This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2016-11-29
Jump to navigation
Jump to search
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692 Join online meeting: https://global.gotomeeting.com/join/520841173 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
| . | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
| . | Dave Silver | . | Rob Horn | . | Judy Fincher | |||
| . | Diana Proud-Madruga | . | Beth Pumo | . | Oliver Lawless | |||
| . | Bob Dieterle | . | Mario Hyland | x | Joe Lamy | |||
| . | Rick Grow | . | [mailto: Richard Etterma] | . | [mailto: Wayne Kubic] |
Agenda
- Roll;
- approval of agenda
- approval of the HL7 FHIR Security 2016-11-08 Minutes
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- September Ballot items must address by November 20 -- see http://wiki.hl7.org/index.php?title=FHIR_Ballot_Prep
- Discuss Action items
- Kathleen
- 9042 Add RBAC as value set for AuditEvent.participant.role ()
- 9043 Add ABAC as alternative value set for AuditEvent.participant.role ()
- 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
- 11071 Improve security label guidance - 2016-09 core #90 ()
- 10343 Three additional Signature.type codes ()
- 10382 Provenance activity codes are insufficient/inappropriate ()
- John
- Gary
- 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set ()
- New business?
FHIR Security block vote
Minutes
- John Chair
- Agenda
- Discussion of improvement opportunity presented by the three existing security/privacy pages
- Outline for a FAQ improvement on the module page
- Access Control
- Access Control diagram from Mike (Inputs – Decision – Enforcement – Outputs)
- Using OAuth
- Identity
- Leverage OpenID Connect
- Federate (cross-reference, mapping) to local identity descritions
- Informally, or Formally
- Roles
- Using Standard roles from HL7
- Using local codes
- Clearance
- Scopes
- Using SMART scopes
- Basic starter set
- Supports Organizational use-cases with simple consent
- Doesn’t support fine-grain
- Doesn’t support complex consent
- Using HEART – UMA
- Using SMART scopes
- Using Cascading Authorization Servers
- Bridging SMART and UMA and organizational requirements
- Identity
- Using Security labels
- HCS conformance
- MUST have a _confidentiality value (1..1)
- Use of persistence label
- Bundle use of security_tags – high-water
- Comprehensive security_tags on each resource communicated to a trusted peer
- Using security lables from a consent directive (privacy policy) on goverened resources
- Using Clearance with security labels
- HCS conformance
- Bring in stuff from the Privacy Consent Implementation Guide (Consent IG)
- TODO
- Should we create a new page, parellel with security.html -- privacy.html
- Privacy Principles
- Consent as a way to control Collection/Use/Disclosure
- ISO four models (In, Out, In with exceptions, Out with exceptions)
- Trust Framework
- impact on the Conformance resource published by partners.
- Establishing trust Contracts between trading partners
