This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 FHIR Security 2016-5-31

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics


Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
x Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]


  • Roll;
  • approval of agenda and the May 5, 2016 minutes
  • approval of agenda and the May 24, 2016 minutes
  • FMM evaluation vs desire
    • email from David Hay - What would help us a lot is to understand from each committee what level they believe the resources they are responsible for should be at. In particular we’re looking for resources that the committees believe are reasonably mature (say level 2 or3) but are being blocked by insufficient vendor experience, as this is a pre-requisite for advancing in FMM levels. We can then use that information to encourage vendor activity – or find out what in a more targeted way is being used in the community.
    • FMM levels
    • FMM evaluation -- community desire --
      • AuditEvnt - 9/37 voters, vote average 3.8
        • Current is 2
      • Provenance - 7/37 voters, vote average 2.7
        • Current is 1
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
  • Discussion around _confidentiality code vocabulary.
  • 9840 Provenance.entity.provenance (Kathleen Connor) None
  • update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
  • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
  • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
  • New items - nothing new
  • Prepare for a block vote for next week -- 9919, 10046,

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None


  • John Chair
  • Minutes 5/3 - Glen/Kathleen: unanimous approval
  • Minutes 5/24 - Kathleen/Glen: unanimous approval
  • FMM - Motion that AuditEvent and Provenance target intent by the WG is 4 for both of them. We have a plan to get the quality goals through the CP resolution. Indication from fhir chat that individuals are working on the resource, and indication from AEGIS that they are building tests. -- Kathleen/Glen: unanimous approval
  • Testing plan - add as a regular agenda item
    • try to work testing of Provenance and AuditEvent into a broader, clinically relevant, test track
    • note that IHE now has a profile on AuditEvent for query/retrieve use-case
    • WGM THursday Q1 - large vendors indicated an interest to be tested around security. ACTION: John to Check with Grahame
    • ACTION: John to invite AEGIS to this meeting to explain what others are doing to see if there is a way we can 'enhance' them with use of Provenance and Audit Event -- also add Gary.
  • 6303 - what is the status of Record Lifecycle vocabulary.
    • ACTION: John to ask Gary where the formal vocabulary is published? (e.g. ISO, HL7, DICOM, etc...)
    • ISO 21089 - ??? is this the formal place? Is that done?
  • Kathleen continues to work with Grahame on _confidentiality vocabulary. Bringing in vocab experts.
    • is this a deprecated code problem?
    • Kathleen, the oid she gave Grahame doesn't include deprecated codes
  • 9840 - gForge is updated with proposed resolution: Agree with original request, and update comment.
  • Adjourn