HL7 FHIR Security 2016-3-22
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
| . | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
| . | Dave Silver | x | Rob Horn | x | Judy Fincher | |||
| x | Diana Proud-Madruga | . | Beth Pumo | . | Oliver Lawles |
Agenda
- Roll; approval of agenda and March 15, 2016 minutes
- Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
- Discuss revisions to AuditEvent front matter. Some has aged, e.g.6.5.2 Background and Context, and 6.5.2.1 Open Issues based on interim work.
- Consider adding Diana's findings in researching how lifecycle is used in RFC 3881 and DICOM prior to development of EHR Lifecycle Functional Model
"Within the DICOM Audit Trail Message Format Profile, the lifecycle terms identify the different stage values which can be assigned to the ParticipantObjectDataLifeCycle attribute. This attribute is an optional attribute and is defined as an “identifier for the data lifecycle stage for the participant object. This can be used to provide an audit trail for data, over time, as it passes through the system. Used as defined in RFC 3881.” Additional information from RFC 3881 regarding this attribute: “Institutional policies for privacy and security may optionally fall under different accountability rules based on data lifecycles. This provides a differentiating value for those cases.”
- CPs for Review
- Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
- Review deferred Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
Other CPs for Review
- 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
- 9150 Provenance TODO section cleanup (John Moehrke) None
- 9151 AuditEvent has TODO section to be removed (John Moehrke) None
- 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
- 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
Minutes
- Kathleen chaired. Agenda approved, Minutes deferred.
- Discussed harmonization of activity across FHIR P&S specs, and why not all is applicable to AuditEvent.
- AuditEvent Resource activity may be a post-coordinated set of coarse and fine grain audit actions:
- AuditEvent.type [1..1]
- AuditEvent.subtype [0..*]
- AuditEvent.action [0..1]
- AuditEvent must have an AuditEvent.type and 1..* agent.
- It may have an entity or object that is the target of the agent's performing anAuditEvent.typeaction.
- It may not have an entity or object is the action failed. Examples include a failed authentication (110114 User Authentication), disclosure (110106 Export), or CRUD on an order(110109 Order Record) or entry (110110 Patient Record).
- Some participants were not sure whether the FHIR POU value set is sufficient to cover AuditEvent Purpose of Event use cases despite it being clearly described in the front matter as "Purpose of Event – where it’s a machine that is the audited agent" e.g.,"Purpose of Event when the machine2machine is an EHR server and the user’s client supposedly being used for Treatment". However, the FHIR POU value set is extensible and there are coarse grain codes such as "health system administration", which could be specialized if needed, e.g., "detection monitoring".
- These discussions will be used to refine the AuditEvent front matter and assist with clearly differentiating and aligning elements/defintions/bindings in related FHIR Privacy and Security specs.
- Kathleen will try to use these discussions to provide resolution to CP 7568 Requesting documentation to clarify relationship of agents to actions in Provenance
