This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-5-31"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Conference Audio: '''770-657-9270,''' Access: '''845692'' '''Join online meeting: https://meet.RTC.VA.GOV/...")
 
Line 47: Line 47:
  
 
==Agenda==
 
==Agenda==
*Roll; approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-3 May 5, 2016 minutes]
+
*Roll;  
*Montreal WGM FHIR report out.
+
* approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-3 May 5, 2016 minutes]
 +
* approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-24 May 24, 2016 minutes]
 +
* FMM evaluation vs desire
 +
** email from David Hay - What would help us a lot is to understand from each committee what level they believe the resources they are responsible for should be at. In particular we’re looking for resources that the committees believe are reasonably mature (say level 2 or3) but are being blocked by insufficient vendor experience, as this is a pre-requisite for advancing in FMM levels. We can then use that information to encourage vendor activity – or find out what in a more targeted way is being used in the community.
 +
** FMM levels http://hl7-fhir.github.io/resource.html#maturity
 +
** FMM evaluation -- community desire -- https://docs.google.com/spreadsheets/d/1QJXTTUbvSHkf8GgLY3Dxyv8BMAxzoIpgJcg9-0DFHVI
 +
*** AuditEvnt - 9/37 voters, vote average 3.8
 +
**** Current is 2
 +
*** Provenance - 7/37 voters, vote average 2.7
 +
**** Current is 1
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
 +
* update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
 
* TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
 
* TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
 
* TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
 
* TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
* New items -
+
* New items - nothing new
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9812 9812] Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
+
* Prepare for a block vote for next week -- 9919, 10046,
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9919 9919] Add parameters to AuditEvent (John Moehrke) None
+
*
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10046 10046] AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None
 
* Prepare for a block vote for next week
 
 
*  
 
*  
  

Revision as of 20:45, 31 May 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn . Judy Fincher
. Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

  • Roll;
  • approval of agenda and the May 5, 2016 minutes
  • approval of agenda and the May 24, 2016 minutes
  • FMM evaluation vs desire
    • email from David Hay - What would help us a lot is to understand from each committee what level they believe the resources they are responsible for should be at. In particular we’re looking for resources that the committees believe are reasonably mature (say level 2 or3) but are being blocked by insufficient vendor experience, as this is a pre-requisite for advancing in FMM levels. We can then use that information to encourage vendor activity – or find out what in a more targeted way is being used in the community.
    • FMM levels http://hl7-fhir.github.io/resource.html#maturity
    • FMM evaluation -- community desire -- https://docs.google.com/spreadsheets/d/1QJXTTUbvSHkf8GgLY3Dxyv8BMAxzoIpgJcg9-0DFHVI
      • AuditEvnt - 9/37 voters, vote average 3.8
        • Current is 2
      • Provenance - 7/37 voters, vote average 2.7
        • Current is 1
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
  • update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
  • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
  • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
  • New items - nothing new
  • Prepare for a block vote for next week -- 9919, 10046,

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None

Minutes

  • Chaired - John Moehrke
  • Didn't review minutes
  • reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
  • 9919 is ready for ballot
  • 9996 John to get example from Rene for discussion, improvement, and approval
  • 10046 is ready for ballot
  • 9840 needs compelling usecase, need to follow 9996 improvement
    • Oliver pointing out that we should be conservative as getting too specific adds many more requirements
  • Discussed WGM discussion
    • Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
    • Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
    • New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
      • Specifically all codes must have a code-system, none of them do in the draft presented
      • This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
      • This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted
Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_FHIR_Security_2016-5-31&oldid=120866"