Difference between revisions of "HL7 FHIR Security 2016-2-23"
JohnMoehrke (talk | contribs) (→Agenda) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 20: | Line 20: | ||
! ||'''Member Name'''|| !! ||'''Member Name''' !!|| ||'''Member Name''' !! | ! ||'''Member Name'''|| !! ||'''Member Name''' !!|| ||'''Member Name''' !! | ||
|- | |- | ||
| − | ||| | + | || x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair |
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | ||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | ||
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||
|- | |- | ||
| − | ||| | + | || x||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair |
| − | ||||||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | + | ||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair |
| − | ||||||[mailto:Mike.Davis@va.gov Mike Davis] | + | ||||.||[mailto:Mike.Davis@va.gov Mike Davis] |
|- | |- | ||
| − | ||||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead | + | || .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead |
| − | |||x | + | ||||x||[mailto:gfm@securityrs.com Glen Marshal] |
| − | ||||||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | + | ||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] |
|- | |- | ||
| − | ||||[mailto:dsilver@electrosoft-inc.com Dave Silver] | + | || .||[mailto:dsilver@electrosoft-inc.com Dave Silver] |
| − | ||||||[mailto:robert.horn@agfa.com Rob Horn] | + | ||||x||[mailto:robert.horn@agfa.com Rob Horn] |
| − | |||| | + | ||||.||[mailto:Judith.Fincher@va.gov Judy Fincher] |
|- | |- | ||
| − | |||| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | + | || x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] |
| − | ||||||[mailto:] | + | ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
| − | ||||||[mailto:] | + | ||||.||[mailto:] |
|- | |- | ||
|} | |} | ||
| Line 44: | Line 44: | ||
==Agenda== | ==Agenda== | ||
*Roll; approval of agenda and [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-2-16 February 16 minutes] | *Roll; approval of agenda and [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-2-16 February 16 minutes] | ||
| − | + | *CP 6303 | |
| − | * [http://gforge.hl7.org/gf/download/docmanfileversion/9042/13902/FHIR%20AuditEvent%20Provenance%20Map.xlsx FHIR P&S Resource Element Harmonization map] | + | * [http://gforge.hl7.org/gf/download/docmanfileversion/9042/13902/FHIR%20AuditEvent%20Provenance%20Map.xlsx FHIR P&S Resource Element Harmonization map] |
Implement the following changes per 2 new CPs | Implement the following changes per 2 new CPs | ||
| Line 87: | Line 87: | ||
==Minutes== | ==Minutes== | ||
| − | * | + | *Discussion on the various approaches to modeling delegation deferred. |
| + | *Kathleen to update Agent CP 9570, 9571with revised definitions | ||
| + | *Kathleen to update this group on outcome of FM discussion on | ||
| + | *John to organize block vote for next Tuesday March 1 call. | ||
| + | *Kathleen to continue work on an aligned definition for activity, as well as other definitions in the cross FHIR S&P alignment spreadsheet. | ||
Latest revision as of 19:27, 1 March 2016
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
| x | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
| . | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
| x | Diana Proud-Madruga | x | Beth Pumo | . | [mailto:] |
Agenda
- Roll; approval of agenda and February 16 minutes
- CP 6303
- FHIR P&S Resource Element Harmonization map
Implement the following changes per 2 new CPs
- CP 1: Align AuditEvent and Provenance action/activity element name and definition. Recommend changing to "activity".
AuditEvent.action [Change to AuditEvent.activity
Question: What to do with the definitional differences - e.g., possibly combine. Current AuditEven.action Definition: Indicator for type of action [Change to "activity".] performed during the event that generated the audit. Control 0..1 Binding AuditEventAction: Indicator for type of action[Change to "activity".] performed during the event that generated the audit. (Required) Type code Requirements This broadly indicates what kind of action [Change to "activity".] was done on the AuditEvent.entity by the AuditEvent.agent.
Definition: An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities. Control 0..1 Binding ProvenanceEventCurrentState: The activity that took place. (Extensible) Type Coding
- CP 9417: Add to [http://hl7-fhir.github.io/provenance.html Provenance Resource a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle.
Current Audit.entity.lifecycle Definition Identifier for the data life-cycle stage for the entity. Control 0..1 Binding AuditEventObjectLifecycle: Identifier for the data life-cycle stage for the object. (Extensible) Type Coding Requirements Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases. Comments This can be used to provide an audit trail for data, over time, as it passes through the system."
- Discuss the various approaches to ranking and typing "bags of agents" including situation where the ranking is between a delegator and a delegatee. This impacts approaches to use of a Signature Datatype "who" as a delegatee such as a Device, which cannot be a signer party, to sign on behalf of the legal party. Tabled until next call after issue is reviewed by FM on 2/19 call.
- Discussion items that are possibly ready for a vote.
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
- 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) None
- 9570 Change AuditEvent.agent definitions (Kathleen Connor) None
- 9571 Change Provenance.agent definition (Kathleen Connor) None
- 9562 Change Signature Datatype - make blob 0..1 (Kathleen Connor) None
- 9593 Improve advice for Access Denied response (John Moehrke) None
Minutes
- Discussion on the various approaches to modeling delegation deferred.
- Kathleen to update Agent CP 9570, 9571with revised definitions
- Kathleen to update this group on outcome of FM discussion on
- John to organize block vote for next Tuesday March 1 call.
- Kathleen to continue work on an aligned definition for activity, as well as other definitions in the cross FHIR S&P alignment spreadsheet.
