This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-5-24"

From HL7Wiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 24: Line 24:
 
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
|-
 
|-
||  x||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair
+
||  .||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair
 
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
 
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
 
||||.||[mailto:Mike.Davis@va.gov Mike Davis]
 
||||.||[mailto:Mike.Davis@va.gov Mike Davis]
Line 36: Line 36:
 
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
|-
 
|-
||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+
||  .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||x|| [mailto:oliver@lawless.co Oliver Lawless]
 
||||x|| [mailto:oliver@lawless.co Oliver Lawless]
Line 85: Line 85:
  
 
==Minutes==
 
==Minutes==
#TBD Chaired. Agenda and Minutes...
+
* Chaired - John Moehrke
 +
* Didn't review minutes
 +
* reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
 +
* 9919 is ready for ballot
 +
* 9996 John to get example from Rene for discussion, improvement, and approval
 +
* 10046 is ready for ballot
 +
* 9840 needs compelling usecase, need to follow 9996 improvement
 +
** Oliver pointing out that we should be conservative as getting too specific adds many more requirements
 +
* Discussed WGM discussion
 +
** Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
 +
** Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
 +
** New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
 +
*** Specifically all codes must have a code-system, none of them do in the draft presented
 +
*** This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
 +
*** This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted

Latest revision as of 12:15, 25 May 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn . Judy Fincher
. Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

  • Roll; approval of agenda and the May 5, 2016 minutes
  • Montreal WGM FHIR report out.
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
  • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
  • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
  • New items -
    • 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
    • 9919 Add parameters to AuditEvent (John Moehrke) None
    • 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
    • 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
    • 9840 Provenance.entity.provenance (Kathleen Connor) None
  • Prepare for a block vote for next week

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None

Minutes

  • Chaired - John Moehrke
  • Didn't review minutes
  • reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
  • 9919 is ready for ballot
  • 9996 John to get example from Rene for discussion, improvement, and approval
  • 10046 is ready for ballot
  • 9840 needs compelling usecase, need to follow 9996 improvement
    • Oliver pointing out that we should be conservative as getting too specific adds many more requirements
  • Discussed WGM discussion
    • Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
    • Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
    • New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
      • Specifically all codes must have a code-system, none of them do in the draft presented
      • This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
      • This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted