This wiki has undergone a migration to Confluence found Here

HL7 FHIR Security 2016-4-26

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
. John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
x Diana Proud-Madruga . Beth Pumo . Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

Minutes

  • Kathleen Chaired. Agenda approved by consensus. Minutes approved 3-0-0 [Glen moved; Suzanne seconded]

RE CP 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, submitted by John Moehrke: "the HCS defines confidentiality as just the _confidentiality codes. Yet this page points a a valueset with them all. Should be just a valueset with just _confidentialiity codes. Others have used this confidentiality value-set so would also need to fixup them." We agree with John that there is an issue. We checked Core Security Labels, which references confidentiality codes (system = http://hl7.org/fhir/v3/Confidentiality.

  • This is code system includes deprecated sensitivity codes, and was revised when the HL7 Privacy and Security Healthcare Classification System [HCS] vocabulary was adopted. The deprecated codes [business, clinician, individual, substance abuse related,HIV related, psychiatry related, sexual and domestic violence related, celebrity, sensitive, taboo], which meet HCS definition of Sensitivty, were moved to a Sensitivity code system.
  • The correct reference to the Confidentiality code system should be to Security Label
    • We agreed that the CP should be updated with this information and request that the deprecated codes be removed so that both the Core Security Label description of Confidentiality codes, and the reference on the Security Label , which includes the correct codes but references to it land readers at the correct Confidentiality code system.
  • ACTION: KC to update the CP with these observations/recommendation.

RE: potential Agent and other S&P actor role value sets

Call participants agreed that the several CPs related to adding examples of organizational/jurisdictional Agent/Actor Role Types should include an implementer option to create intra/inter Actor value sets based on SNOMED Role Codes or RBAC/ABAC Functional Role [aka Permissions = Object* Action * Structural Role (RBAC) and Security Label/Relationshp Attributes,for ABAC] appropved combining aligned responses to related CPs into a new CP FHIR several CPs