This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2016-5-24
Jump to navigation
Jump to search
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
| . | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
| . | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
| . | Diana Proud-Madruga | . | Beth Pumo | x | Oliver Lawless | |||
| . | Bob Dieterle | . | [mailto:] | [mailto:] |
Agenda
- Roll; approval of agenda and the May 5, 2016 minutes
- Montreal WGM FHIR report out.
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
- TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
- TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
- New items -
- 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
- 9919 Add parameters to AuditEvent (John Moehrke) None
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
- 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
- 9840 Provenance.entity.provenance (Kathleen Connor) None
- Prepare for a block vote for next week
All Security Open
*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None *6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None *7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None *9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None *9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None *9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None *9150 Provenance TODO section cleanup (John Moehrke) None *9151 AuditEvent has TODO section to be removed (John Moehrke) None *9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None *9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None *9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None *9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None *9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None *9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None *9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None *9840 Provenance.entity.provenance (Kathleen Connor) None *9919 Add parameters to AuditEvent (John Moehrke) None *9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None *10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
Minutes
- Chaired - John Moehrke
- Didn't review minutes
- reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
- 9919 is ready for ballot
- 9996 John to get example from Rene for discussion, improvement, and approval
- 10046 is ready for ballot
- 9840 needs compelling usecase, need to follow 9996 improvement
- Oliver pointing out that we should be conservative as getting too specific adds many more requirements
- Discussed WGM discussion
- Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
- Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
- New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
- Specifically all codes must have a code-system, none of them do in the draft presented
- This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
- This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted
