HL7 FHIR Security 2018-06-26

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

	Member Name		Member Name		Member Name
x	John Moehrke Security Co-Chair	.	Kathleen Connor Security Co-Chair	.	Alexander Mense Security Co-chair
x	Suzanne Gonzales-Webb CBCC Co-Chair	x	Johnathan Coleman CBCC co-chair	.	Chris Shawn Security co-chair
.	Jim Kretz	.	Kenneth Salyards	.	Nathan Botts Mobile co-chair
.	Diana Proud-Madruga	x	Joe Lamy AEGIS	.	Beth Pumo
.	Irina Connelly	.	Matt Blackman Sequoia	.	Mark Underwood NIST
.	Peter Bachman	.	Grahame Greve FHIR Program Director	.	Kevin Shekleton (Cerner, CDS Hooks)
.	Luis Maas	x	Julie Maas	.	Francisco Jauregui
.	Gary Dickinson	.	Dave Silver	.	Foo Bar

Agenda

Roll;
approval of agenda
approval of HL7 FHIR Security 2018-06-05 and HL7 FHIR Security 2018-06-12 Minutes
Announcements
- GDPR (General Data Protection Regulation) whitepaper
Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance
- Johnathan provided a report to review
- KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)
- Need closure on these
  - 16527 Access+Controls+-+Identity+Proofing (John Moehrke) None
    - Add something here? http://build.fhir.org/secpriv-module.html#User%20Identity%20and%20Access%20Context
  - 16530 Access+Controls+-+Protect+authenticators (John Moehrke) None
    - Seems this is already covered in current text
  - 16532 Access+Control+-+Authentication (John Moehrke) None
    - Seems this is already covered in current text
  - 16534 Access+Controls+-+Authorization (John Moehrke) None
    - Seems this is already covered in current text
All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
Improvement beyond SMART scopes
- Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Improvement.20beyond.20SMART.20scopes
Patient Directed backend communication
- Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Patient.20directed.20backend.20communication
Oauth App Registration
- Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/OAuth.20App.20Registration
Certificate Management
- Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Do.20we.20need.20to.20say.20anything.20about.20Certificate.20Management
New business

ACTIONS

references

stream for Security and Privacy discussions. Specification development, and Implementation.
- https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy
stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
- https://chat.fhir.org/#narrow/stream/patient.20empowerment
Proposed FHIR Connectathon track for Cologne -- GDPR
- http://wiki.hl7.org/index.php?title=201805_GDPR
Blockchain FHIR Connectathon
- Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
- See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain

Current Open issues in gForge

9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
12660 HCS+use+clarification (John Moehrke) None
14678 Implementation+guide+for+signatures+-+2018-Jan+Core+%231 (Brian Pech) None
15659 Provenance+still+has+both+identifier+and+reference+elements (Simone Heckmann) None
16171 Observation.category+needs+test%2Fdemo%2Fcalibration+codes+to+distinguish+%27fake%27+data (Brian Reinhold) None
16345 Link+to+obsoleted+version+of+HTTP+specification (Luis Maas) None
16527 Access+Controls+-+Identity+Proofing (John Moehrke) None
16530 Access+Controls+-+Protect+authenticators (John Moehrke) None
16532 Access+Control+-+Authentication (John Moehrke) None
16534 Access+Controls+-+Authorization (John Moehrke) None
17192 Verification+of+given+resource+without+changing+the+content (Thomas Johansen) None
17242 Recommend+that+IETF+BCP+195+be+used+when+TLS+is+used (John Moehrke) None
17299 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) None
17300 Break-Glass+description+needs+clarifications (John Moehrke) None
14027 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) Not Related

Minutes

John Chaired
Minutes were not reviewed
approved 16527 Access+Controls+-+Identity+Proofing
approved 16530 Access+Controls+-+Protect+authenticators
approved 16532 Access+Control+-+Authentication
approved 16534 Access+Controls+-+Authorization
approved 17242 Recommending BCP195
Johnathan requested that we set a floor of TLS 1.2
- created 17422 Manditory floor of TLS 1.2
- Action John -- start zulip discussion on the impact of this.
Some items are ready for a block vote. Will be sent out wednesday for vote next week

HL7 FHIR Security 2018-06-26

Contents

Call Logistics

Attendees

Agenda

ACTIONS

references

Current Open issues in gForge

Minutes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools