This wiki has undergone a migration to Confluence found Here
May 2018 CBCP Working Group Meeting - Cologne, Germany
Jump to navigation
Jump to search
Community-Based Care and Privacy (CBCP)
formerly Community Based Collaborative Care (CBCC)
DRAFT 2018 May Working Group Meeting - Cologne, Germany - CBCP WORKING GROUP
- HL7 WGM EVENT Page Link
- [<<add link>> On-Site Meeting Schedule ],
- BROCHURE Link
- [<<add link if available>> FHIR
Community-Based Care and Privacy (CBCP) WORKING GROUP SESSIONS
Q1 = 9:00 – 10:30 am / Q2 = 11:00 – 12:30 pm / Q3 = 1:45 – 3:00 pm / Q4 = 3:30 – 5:00 pm
Agenda and Meeting Minutes
Day | Date | Qtr | Time | AGENDA ITEMS | Session Leader | Room |
SUN | MAY 13 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 | 1:45 -3:00 | No Meeting | . | |||
Q4 | 3:30 -5:00 | No Meeting | . | |||
MON | MAY 14 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 and Q4 | 1:45 -3:00 /
3:30-5:00 |
Joint CBCP , Hosting Security
NEW discussion items; NEW projects; NEW PSS, etc. - note: 10 min timestamp |
CBCP | Room TBD | ||
TUE | MAY 15 | Q1 | 9:00-10:30 | No Meeting | . | . |
Q2 | 11:00-12:30 |
GDPR, Patient Engagement and CBCP(discussion) GDPR discussion: We should define:
|
. | - | ||
Q3 | 1:45-3:00 | Joint CBCP, Hosting Security
Proposed Topics: HL7 Project status and updates:
|
CBCP | Room TBD | ||
Q4 | 3:30 - 5:00 |
|
. | Room TBD | ||
Q5 | 5:15-6:15 | Birds of a Feather (1): | . | Room TBD | ||
WED | MAY 16 | Q1 | 9:00-10:30 | Joint w/EHR Hosting: Security, CBCP, SOA, FHIR
See EHR Agenda for topics Electronic Health Records Hosting |
EHR Hosting | Room TBD |
Q2 | 11:00-12:30 | CBCP
|
CBCP | Room TBD | ||
Q3 | 1:45 -3:00 |
|
Room TBD | |||
Q4 | 3:30 -5:00 | JOINT with Behavioral Health Interest Group
|
CBCP | Room TBD | ||
THU | MAY 17 | Q1 | 9:00-10:30 | Joint Security hosting CBCP, FHIR-I
|
@ Security | Room TBD |
Q2 | 11:00-12:30 |
|
@ Security | Room TBD | ||
Q3 | 1:45 - 3:00 |
|
. | Room TBD | ||
Q4 | 3:30 - 5:00 |
|
Room TBD | |||
FRI | MAY 18 | Q1 | 9:00-10:30 | No Meeting | . | |
Q2 | 11:00-12:30 | No Meeting | . | |||
Q3 | 1:45 -3:00 | No Meeting | . | |||
Q4 | 3:30 -5:00 | No Meeting | . |
Meeting Minutes Draft
https://www.hl7.org/permalink/?WikiMinutesTemplate Monday, Q3 (10 Attendees + Chair)
- Connectathon Report-out: Using PKI in FHIR presentation from EMR Direct using UDAP Profiles
(Presentation Deck to be appended)
- Using X.509 certs with FHIR API
- Mutual TLS client-server auth
- Auth JWTs for backend services
- Dynamic client registration backed by trusted certs
- Client ID won't be sufficient so use PKI instead of shared secrets
- JWT signature submitted -> Validated to Public Key -> allows forwarding of JWT to Policy Engine
- has controls (length of validity, etc.) to prevent replay
- based on pre-registered information (user credentials)
- governance hard-coded in Policy Engine
- Cert-based JWT flow/Trust Bundle flow
- Uses AnT (Authentication Token)
- AnT included in all TLS submissions to Auth (policy) server
- Returns an Auth token (organization, user, etc.)
- The trust bundle flow includes PK Issuer (CA) into signature as well
- LoA3 requirements for both Patient/Covered Entity and CA Issuer auth request
- Software statements (software signed, not provider/client signed) can be done dynamically for limited use cases