Retrieve Form for Data Capture - Discussions

From IHE Wiki
Jump to navigation Jump to search

Tcon May 11, 2007


  • RFD Security Mitigations

Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Rob Horn, John Moehrke, Bill Majurski

discussing mitigations column of RFD Risk Analysis 2007-04-30.xls

M1. TLS for content integrity (Currently available) M2. ATNA audit (Somewhat available)

T's are handed off to other people - maybe list these in another column there is some cookbook that tells about M's, T's, I's might be targeted to a different audience than the readers of the profile needed - a how to read a risk assessment

G becomes Mitigations within the profile; H becomes not mitigated

I's will not be published with trial implementation

c,d,e,f,g all need to line up

list per actor of what to do...

e.g., M3 - XForms validation needs more words to explain...

list threats, and then mitigations that are handled by XForms, by external to the profile

bill - most of column c are not interoperability threats...they are data content

break the columns...

George to edit and update the spreadsheet and prepare text for the profile document

Tcon May 8, 2007


  • Transactions review
  • HTTP Get vs Post for Retrieve Form transaction

Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Steve Speicher, Rob Horn

how to submit the data payload with a get request ?

two ways to use retrieveform: ...http get and soap

Steve will be adding some text and updating the profile document

wsdl - missing more on the request type for the additional payload and this will be updated

3 return options to RetrieveForm:

  • form in the response
  • base64 encoding
  • url

if the form manager creates a prefilled form and holds it, then there is security issue

? should form filler request which type to return ?

we had a discussion on the use of xmlbase and whether or not a picec of middle-tier could resolve partial references in the text of a retrieved XForm

Tcon May 1, 2007


  • Data Clarification

Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Bill Majurski, Steve Speicher, Maryann Hondo


reviewing Clarification.doc .... after submit of data there is analysis, typically done in batches, looking across patients and data

url encompases site and study ? issue on use of what should be an opaque value

? is polling a security issue ?

? is the profile pushing the use of XForms too far ? no, probably not

? will this move away from human intervention and rely on machine txns ? no, probably not...needing human review

change to proposed to have Retrieve Clarification txn between Form Filler and Form Manager, and to be an optional txn

Tcon April 24, 2007


  • Review Security Matrix Spreadsheet
  • Data Clarification Proposals

Attendance George Cole, Steve Speicher, Karen Witting, Kevin Kelly, Rob Horn, Bill Majurski


  • Discussion and walkthru of the Security Anaylsis matrix
    • george to update and repost to ftp site.
    • mitigations still need to be discussed
  • Review of updated profile document - led by Steve
    • WSDL added to appendix
    • sample XForms 1.1 added to appendix
    • proposed change to Retrieve Form transaction so Form Manager can handle prepopulation
    • namespace conventions to be addressed by co-chairs

Tcon April 03, 2007

Attendance - George Cole, Lynn Felhofer, Steve Speicher, Mike Henderson, Landen Bain, Dave Iberson-Hurst, Karen Witting, Kevin Kelly, Bill Majurski, Rob Horn, John Moehrke


  • Trial Implementation status review
  • Review currently proposed areas for change
  • Action items / Agenda for next tcon (4/24)


  • Trial Implementation status review
    • Current status: do we need to CP everything ? No – produce new document, use Word to produce a differences document
    • CP for transaction numbers in existing profile is complete …the transaction numbers are assigned and need to be put into new document
    • Goal for 07-08: Trial Implementation with full Connectathon Testing
  • Review currently proposed areas for change
    • Date Clarification - How does a drug sponsor communicate needed clarification on submitted forms? Dave will take this; materials coming for the next meeting (which he will have to miss)
    • Security - profile says ATNA...will that work ? Long discussion - see below
    • Support for multiple submissions - one form, retrieved by any number of Form Fillers, each with different Form Archiver needs; likely handled by XForms 1.1
    • Better support for Prepopulating Forms - Current mechanisms require problematic and insecure methods; This should continue to be outside of the profile; It could still be done as an experimental part of HIMSS Showcase, but Profile testing comes first.
    • More robust form request/query support - Currently only request based on formID or URL. Steve and Kevin will take this; materials coming for next meeting.
    • Addition of WDSL to support WS calls - Current profile says "WSDL to be added later"; Steve will take this.
    • Support for XForms 1.1 - Specification is maturing in W3C. Usage of submission changes remove the need for Javascript for configurable submission sites. Steve – XForms 1.1 is in last call for comments for another week. Multiple submission targets without the need for javascript for configurable submissions. Steve will supply a sample.
  • Actions / Agenda for next tcon (4/24)

Agenda items for next tcon: Review Data Clarification, Review Risks document, plan for 5/1 tcon.

Security Discussion

There was a gerenal discussion on RFD and Security.

A PowerPoint on the RFD Landscape was discussed.

Group discussion today about these ideas: Biosurveillance needs may be different;

Clinical trails have their own requirements. Security mechanisms need to take into account delivery to third party. Is this profiled or is this the responsibility of the Form Receiver and the EDC community ?

Device/equipment trials may be different than drug trials.

These other risks can be worked into risk assessment. Ok to have risks that have not been mitigated.

Form Archiver – need one with the Form Manager ? Forms belong to the investigator

Policy mechanism – how do you know something comes from an investigator ? Signature in the paper world

What are the things (assets) that might have their confidentiality compromised ?

  • Form contents
  • Privacy of subject
  • Validity of submitted forms
  • Authenticity of form contents
  • Authenticity of form source
  • Employee privacy
  • Form filler identity
  • Correct date/time
  • Partially filled out forms
  • Investigator time
  • Auditor time
  • Blank form
  • Existence of a Study and Existence of possible Outbreak or Adverse Event


  • Rogue Investigators
  • Rogue Managers
  • the Press and other Investigators
  • Corrupt platforms e.g. loggers, phishing,

Threat categories: : tech, strategic, commercial, organizational, human, political, financial/economic, environmental

George will produce an updated matrix for review, using input from this meeting and the matrix that exists in the profile.