Notes from NHIN Direct Security & Trust Meeting


Date: July 22, 2010
Time: 2pm-3pm
Attendees
: Nick Radov, David McCallie, Tim Andrews, Mike Berry, Patrick Pyette, Sean Nolan, Arien Malec, Uvinie Hettiaratchy, Pete Palmer, Mike Davis, Brett Peterson
Actions from this week:
#
Date
Action
Status
Owner
Due Date
39
7/21/10
Updated threat assessment model with John Moehrke’s threat assessment model
Open
Sean Nolan
7/29/10
40
7/21/10
Draft guidance for recommendations for specification for security agent
Open
Sean Nolan
7/29/10

Actions from last week:
#
Date
Action
Status
Owner
Due Date
37
7/15/10
Update description of encryption options
Open
Sean Nolan
7/22/10
38
7/15/10
Reach out to Dixie when appropriate amount of documentation is done.
Open
Arien Malec / David McCallie
7/30/10

Agenda
Notes
Sean Nolan
  • There was agreement last week on headers.
  • I put together a page today which is pretty short, but wanted to review that with folks and go around the room to see if there are any mistakes or want to tweak.
  • To re-cap discussion, wanted to call out tension between header information. Depending on how you implement S/MIME implementation there are two options – 1 that encrypts all headers and one that does not. We had discussion about how to deal with that. There may be a PHI.
  • Given two mechanisms and there may be PHI in those headers, we can require encryption of those headers without any new NHIN software or came around large consensus that said as long as people are aware of implications, can use existing software.
  • Recommendation: New software be capable of encrypting either technique and the burden of asking people to use either technique is quite low and that new code be capable of decrypting either version that comes in.
  • Assume that sender is taking responsibility for the information.
  • Suggest that new code not include PHI in those headers indiscriminately.

Round the Room
David McCallie
  • Happy with way it stands. If not high cost to preserve options, then I’m ok with approach.
Tim Andrews
  • It makes sense to me.
Mike Berry
  • Agree with approach
Pat Pyette
  • We’re ok.
Pete Palmer
  • Ok with it.
Mike Davis
  • We’re ok.
Brett Peterson
  • I’m ok.
Arien Malec
  • Joined late, so pass
Nick Radov
  • Prefer disallow PHI if possible through policy. No matter what the solution, there’s always potential leak based on client. I think this is not really different from any other software solution.
  • Sean Nolan – It’s not, but it’s also asking to change behavior. It’s unnatural to ask people to limit their subject.
*


Sean Nolan
· Any other business?
Arien Malec
· One outstanding action is to reconcile John Moehrke’s end to end threat assessment with your HISP to HISP threat assessment.
Sean Nolan
· Yes, I need to move his threats to mine. I haven’t done that and it’s on my list.
Arien Malec
· Want to make sure specification addresses all security threats.
Sean Nolan
· Since next driver of business is going to be prompted by other folks, I’m going to suggest we be prepared to cancel next week’s meeting.
Arien Malec
· Only thing I’d like to do is recommendations for specification for security agent.
· Not a new document, template that we borrowed from IETF standard security recommendation and IHE has standard security recommendation.
· Additional things implementers should do to address the threats.
Sean Nolan
  • I’ll try to draft something that creates guidance for that.
  • I’ll put a wrapper around set of threat models and see if that could work.