7 Pseudonymization and Anonymization ruleso Glen Marshall, Lori Fourquet, and John Moehrke own this.o Possible joint project with Structured Documents and/or InM and/or SOA.

Need to follow-up with those WGs.o Will include it on 3-year plan.

Digital Signatureso Glen Marshall owns this for the WG. o Motion to establish a digital signature project [Moehrke, Blobel] Investigate

RIM digital signature elements and determine if HL7 Japan digital signature specification can be used as a basis to update the RIM. Vote: unanimous approval.- HL7 Japan CDA Document Digital Signature Standard

3

HL7 Meeting Atlanta, GA September, 2009

o Glen will create project proposal and submit to WG for approval, then to SD.

HL7 Harmonization of OASIS Profiles (SAML, XACML, WS-Trust)o This is satisfied by OASIS XSPA profile.o Item closed for this WG.

Use ISO/TS 22600 (PMAC) for EHR privacy protectionso Bernd Blobel owns this. o Possible new project for Security, possibly joint with CBCC and EHR, but no

resources available to move forward.o Will add to 3-year plan.

PCI Payment Card Industryo Not in HL7 scopeo Item closed for this WG

Security WG WIKIo We have this now.o Item closed for this WG

HL7 security architectural modelo Bernd Blobel owns this, as the WG modeling facilitator.o With SAEAF and PASS, do we need this as a distinct effort? o Will add to 3-year plan, as an item of interest. No deliverables defined.

HL7-specific Security Messageso Discussion: No healthcare-specific need for normative work. We need to

suppress duplication of cross-industry SDOs’ usable work in HL7 normative and informative work.

o Will add to 3-year plan as an item *not* to do. Genomic Security

o Pilot project for risk-assessment tool.o John Moehrke and Alan Hobbs own this.o There is no interest in the Clinical Genomics WG.o Will add to 3-year plan as an item of interest. No deliverables defined.

Architecting Privacyo Motion: Create a project to develop a model for privacy architecture by

design, proactively built-into systems so that privacy protections are engineered into the technology from the outset. [Davis, Blobel]. Vote: unamimous

o Mike will create project proposal for WG approval, then bring to SD.o Mike will contact CBCC for possible joint project work.

HL7 Ambassadoro We view tutorials as our initial deliverable to this program. This is not a

separate action item from those projects.

4

HL7 Meeting Atlanta, GA September, 2009

6. Charter and 3-year plan SWOT Analysis

o Strengths- Subject matter expertise in HL7 Security WG- International nature of WG members- Cross-Membership in other SDOs.

o Weaknesses- Availability of resources & time to perform work- Lack of direct participation by providers and consumers

o Opportunities- Introduce SOA architecture concepts security and privacy (e.g., SAEAF

Alfa project.)- Harmonize the existing work and promote greater collaboration among

multiple SDOs- Apply Risk Management to standards development within HL7 projects - Provide education to HL7 WG and larger stakeholder community (e.g.,

HL7 Ambassador program)- Chronic disease Mgt: (Possible TBI opportunity with Allen Hobbs)

Requires specific privacy. ?- Cross-SD coordination.

We need to promote improvements in coordination. Owned by co-chairs, via attending SD meetings

o Threats- Inappropriate incorporation of non-HL7 standards within HL7, e.g., digital

signatures that do not implement policies nor mitigate well-defined threats.

- Inappropriate definition of security protections without reference to industry standards, policies, or threats.

- HL7 tooling makes communication difficult and confusing.o Motion [Davis, Moehrke] to approve. Accepted, 1 abstention

Charter revision

o Motion [Davis, Moehrke] to approve. Accepted, 1 abstention 3-Year Plan

o Glen will merge projects, action items, and SWOT analysis with the charter to produce a draft 3-year plan, to be considered in a future teleconference meeting for formal adoption.

Adjourned until Thursday Q1

7. Ballot reconciliation Review of comments from Grahame Grieve

5

HL7 Meeting Atlanta, GA September, 2009

o Motion to accept the resolutions [Marshall, Blobel]. Approved unanimously Review of Gunther Schadow’s comment:

o Motion to accept this resolution [Marshall, Gonzales-Webb]. Approved unanimously

Review of remaining comments

o Motion to accept the resolutions [Marshall, Gonzales-Webb]. Approved

unanimously Note: See ballot resolution documents for a complete record.

8. Coordination and joint meetings with other HL7 committees Privacy DAM DSTU (Joint project with CBCC)

o 101 comments, mostly small changes.o Discussed some aspects of the comments. Asked for follow-up discussion in

weekly Security-CBCC meeting. Joint meetings in January

o CBCC Monday Q3-Q4o EHR Wednesday Q1o SOA Wednesday Q2o CCOW on Wednesday Q3

9. Next meeting Tuesday and Thursday

Adjourned Thursday, September 24, 3pm

6