SDWG - CDAR3 - 12/15/2011

Austin Kreisler
Diana Behling
Scott Parkey

Failed to reach quiorum, but we continued to slog through the security risk assessment anyway

Agenda:
* Continue Security Cook review and CDA R3 - Identify security/privacy scope based on items in task tracker
* Continue with Task Tracker Review

Minutes
ID 61 Digital signature for header participations (author, authenticator, legalAuthenticator)
- done previously

ID 62 - EHR Interop - CDA R3 - Access Control
- Added a baseline assumption about access control hooks

ID 66 Custodian Mandatory vs. required
- doesn't seem to be directly relevent, custodian has the same security responsiblities that anyone receiving the document would have.

ID 72  Role codes for information recipient and other participations'
- Need to review with work group to verify we are adding funcCode & role.code to information recipient in particular. Role code in particular does seem to be necessary here to help differentiate the actial information recpient role. May also need to examine expanding the allowed Role class codes, in particular to indicate the patient is a potential information recpient.