This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2016-4-4"
Jump to navigation
Jump to search
(10 intermediate revisions by the same user not shown) | |||
Line 51: | Line 51: | ||
**Review Standard Provenance Definitions for FHIR Provenance front matter. | **Review Standard Provenance Definitions for FHIR Provenance front matter. | ||
**Review [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions in [http://gforge.hl7.org/gf/download/docmanfileversion/9112/14046/FHIR%20Activity%20map.xlsx spreadsheet] | **Review [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions in [http://gforge.hl7.org/gf/download/docmanfileversion/9112/14046/FHIR%20Activity%20map.xlsx spreadsheet] | ||
+ | ===Provenance Definitions from ISO and NIST=== | ||
+ | #ISO 19153:2014(en), 4.39: Information on the place and time of origin or derivation or a resource (4.40) or a record or proof of authenticity or of past ownership. | ||
+ | #ISO 19115-1:2014(en), 4.16: Organization or individual that created, accumulated, maintained and used records. | ||
+ | #ISO 13527:2010 "Provenance Information": The information that documents the history of the Content Information. This information tells the origin or source of the Content Information, any changes that may have taken place since it was originated, and who has had custody of it since it was originated. Examples of Provenance Information are the principal investigator who recorded the data, and the information concerning its storage, handling, and migration. | ||
+ | #NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations APPENDIX B PAGE B-17: The records describing the possession of, and changes to, components, component processes, information, systems, organization, and organizational processes. Provenance enables all changes to the baselines of components, component processes, information, systems, organizations, and organizational processes, to be reported to specific actors, functions, locales, or activities. | ||
+ | #A Survey of Data Provenance in e-Science, Simmhan, Plale, Gannon: Data provenance is information that helps determine the derivation history of a data product, starting from its original sources. Data product or dataset refers to data in any form, such as files, tables, and virtual collections.[…] Two important features of the provenance of a data product are the ancestral data products from which this data product evolved, and the process of transformation of these ancestral data product(s), potentially through workflows, that helped derive this data product. | ||
+ | ====[http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast-health-it-report.pdf PCAST Report to the President on Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans]==== | ||
+ | #The history of the ownership of an object, especially when documented or authenticated. For example, a reference to a type of equipment, standard clinical procedure, attestable content author, data source, provider or other clinical facts | ||
+ | #Information about the data’s source and the processing that the data have undergone. | ||
+ | #Metadata used to trace and verify the creation of data, how it has been used or moved among different databases, as well as altered throughout its lifecycle. | ||
==Other CPs for Review== | ==Other CPs for Review== |
Latest revision as of 06:04, 5 April 2016
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
. | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
. | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
. | Dave Silver | . | Rob Horn | x | Judy Fincher | |||
x | Diana Proud-Madruga | . | Beth Pumo | x | Oliver Lawless | |||
x | Bob Dieterle | . | [mailto:] | [mailto:] |
Agenda
- Roll; approval of agenda and the March 29, 2016 minutes and March 22, 2016 minutes
- Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
- Review Standard Provenance Definitions for FHIR Provenance front matter.
- Review Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions in spreadsheet
Provenance Definitions from ISO and NIST
- ISO 19153:2014(en), 4.39: Information on the place and time of origin or derivation or a resource (4.40) or a record or proof of authenticity or of past ownership.
- ISO 19115-1:2014(en), 4.16: Organization or individual that created, accumulated, maintained and used records.
- ISO 13527:2010 "Provenance Information": The information that documents the history of the Content Information. This information tells the origin or source of the Content Information, any changes that may have taken place since it was originated, and who has had custody of it since it was originated. Examples of Provenance Information are the principal investigator who recorded the data, and the information concerning its storage, handling, and migration.
- NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations APPENDIX B PAGE B-17: The records describing the possession of, and changes to, components, component processes, information, systems, organization, and organizational processes. Provenance enables all changes to the baselines of components, component processes, information, systems, organizations, and organizational processes, to be reported to specific actors, functions, locales, or activities.
- A Survey of Data Provenance in e-Science, Simmhan, Plale, Gannon: Data provenance is information that helps determine the derivation history of a data product, starting from its original sources. Data product or dataset refers to data in any form, such as files, tables, and virtual collections.[…] Two important features of the provenance of a data product are the ancestral data products from which this data product evolved, and the process of transformation of these ancestral data product(s), potentially through workflows, that helped derive this data product.
PCAST Report to the President on Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans
- The history of the ownership of an object, especially when documented or authenticated. For example, a reference to a type of equipment, standard clinical procedure, attestable content author, data source, provider or other clinical facts
- Information about the data’s source and the processing that the data have undergone.
- Metadata used to trace and verify the creation of data, how it has been used or moved among different databases, as well as altered throughout its lifecycle.
Other CPs for Review
- 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
- 9150 Provenance TODO section cleanup (John Moehrke) None
- 9151 AuditEvent has TODO section to be removed (John Moehrke) None
- 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
- 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
Minutes
- TBD chaired. Agenda and Minutes ....
- AuditEvent/Provenance interaction diagram topic
- Discuss addition of standard Provenance definitions in addition to W3C PROV in front matter
- updates to the cross FHIR P&S activity element harmonization spreadsheet.