This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

FHIR Consent February 26, 2016

From HL7Wiki
Jump to navigation Jump to search

Back to CBCC Wiki: Meetings

Back to HL7 FHIR Consent Directive Project


Member Name x Member Name x Member Name
x Johnathan ColemanCBCC Co-Chair x Kathleen Connor FM Co-Chair x John MoehrkeSecurity Co-Chair
. Alexander Mense . Russell McDonell . Tarik Idris
x Marty Prahl . Diana Proud-Madruga . Pat Pyette
. Suzanne Gonzales-Webb CBCC Co-Chair x David Staggs x Glen Marshall
x Rob Horn . Beth Pumo x William Kinsley
x Ken Salyards . unknown . unknown


  • Cochair introduction, roll, agenda and Feb 19 minutes
  • Report from FM improvements discussed last week.
  • Aligning definitions between Provenance, AuditEvent, Contract, and Consent -- Kathleen's spreadsheet
  • Discuss progress on Plan for completing the draft of the PCD IG


  • Agenda approved John/Rob unanimous
  • Minutes Feb 19 minutes approved John/Kathleen unanimous
  • Need to build a block vote for outstanding agreed definitions so that people can review and approve. -- Kathleen to add CPs, John to create block vote
  • Discussion on aligning Action/Activity among AuditEvent/Provenance/Contract/Consent
    • These might be alignable, but are defining different levels of abstraction
    • For example a contract tends to have activities that are broad activities that would result in many objects being created/updated (Provenance), and even more events recorded as security/privacy relevant events.
    • The definition in Provenance is a good place to start
    • we have many levels of description to work with: Definition, Requirements, Notes, etc.
    • Trying to coordinate across CBCC/Security/FM is very exhausting.. can we assign this to Security. Get FM to agree. Get CBCC to agree.
  • Review guide text
    • Added section to capture exception workflows and use-cases. Not clear where this will eventually be
    • discussed relationship to security.html page and how it should be the primary description of access control enforcement. Keep consent text at capturing terms of consent, not enforcement. JC would like high level access control reminder in consent text with details on security.html page.