This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 FHIR Security 2017-12-05

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
. Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan Coleman CBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead . Glen Marshal . Joe Lamy AEGIS
. Diana Proud-Madruga . Rob Horn . Beth Pumo
. Irina Connelly . Mario Hyland AEGIS x Mark Underwood NIST

Agenda

Other business:

  • Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header
  • Word is there is ONC interest in Provenance use at connectathon
  • Can we provide a Provenance pattern that would be added by a FHIR Server that has done a validation against StructureDefinitions and added tags of compliance to Resources?
  • Discussion on chat around PurposeOfUse and how it should be conveyed. https://chat.fhir.org/#narrow/stream/implementers/topic/GDPR.20PurposeOfUse
  • Plan resolution of CR (see below)
  • SMART engagement
  • Setting up Test Plans for Security / Privacy topic
    • Connectathon scenario -- Pattern that shows how Provenance, AuditEvent, Consent, security-labels, and other can be overlaid on <any> other connectathon scenario
    • TestScript resource based tests
      • AuditEvent tests for well understood audit log
      • Provenance tests for well understood provenance use
    • Test bench?
      • some automated environment that people can use to test their: ( a ) client, ( b ) server, or other? Can this be done?
  • Discussed Event Pattern
    • 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
    • 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
    • event.performer vs .agent
      • Seems performer is an acceptable element name. Do need to keep description we have as it is specialized for Provenance and AuditEvent
    • Action: John to apply event pattern and get error report from Lloyd
  • New business?

Future Block

  • 12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) Persuasive
  • 13571 AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive
  • 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
  • 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
  • 14193 signature description

Current backlog

  • 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke)
  • 10343 Three+additional+Signature.type+codes (Kathleen Connor)
  • 10580 How+should+test+data+be+identified%3F (John Moehrke)
  • 12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke)
  • 12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke)
  • 10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke)
  • 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor)
  • 12660 HCS+use+clarification (John Moehrke)
  • 13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie)
  • 13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie)
  • 13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie)
  • 13822 S%26P+outlline+when+a+user+includes+query+parameters+they+don%27t+have+access+to++policy+issue (John Moehrke)
  • 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
  • 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
  • 14027 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke)
  • 14028 Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor)

Minutes

  • John chaired
  • approval of agenda --> Kathleen Connor/Mike Underwood: 2-0-0
  • approval of the HL7 FHIR Security 2017-11-28 Minutes --> Kathleen Connor/Mike Underwood: 2-0-0
  • The following CR were approved
  • 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
  • 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
  • Discussed more the 11071 valueSet for HCS
  • adjourned 55 minutes