This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2016-6-28"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 16: | Line 16: | ||
|- | |- | ||
|| x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | || x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | ||
− | |||| | + | ||||.||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair |
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||
|- | |- | ||
− | || | + | || x||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair |
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||
||||.||[mailto:Mike.Davis@va.gov Mike Davis] | ||||.||[mailto:Mike.Davis@va.gov Mike Davis] | ||
Line 27: | Line 27: | ||
||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||
|- | |- | ||
− | || | + | || .||[mailto:dsilver@electrosoft-inc.com Dave Silver] |
||||x||[mailto:robert.horn@agfa.com Rob Horn] | ||||x||[mailto:robert.horn@agfa.com Rob Horn] | ||
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher] | ||||.||[mailto:Judith.Fincher@va.gov Judy Fincher] | ||
|- | |- | ||
|| x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | || x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||
− | |||| | + | ||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
− | |||| | + | ||||x|| [mailto:oliver@lawless.co Oliver Lawless] |
|- | |- | ||
|| .|| [mailto:rdieterle@enablecare.us Bob Dieterle] | || .|| [mailto:rdieterle@enablecare.us Bob Dieterle] | ||
− | |||| | + | ||||.|| [mailto:mario.hyland@aegis.net Mario Hyland] |
||||.|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||||.|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||
|- | |- | ||
Line 48: | Line 48: | ||
*Roll; | *Roll; | ||
* approval of agenda | * approval of agenda | ||
− | * approval of the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-6- | + | * approval of the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-6-11 June 21, 2016 minutes] |
− | * FHIR spec was updated from | + | * FHIR spec was updated from two weeks ago approved CPs, so please review for mistakes. |
+ | * How should 'test-data' be identified? Is this a legitimate use of security-tags? | ||
+ | ** It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data. | ||
+ | ** See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients | ||
+ | * De-Identification topics | ||
+ | ** mobile health workgroup http://lists.hl7.org/read/messages?id=297060 | ||
+ | ** FHIR chat https://chat.fhir.org/#narrow/stream/implementers/topic/De-identification.20mechanisms.20in.20FHIR | ||
* Update on action items | * Update on action items | ||
− | + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype () | |
− | + | ** Proposal edited last week is in the current build | |
− | * | + | ** http://hl7-fhir.github.io/datatypes.html#Signature |
− | ** | ||
*9564 -- assigned to John -- following the discussion in the CP | *9564 -- assigned to John -- following the discussion in the CP | ||
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? () | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? () | ||
Line 76: | Line 81: | ||
* Prepare for a block vote for next week -- | * Prepare for a block vote for next week -- | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype () | ||
==Minutes== | ==Minutes== | ||
+ | * John Chair | ||
+ | * Approved Agenda | ||
+ | * Approved minutes from 21st. | ||
+ | * Gary identified a typo -> GF#10254 | ||
+ | * 9563 is prototyped and part of upcoming block vote | ||
+ | * 9564 John is working on it | ||
+ | * discussed 3318 | ||
+ | ** Added question in followup around how strict the ABAC definition needs to be. | ||
+ | ** Action: John to poke Rick | ||
+ | * Discussion on 9996 | ||
+ | ** See threaded discussion on the FHIR Chat | ||
+ | ** https://chat.fhir.org/#narrow/stream/implementers/topic/Provenance.20resource.20for.20Middleware | ||
+ | ** Oliver has some questions regarding proper use of assembler, composer, and author | ||
+ | ** Encouraged discussion on the chat as Glen is the owner of the CP and he is not on right now. | ||
+ | * EHR Record Lifecycle IG | ||
+ | ** Gary has shared a draft word document with updates. | ||
+ | ** He is aligning with current build (the changes we have done with Provenance and AuditEvent) |
Latest revision as of 21:56, 28 June 2016
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692 Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV If you are having difficulty joining, please try: https://global.gotomeeting.com/join/520841173 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | . | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
x | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | . | Glen Marshal | . | Galen Mulrooney | |||
. | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
x | Diana Proud-Madruga | . | Beth Pumo | x | Oliver Lawless | |||
. | Bob Dieterle | . | Mario Hyland | . | Joe Lamy | |||
. | Rick Grow | . | [mailto: Richard Etterma] | . | [mailto: Wayne Kubic] |
Agenda
- Roll;
- approval of agenda
- approval of the June 21, 2016 minutes
- FHIR spec was updated from two weeks ago approved CPs, so please review for mistakes.
- How should 'test-data' be identified? Is this a legitimate use of security-tags?
- It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
- See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
- De-Identification topics
- Update on action items
- 9563 Add onBehalfOf to Signature datatype ()
- Proposal edited last week is in the current build
- http://hl7-fhir.github.io/datatypes.html#Signature
- 9564 -- assigned to John -- following the discussion in the CP
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
- 7568 -- assigned to Kathleen, seems this should be satisfid by 9840? -- following the discussion in the CP
- 7568 2015May core #859 - How are agent and activity linked? ()
- 3318 -- assigned to Rick to work with Mike -- following the discussion in the CP
- 3318 Clarify how to use RBAC and ABAC using FHIR ()
- 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
- 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
- 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
- 9996 -- assigned to Glen -- following the discussion in the CP
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
- FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
- Discussion with Mario on getting prepared for next connectathon
- What use-case should we focus on? (Lab vs Financial vs Patient)
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
- 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
- Prepare for a block vote for next week --
- 9563 Add onBehalfOf to Signature datatype ()
Minutes
- John Chair
- Approved Agenda
- Approved minutes from 21st.
- Gary identified a typo -> GF#10254
- 9563 is prototyped and part of upcoming block vote
- 9564 John is working on it
- discussed 3318
- Added question in followup around how strict the ABAC definition needs to be.
- Action: John to poke Rick
- Discussion on 9996
- See threaded discussion on the FHIR Chat
- https://chat.fhir.org/#narrow/stream/implementers/topic/Provenance.20resource.20for.20Middleware
- Oliver has some questions regarding proper use of assembler, composer, and author
- Encouraged discussion on the chat as Glen is the owner of the CP and he is not on right now.
- EHR Record Lifecycle IG
- Gary has shared a draft word document with updates.
- He is aligning with current build (the changes we have done with Provenance and AuditEvent)