This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-5-31"

From HL7Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 33: Line 33:
 
|-
 
|-
 
||  .||[mailto:dsilver@electrosoft-inc.com Dave Silver]
 
||  .||[mailto:dsilver@electrosoft-inc.com Dave Silver]
||||x||[mailto:robert.horn@agfa.com Rob Horn]  
+
||||.||[mailto:robert.horn@agfa.com Rob Horn]  
 
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
|-
 
|-
||  .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+
||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||x|| [mailto:oliver@lawless.co Oliver Lawless]
 
||||x|| [mailto:oliver@lawless.co Oliver Lawless]
Line 59: Line 59:
 
**** Current is 1
 
**** Current is 1
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
 +
* Discussion around _confidentiality code vocabulary.
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None
 
* update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
 
* update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
 
* TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
 
* TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
Line 91: Line 93:
  
 
==Minutes==
 
==Minutes==
* Chaired - John Moehrke
+
* John Chair
* Didn't review minutes
+
* Minutes 5/3 - Glen/Kathleen: unanimous approval
* reviewed 9812 -- Rob Horn to craft language for a new H4 section for the second part of text on the AuditEvent resource
+
* Minutes 5/24 - Kathleen/Glen: unanimous approval
* 9919 is ready for ballot
+
* FMM - Motion that AuditEvent and Provenance target intent by the WG is 4 for both of them. We have a plan to get the quality goals through the CP resolution. Indication from fhir chat that individuals are working on the resource, and indication from AEGIS that they are building tests. -- Kathleen/Glen: unanimous approval
* 9996 John to get example from Rene for discussion, improvement, and approval
+
* Testing plan - add as a regular agenda item
* 10046 is ready for ballot
+
** try to work testing of Provenance and AuditEvent into a broader, clinically relevant, test track
* 9840 needs compelling usecase, need to follow 9996 improvement
+
** note that IHE now has a profile on AuditEvent for query/retrieve use-case
** Oliver pointing out that we should be conservative as getting too specific adds many more requirements
+
** WGM THursday Q1  - large vendors indicated an interest to be tested around security. ACTION: John to Check with Grahame
* Discussed WGM discussion
+
** ACTION: John to invite AEGIS to this meeting to explain what others are doing to see if there is a way we can 'enhance' them with use of Provenance and Audit Event -- also add Gary.
** Improvements need to be crafted into FHIR CPs that can be marked as approved at the WGM. The instructions on what to change need to be clear
+
* 6303 - what is the status of Record Lifecycle vocabulary.
** Confidentiality code value-set is not the current one, but the old one. JOhn to work with Grahame on getting the new v3 vocabulary and value-sets
+
** ACTION: John to ask Gary where the formal vocabulary is published? (e.g. ISO, HL7, DICOM, etc...)
** New proposed valueset of various kinds of Actor Roles. Kathleen to do minor cleanup, then John to insert this first into Provenance.actor.role, later possibly into AuditEvent.agent.role and other
+
** ISO 21089 - ??? is this the formal place? Is that done?
*** Specifically all codes must have a code-system, none of them do in the draft presented
+
* Kathleen continues to work with Grahame on _confidentiality vocabulary. Bringing in vocab experts.
*** This set includes various roles including the signer-roles, audit-roles, and provenance-actor-roles, and various roles from other vocabularies.
+
** is this a deprecated code problem?
*** This fact makes this hard to maintain unless we can tie them in indirectly. Today they are copy-pasted
+
** Kathleen, the oid she gave Grahame doesn't include deprecated codes
 +
* 9840 - gForge is updated with proposed resolution: Agree with original request, and update comment.
 +
* Adjourn

Latest revision as of 22:01, 31 May 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
x Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

  • Roll;
  • approval of agenda and the May 5, 2016 minutes
  • approval of agenda and the May 24, 2016 minutes
  • FMM evaluation vs desire
    • email from David Hay - What would help us a lot is to understand from each committee what level they believe the resources they are responsible for should be at. In particular we’re looking for resources that the committees believe are reasonably mature (say level 2 or3) but are being blocked by insufficient vendor experience, as this is a pre-requisite for advancing in FMM levels. We can then use that information to encourage vendor activity – or find out what in a more targeted way is being used in the community.
    • FMM levels http://hl7-fhir.github.io/resource.html#maturity
    • FMM evaluation -- community desire -- https://docs.google.com/spreadsheets/d/1QJXTTUbvSHkf8GgLY3Dxyv8BMAxzoIpgJcg9-0DFHVI
      • AuditEvnt - 9/37 voters, vote average 3.8
        • Current is 2
      • Provenance - 7/37 voters, vote average 2.7
        • Current is 1
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
  • Discussion around _confidentiality code vocabulary.
  • 9840 Provenance.entity.provenance (Kathleen Connor) None
  • update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
  • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
  • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
  • New items - nothing new
  • Prepare for a block vote for next week -- 9919, 10046,

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None

Minutes

  • John Chair
  • Minutes 5/3 - Glen/Kathleen: unanimous approval
  • Minutes 5/24 - Kathleen/Glen: unanimous approval
  • FMM - Motion that AuditEvent and Provenance target intent by the WG is 4 for both of them. We have a plan to get the quality goals through the CP resolution. Indication from fhir chat that individuals are working on the resource, and indication from AEGIS that they are building tests. -- Kathleen/Glen: unanimous approval
  • Testing plan - add as a regular agenda item
    • try to work testing of Provenance and AuditEvent into a broader, clinically relevant, test track
    • note that IHE now has a profile on AuditEvent for query/retrieve use-case
    • WGM THursday Q1 - large vendors indicated an interest to be tested around security. ACTION: John to Check with Grahame
    • ACTION: John to invite AEGIS to this meeting to explain what others are doing to see if there is a way we can 'enhance' them with use of Provenance and Audit Event -- also add Gary.
  • 6303 - what is the status of Record Lifecycle vocabulary.
    • ACTION: John to ask Gary where the formal vocabulary is published? (e.g. ISO, HL7, DICOM, etc...)
    • ISO 21089 - ??? is this the formal place? Is that done?
  • Kathleen continues to work with Grahame on _confidentiality vocabulary. Bringing in vocab experts.
    • is this a deprecated code problem?
    • Kathleen, the oid she gave Grahame doesn't include deprecated codes
  • 9840 - gForge is updated with proposed resolution: Agree with original request, and update comment.
  • Adjourn