This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2016-6-21
Jump to navigation
Jump to search
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692 Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV If you are having difficulty joining, please try: https://global.gotomeeting.com/join/520841173 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
. | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | . | Glen Marshal | . | Galen Mulrooney | |||
x | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
x | Diana Proud-Madruga | x | Beth Pumo | . | Oliver Lawless | |||
. | Bob Dieterle | x | Mario Hyland | . | Joe Lamy | |||
. | Rick Grow | . | [mailto: Richard Etterma] | . | [mailto: Wayne Kubic] |
Agenda
- Roll;
- approval of agenda
- approval of the June 14, 2016 minutes
- FHIR spec was updated from last weeks approved CPs, so please review for mistakes.
- Update on action items
- Discussion around _confidentiality code vocabulary.
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- Seems this might be fixed now? http://hl7-fhir.github.io/v3/ConfidentialityClassification/vs.html
- do we need an update to HCS page?
- 9563 -- assigned to Kathleen, to work with Rob -- Following the discussion in the CP
- 9563 Add onBehalfOf to Signature datatype ()
- 9564 -- assigned to John -- following the discussion in the CP
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
- 7568 -- assigned to Kathleen, seems this should be satisfid by 9840? -- following the discussion in the CP
- 7568 2015May core #859 - How are agent and activity linked? ()
- 3318 -- assigned to Rick to work with Mike -- following the discussion in the CP
- 3318 Clarify how to use RBAC and ABAC using FHIR ()
- 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
- 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
- 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
- 9996 -- assigned to Glen -- following the discussion in the CP
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
- FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
- Discussion with Mario on getting prepared for next connectathon
- What use-case should we focus on? (Lab vs Financial vs Patient)
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
- 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
- Prepare for a block vote for next week --
Minutes
- John Moehrke chair
- approval of agenda - Glen/Rob : unanimous
- approval of the June 14, 2016 minutes - Glen/Rob : unanimous
- FHIR spec was updated from last weeks approved CPs, so please review for mistakes.
- Update on action items
- Discussion around _confidentiality code vocabulary.
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- This is fixed now. http://hl7-fhir.github.io/v3/ConfidentialityClassification/vs.html -- Need to find prior notes where we agreed this needed to be fixed, and close it based on that meeting. Else we can vote in future block vote.
- Temporary fix, Grahame owns the longer term and wider problem with Vocabulary wg
- 9563 -- assigned to Kathleen, to work with Rob -- Following the discussion in the CP
- 9563 Add onBehalfOf to Signature datatype ()
- Edited on the call the Signature datatype to be submitted as 'pre-applied' in preparation for future vote.
- updated CP also with text Rob provided.
- Discussion with Mario on testing
- Kathleen would like to focus on the Financial use-case
- Mario is concerned that the financial use-case might be not mature enough, and no have the broadest representation. Indicating that the percentage of connectathon participants is small compared to others
- John I am concerned this is too focused of a set of people. Meaning we don't get new players. I do think that Financial should include use of Provenance. So might we focus Provenamce on Financial?
- John would like to focus on Lab use-case
- John - I want a significant use-case (so not Patient) that stands on its own. Meaning people want to test to that use-case alone (Financial also meets these two criteria).
- We agree that the addition of AuditEvent testing would be an additional layer, not a mandatory part of the fundamental use-case. (Seems someone has indicated that we wanted it to be mandatory, and Grahame has pushed back. We don't want to be mandatory (yet))
- Kathleen would like to focus on the Financial use-case