This wiki has undergone a migration to Confluence found Here

November 26, 2018 GDPR whitepaper on FHIR call

From HL7Wiki
Jump to navigation Jump to search

Back to Security GDPR Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair . Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair . David Pyke CBCP Co-Chair . Giorgio Cangioli . Joe Lamy
. Peter van Liesdonk . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security GDPR Page

Agenda

  1. (5 min) Roll Call, Agenda Approval
  2. (5 min) Recap ConfCall November 19, 2018 decision (http://wiki.hl7.org/index.php?title=November_19,_2018_GDPR_whitepaper_on_FHIR_call=)
  3. (30 min) Review Confluence Page


Open issues from WGM, still to be addressed:

Are update events to be reported in a transparency report? Depth of Provenance

Operations: Graham poposes to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... (question: is there a need for it to report what it deleted? Or what it didn't? Nevertheless, it does need to report external recipients)

Is there a need for a Operation for transparency: i.e. a search on AuditEvents?

Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.

We might need to address Break-Glass as a healthcare safety mechanism.


Links:

https://gdpr-info.eu/art-6-gdpr/

https://gdpr-info.eu/art-9-gdpr/

Link to Confluence page: http://confluence.hl7.org/display/SEC/FHIR+-+GDPR


Meeting Minutes (DRAFT)