This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2016-5-24"
Jump to navigation
Jump to search
(→Agenda) |
JohnMoehrke (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 24: | Line 24: | ||
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||
|- | |- | ||
| − | || | + | || .||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair |
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||
||||.||[mailto:Mike.Davis@va.gov Mike Davis] | ||||.||[mailto:Mike.Davis@va.gov Mike Davis] | ||
| Line 36: | Line 36: | ||
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher] | ||||.||[mailto:Judith.Fincher@va.gov Judy Fincher] | ||
|- | |- | ||
| − | || | + | || .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] |
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo] | ||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo] | ||
||||x|| [mailto:oliver@lawless.co Oliver Lawless] | ||||x|| [mailto:oliver@lawless.co Oliver Lawless] | ||
| Line 49: | Line 49: | ||
*Roll; approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-3 May 5, 2016 minutes] | *Roll; approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-3 May 5, 2016 minutes] | ||
*Montreal WGM FHIR report out. | *Montreal WGM FHIR report out. | ||
| + | * Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? | ||
| + | * TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do? | ||
| + | * TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do? | ||
| + | * New items - | ||
| + | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9812 9812] Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None | ||
| + | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9919 9919] Add parameters to AuditEvent (John Moehrke) None | ||
| + | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None | ||
| + | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10046 10046] AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None | ||
| + | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None | ||
| + | * Prepare for a block vote for next week | ||
| + | * | ||
| + | |||
| + | ===All Security Open=== | ||
| + | |||
| + | |||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 3318] Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 9042] Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 9043] Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9052 9052] Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9812 9812] Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9919 9919] Add parameters to AuditEvent (John Moehrke) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None | ||
| + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10046 10046] AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None | ||
==Minutes== | ==Minutes== | ||
| − | + | * Chaired - John Moehrke | |
| + | * Didn't review minutes | ||
| + | * reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource | ||
| + | * 9919 is ready for ballot | ||
| + | * 9996 John to get example from Rene for discussion, improvement, and approval | ||
| + | * 10046 is ready for ballot | ||
| + | * 9840 needs compelling usecase, need to follow 9996 improvement | ||
| + | ** Oliver pointing out that we should be conservative as getting too specific adds many more requirements | ||
| + | * Discussed WGM discussion | ||
| + | ** Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear | ||
| + | ** Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets | ||
| + | ** New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other | ||
| + | *** Specifically all codes must have a code-system, none of them do in the draft presented | ||
| + | *** This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies. | ||
| + | *** This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted | ||
Latest revision as of 12:15, 25 May 2016
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
| . | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
| . | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
| . | Diana Proud-Madruga | . | Beth Pumo | x | Oliver Lawless | |||
| . | Bob Dieterle | . | [mailto:] | [mailto:] |
Agenda
- Roll; approval of agenda and the May 5, 2016 minutes
- Montreal WGM FHIR report out.
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
- TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
- TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
- New items -
- 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
- 9919 Add parameters to AuditEvent (John Moehrke) None
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
- 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
- 9840 Provenance.entity.provenance (Kathleen Connor) None
- Prepare for a block vote for next week
All Security Open
*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None *6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None *7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None *9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None *9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None *9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None *9150 Provenance TODO section cleanup (John Moehrke) None *9151 AuditEvent has TODO section to be removed (John Moehrke) None *9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None *9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None *9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None *9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None *9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None *9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None *9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None *9840 Provenance.entity.provenance (Kathleen Connor) None *9919 Add parameters to AuditEvent (John Moehrke) None *9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None *10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
Minutes
- Chaired - John Moehrke
- Didn't review minutes
- reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
- 9919 is ready for ballot
- 9996 John to get example from Rene for discussion, improvement, and approval
- 10046 is ready for ballot
- 9840 needs compelling usecase, need to follow 9996 improvement
- Oliver pointing out that we should be conservative as getting too specific adds many more requirements
- Discussed WGM discussion
- Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
- Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
- New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
- Specifically all codes must have a code-system, none of them do in the draft presented
- This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
- This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted
