This wiki has undergone a migration to Confluence found Here

HL7 FHIR Security 2016-10-04

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692
Join online meeting:  https://global.gotomeeting.com/join/520841173  
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair x Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn x Judy Fincher
. Diana Proud-Madruga . Beth Pumo . Oliver Lawless
. Bob Dieterle . Mario Hyland x Joe Lamy
. Rick Grow . [mailto: Richard Etterma] . [mailto: Wayne Kubic]

Agenda

FHIR Security Open Issues

  • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set ()
    • Action: Gary
  • 9042 Add RBAC as value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9043 Add ABAC as alternative value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
    • Action: John
  • 9750 Add Standard Extension to Domain Resource for Sourcing Acquired Data ()
  • 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
  • 10184 Linkage vs provenance ()
    • Unclear
  • 10343 Three additional Signature.type codes ()
  • 10408 AuditEvent - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
  • 10409 Provenance - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
  • 10465 Change AuditEvent.purposeOfUse and AuditEvent.agent.purposeOfUse from Coding to CodeableConcept ()
  • 10579 New Security and Privacy "Module" page needs content ()

From September ballot

  • 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
    • Action: John
  • 10382 Provenance activity codes are insufficient/inappropriate ()
  • 10580 How should test data be identified? ()
  • 10581 something should be said about de-identification ()
  • 11071 Improve security label guidance - 2016-09 core #90 ()
  • 11082 Make proposed wording change - 2016-09 core #163 ()
  • 11083 OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity - 2016-09 core #164 ()
  • 11084 Typo - 2016-09 core #165 ()
  • 11141 Specify agent organizational role - 2016-09 core #295 ()

Minutes

  • John chaired
  • Notes by Alex (transposed by John)
  • Agenda approval: Glen moves, Kathleen second --> unanimous approval
  • Minutes of 2016-09- 06. Motion Glen, second: Joe --> passes unanimously
  • new items from September ballot to be addressed by November 20
  • 9167 already assigned to John
  • Kathleen raised issue about roles – work on value sets: 9042, 9043, 9052
    • Work done – next week Kathleen will present
    • Kathleen to send XML to John
  • 10382: provide a new value set including status codes and codes for state transitions.
    • Kathleen already worked on it. Will send it to John to discuss it next week. Put it on next week’s agenda.
    • Maybe we need two different elements – but first review codes and then discuss this further
  • 10580/10581 already discussed – these are the formal tracker items
  • 11071: FHIR core should not be bound to HCS/security labels. Kathleen to provide word by word proposal for changes
  • 11082, 11084, 11141 not discussed in detail
  • 11083: consensus on authentication vs. authorization
  • John will put together a proposal for a block vote to be discussed next week
  • Meeting ended 5:45pm ET