Security & Trust Meeting 2010-08-12
Date: August 12, 2010
Time: 2pm-3pm
Attendees:
Nick Radov, Tim Andrews, Don Jorgenson, Patrick Pyette, Dave Juntgen, Sean Nolan, Erik Horstkotte, Arien Malec, Uvinie Hettiaratchy, Ioana Singureanu, Jack Ousey, Pete Palmer, Andrew Rikarts, John Moehrke
Actions
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 41 |
08/12/10 |
Own the task of looking at two threat models |
Open |
John |
8/16/10 |
| 42 |
08/12/10 |
Help with providing guidance to provider offices with different options, if group decides to follow this model |
Open |
Ioana |
n/a |
| 43 |
08/12/10 |
Approach Will and Dragon of Documentation and Testing Workgroup to work together on security considerations document |
Open |
Pete, Ioana |
8/18/10 |
| 44 |
08/12/10 |
Open new wiki thread specifically for other workgroups to bring issues to WG’s attention. Will also socialize the thread and track new posts |
Open |
Sean |
8/16/10 |
| 45 |
08/12/10 |
Announce new thread at next week’s Face to Face meeting |
Open |
Arien/Sean |
8/18/1 |
Agenda
1. Threat models with "wrapper"
2. Social collision
Notes
Notes:
Sean Nolan
· Two weeks ago Sean took on the task of looking at two threat models, rationalizing the John and Sean threat models with a “wrapper” that would allow the implementation teams to easily document their mitigations against specific threats called out.
o Has not done this yet, needs a volunteer to help as he tries to address more toward implementation side.
John Moehrke
-->· Volunteers to do this.
Sean Nolan
· Series of questions within the context of documentation team trying to say, “how should we print out this idea of social collision between people using regular email and indirect emails?” For people using EHRs this won’t be a big issue but it will be for smaller clients. Asks the group for clarification based on three different scenarios?
o What is group’s position on people using one email account with some of it secure, and some not?
o How about one email client but configuring two accounts within client, with one secure account, one not secure.
Someone in a previous meeting or on the wiki had an issue with this.
o Finally, what are the issues about actually separating out the differences in a more significant way?
· Sean’s personal perspective is that the security and trust workgroup should not get too deeply involved in policy-level discussions. Wants to hear from Arien, John, and then the rest of the group on this topic.
Arien Malec
· Direction headed in seems consistent with how the thread was going.
· Frame: there is a threat model for specs but there is also a security considerations document underway in the doc group. Wonders if these kinds of things (wrapped v. unwrapped, etc.), are the set of things that go into a security considerations doc. Or if there should be a sub threat model. Feels WG should make document considerations but stay out of policy.
John Moehrke
· Would like to see WG doing more than just documenting the risk. As a body of SMEs, they have different ways to solve the problem and can recommend ways to solve problems encountered. WG does need to recognize that the primary audience, the very small provider practice, doesn’t really have an IT department. WG does owe our audience some recommendations but it really should be the practice’s decision as far as which way they go. In many cases, with security risks, there are probably 3-4 ways to solve and everyone brings in their own baggage.
Sean Nolan
· Should we expect to contribute to that doc?
Round the Room on contributing to security considerations document
| Nick Radov |
No comment. |
| Don Jorgenson |
Likes the idea of the document, thinks some guidance would be useful. Privacy issues associated with inadvertent disclosure and moving things around between systems as key concern. |
| Dave Juntgen |
Apologies, first meeting and still catching up. Regarding the document, it sounds like what you’re talking about is more driven towards consumers using the indirect. Correct? Arien Malec · Yes, documented toward individual providers, support organizations, RECs, HIEs, HISPs supporting, etc. John Moehrke · Documentation workgroup has a laundry list of different audiences that these docs will be written for. Dave Juntgen · A flow diagram would be useful. |
| Erik Horstkotte |
No comment. |
| Ioana Singureanu |
Wants to stress the privacy implications of disclosing information through a message header or content. Wants to emphasize those are areas where very clear guidance is needed for provider organizations. They will have different environments within EHR, their email might not be secure right now. Providing guidance to provider offices with different options is a good setup. -->· Offers to help with this if WG decides to go this direction. |
| Jack Ousey |
Should not be an option. Security and privacy people should know eyes wide open as they walk in. WG should contribute any potential risks, and give examples on how to mitigate. General agreement with what has been said but wants it to be required, not optional. |
Sean Nolan
· Who is working on the particular document?
Arien Malec
· Will Ross and Dragon Bashyam.
| Pete Pyette |
Also thinks it should be almost a requirement. |
| Andrew Rikarts |
No comment. |
| Tim Andrews |
All of this is legal and policy related, so the questions at the end of the day are liability, breach, and need to be integrated. If WG writes something we think will be useful, those guidelines will need to go the whole 9 yards. For instance, “here is what your lawyers are going to say and what you should tell them.” The guidelines need to get to the end game. Arien Malec · Would be hard for us to give legal advice, but we can provide, “if you use the wrong email client you are potentially providing info to the wrong servers…” and identify triggers and consequences. John Moehrke · We can address what it would mean as far as HIPA requirements go. Ioana Singureanu · If we avoid legal speak, and just give them the facts, its ok. |
Sean Nolan
-->· So basically Will and Dragon were forming the original document, and now Pete and Iona can approach.
o Pete and Iona agree.
John Moehrke
· We should make sure our arms are open to whichever group needs our support. Anytime they have concerns about privacy or security, they ought to be able to feel free to know how to ask an SEM in our workgroup that question. If there is any way we can facilitate that better, let’s do it. It’s exactly what we are here for, not to dictate, but to field questions and run them through our collective knowledge.
Sean Nolan
· Fantastic idea.
-->· Will open up specific wiki thread for issues to be brought to WG’s attention. Will create and socialize the thread, as well as track new posts.
Arien Malec
-->· Sounds great. We should make sure to announce this new thread at Face to Face.
· The key issues were covered in this meeting.
· Sean successfully moved all the high priority issues into an action state.
· Nothing to add.
Sean Nolan
· Round the room for new topics?
(10 second pause)
· -->Will post pieces up on the wiki.
· Meeting concluded.