HL7 FHIR Security 2016-5-24
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
|Member Name||Member Name||Member Name|
|x||John Moehrke Security Co-Chair||x||Kathleen Connor Security Co-Chair||x||Suzanne Gonzales-Webb CBCC Co-Chair|
|.||Gary Dickinson EHR Co-Chair||.||Johnathan ColemanCBCC Co-Chair||.||Mike Davis|
|.||Reed Gelzer RM-ES Lead||x||Glen Marshal||.||Galen Mulrooney|
|.||Dave Silver||x||Rob Horn||.||Judy Fincher|
|.||Diana Proud-Madruga||.||Beth Pumo||x||Oliver Lawless|
- Roll; approval of agenda and the May 5, 2016 minutes
- Montreal WGM FHIR report out.
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
- TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
- TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
- New items -
- 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
- 9919 Add parameters to AuditEvent (John Moehrke) None
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
- 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
- 9840 Provenance.entity.provenance (Kathleen Connor) None
- Prepare for a block vote for next week
All Security Open
*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None *6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None *7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None *9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None *9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None *9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None *9150 Provenance TODO section cleanup (John Moehrke) None *9151 AuditEvent has TODO section to be removed (John Moehrke) None *9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None *9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None *9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None *9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None *9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None *9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None *9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None *9840 Provenance.entity.provenance (Kathleen Connor) None *9919 Add parameters to AuditEvent (John Moehrke) None *9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None *10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
- Chaired - John Moehrke
- Didn't review minutes
- reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
- 9919 is ready for ballot
- 9996 John to get example from Rene for discussion, improvement, and approval
- 10046 is ready for ballot
- 9840 needs compelling usecase, need to follow 9996 improvement
- Oliver pointing out that we should be conservative as getting too specific adds many more requirements
- Discussed WGM discussion
- Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
- Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
- New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
- Specifically all codes must have a code-system, none of them do in the draft presented
- This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
- This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted