Retrieve Form for Data Capture - Discussions

From IHE Wiki
Revision as of 10:41, 27 April 2007 by Gcole (talk | contribs)
Jump to navigation Jump to search

Tcon April 24, 2007

Topics

  • Review Security Matrix Spreadsheet
  • Data Clarification Proposals

Attendance George Cole, Steve Speicher, Karen Witting, Kevin Kelly, Rob Horn, Bill Majurski

Minutes

  • Discussion and walkthru of the Security Anaylsis matrix
    • george to update and repost to ftp site.
    • mitigations still need to be discussed
  • Review of updated profile document - led by Steve
    • WSDL added to appendix
    • sample XForms 1.1 added to appendix
    • proposed change to Retrieve Form transaction so Form Manager can handle prepopulation
    • namespace conventions to be addressed by co-chairs


Tcon April 03, 2007

Attendance - George Cole, Lynn Felhofer, Steve Speicher, Mike Henderson, Landen Bain, Dave Iberson-Hurst, Karen Witting, Kevin Kelly, Bill Majurski, Rob Horn, John Moehrke

Topics

  • Trial Implementation status review
  • Review currently proposed areas for change
  • Action items / Agenda for next tcon (4/24)

Details

  • Trial Implementation status review
    • Current status: do we need to CP everything ? No – produce new document, use Word to produce a differences document
    • CP for transaction numbers in existing profile is complete …the transaction numbers are assigned and need to be put into new document
    • Goal for 07-08: Trial Implementation with full Connectathon Testing
  • Review currently proposed areas for change
    • Date Clarification - How does a drug sponsor communicate needed clarification on submitted forms? Dave will take this; materials coming for the next meeting (which he will have to miss)
    • Security - profile says ATNA...will that work ? Long discussion - see below
    • Support for multiple submissions - one form, retrieved by any number of Form Fillers, each with different Form Archiver needs; likely handled by XForms 1.1
    • Better support for Prepopulating Forms - Current mechanisms require problematic and insecure methods; This should continue to be outside of the profile; It could still be done as an experimental part of HIMSS Showcase, but Profile testing comes first.
    • More robust form request/query support - Currently only request based on formID or URL. Steve and Kevin will take this; materials coming for next meeting.
    • Addition of WDSL to support WS calls - Current profile says "WSDL to be added later"; Steve will take this.
    • Support for XForms 1.1 - Specification is maturing in W3C. Usage of submission changes remove the need for Javascript for configurable submission sites. Steve – XForms 1.1 is in last call for comments for another week. Multiple submission targets without the need for javascript for configurable submissions. Steve will supply a sample.
  • Actions / Agenda for next tcon (4/24)

Agenda items for next tcon: Review Data Clarification, Review Risks document, plan for 5/1 tcon.

Security Discussion

There was a gerenal discussion on RFD and Security.

A PowerPoint on the RFD Landscape was discussed.

Group discussion today about these ideas: Biosurveillance needs may be different;

Clinical trails have their own requirements. Security mechanisms need to take into account delivery to third party. Is this profiled or is this the responsibility of the Form Receiver and the EDC community ?

Device/equipment trials may be different than drug trials.

These other risks can be worked into risk assessment. Ok to have risks that have not been mitigated.

Form Archiver – need one with the Form Manager ? Forms belong to the investigator

Policy mechanism – how do you know something comes from an investigator ? Signature in the paper world

What are the things (assets) that might have their confidentiality compromised ?

  • Form contents
  • Privacy of subject
  • Validity of submitted forms
  • Authenticity of form contents
  • Authenticity of form source
  • Employee privacy
  • Form filler identity
  • Correct date/time
  • Partially filled out forms
  • Investigator time
  • Auditor time
  • Blank form
  • Existence of a Study and Existence of possible Outbreak or Adverse Event

Threats:

  • Rogue Investigators
  • Rogue Managers
  • the Press and other Investigators
  • Corrupt platforms e.g. loggers, phishing,

Threat categories: : tech, strategic, commercial, organizational, human, political, financial/economic, environmental


George will produce an updated matrix for review, using input from this meeting and the matrix that exists in the profile.

Retrieved from "http://wiki.ihe.net/index.php?title=Retrieve_Form_for_Data_Capture_-_Discussions&oldid=4337"