This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 FHIR Security 2016-5-24

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn . Judy Fincher
. Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

  • Roll; approval of agenda and the May 5, 2016 minutes
  • Montreal WGM FHIR report out.
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
  • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
  • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
  • New items -
    • 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
    • 9919 Add parameters to AuditEvent (John Moehrke) None
    • 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
    • 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
    • 9840 Provenance.entity.provenance (Kathleen Connor) None
  • Prepare for a block vote for next week

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None

Minutes

  • Chaired - John Moehrke
  • Didn't review minutes
  • reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
  • 9919 is ready for ballot
  • 9996 John to get example from Rene for discussion, improvement, and approval
  • 10046 is ready for ballot
  • 9840 needs compelling usecase, need to follow 9996 improvement
    • Oliver pointing out that we should be conservative as getting too specific adds many more requirements
  • Discussed WGM discussion
    • Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
    • Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
    • New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
      • Specifically all codes must have a code-system, none of them do in the draft presented
      • This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
      • This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted