This wiki has undergone a migration to Confluence found Here

HL7 FHIR Security 2016-8-30

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692
Join online meeting:  https://global.gotomeeting.com/join/520841173  
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair . Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
. Diana Proud-Madruga x Beth Pumo . Oliver Lawless
. Bob Dieterle . Mario Hyland . Joe Lamy
. Rick Grow . [mailto: Richard Etterma] . [mailto: Wayne Kubic]

Agenda

Minutes

  • John chaired
  • Agenda review - Glen/Beth: 3-0-0
  • approval of the August 9, 2016 minutes - Beth/Glen: 3-0-0
  • Reminder that the FHIR ballot is out
  • New Security and Privacy "Module" page http://hl7-fhir.github.io/secpriv-module.html
    • Please take a constructive view of this page during ballot. It is not intended to replace the other security.html page; it is to be a different perspective. Take a look at the other "Module" pages for the intended perspective. Then provide constructive text for improvement. This page is given to us in this structure, it is up to us to make it communicate to the intended audience.
  • How should 'test-data' be identified? Is this a legitimate use of security-tags?
    • It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
    • See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
    • ACTION: Create a CP. Discussion indicates that we should add an 'informative' section that indicates 'some methodods' that are invisioned, and some of the concerns with each. Likely just a paragrah and a few bullets. Isolated test data system. Integrated test data system with tagged data. Integrated test data without tagging.
  • De-Identification topics
  • SMART chat thread https://chat.fhir.org/#narrow/stream/smart
    • FYI. This thread will have some discussions on AuthN/AuthZ
    • Lately it is on CCOW
  • FHIR Chat on "masked extension" https://chat.fhir.org/#narrow/stream/implementers/topic/Masked.20Extension.20for.20privacy.20restricted.20record
    • Note that there has been a note added to the null flavor tag for masked, to warn that tagging masked data leaks information that there was sensitive information, thus the masked tag should not be used unless specifically needed.
  • Adjourned 55 minutes