Latest revision as of 21:34, 25 July 2017

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

	Member Name		Member Name		Member Name
x	John Moehrke Security Co-Chair	x	Kathleen Connor Security Co-Chair	x	Alexander Mense Security Co-chair
.	Suzanne Gonzales-Webb CBCC Co-Chair	.	Johnathan ColemanCBCC Co-Chair	.	Mike Davis
.	Reed Gelzer RM-ES Lead	.	Glen Marshal	.	Joe Lamy
.	Diana Proud-Madruga	x	Rob Horn	.	Beth Pumo

Agenda

Roll;
approval of agenda
approval of the HL7 FHIR Security 2017-07-11 Minutes
All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
Clarification that Resource.Identifier can hold ANY identifier even those that are not identifiers of FHIR Resources
- http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570&start=0
- http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571&start=0
Can we provide a Provenance pattern that would be added by a FHIR Server that has done a validation against StructureDefinitions and added tags of compliance to Resources?
Plan resolution of CR (see below)
SMART engagement
- reminder that we plan to ballot the SMART on FHIR App Launch Protocol in the upcoming cycle (voting in August, with reconciliation to begin at the September WGm). The content we intend to ballot has been prepared (and is being refined) at https://github.com/smart-on-fhir/smart-on-fhir.github.io/tree/into-hl7 and our list of open issues during this refinement period is at https://github.com/smart-on-fhir/smart-on-fhir.github.io/issues (Josh).
Setting up Test Plans for Security / Privacy topic
- Connectathon scenario -- Pattern that shows how Provenance, AuditEvent, Consent, security-labels, and other can be overlaid on <any> other connectathon scenario
- TestScript resource based tests
  - AuditEvent tests for well understood audit log
  - Provenance tests for well understood provenance use
- Test bench?
  - some automated environment that people can use to test their: ( a ) client, ( b ) server, or other? Can this be done?
New business?

Open Issues

Now to be worked on for STU4 (release 4):

Discuss

9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
10580 How+should+test+data+be+identified%3F (John Moehrke) Considered for Future Use
10581 something+should+be+said+about+de-identification (John Moehrke) Considered for Future Use
12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke) Considered for Future Use
12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke) Considered for Future Use
10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke) None
11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
12660 HCS+use+clarification (John Moehrke) None
12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) None
13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie) None
13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie) None
13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie) None

Assigned to John

Assigned to Kathleen

10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
- need to work with some organization (e.g. HL7) to create three new vocabulary values. These vocabulary values need to be defined as OID values, because they are used in external standards that have a data-type of OID (i.e. XML-Signature). So they can't be text vocabulary, and they need to be fully OID.

Narrative improvements

http://build.fhir.org/secpriv-module.html

Minutes

No Quorum - John, Kathleen, and Bob Thompson... Anonymous showed but never responded
Discussed use of Reference.Identifier -- likely need to simplify Provenance and AuditEvent
Discussed use of Provenance to record when a service has confirmed profile tags in a resource.
- Use Provenance.activity --> 'label'

@@ Line 37: / Line 37: @@
 * approval of the [[HL7 FHIR Security 2017-07-11]] Minutes
 * All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
+* Clarification that Resource.Identifier can hold ANY identifier even those that are not identifiers of FHIR Resources
+** http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570&start=0
+** http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571&start=0
 * Can we provide a Provenance pattern that would be added by a FHIR Server that has done a validation against StructureDefinitions and added tags of compliance to Resources?
 * Plan resolution of CR (see below)
@@ Line 82: / Line 85: @@
 =Minutes=
+* No Quorum - John, Kathleen, and Bob Thompson... Anonymous showed but never responded
+* Discussed use of Reference.Identifier -- likely need to simplify Provenance and AuditEvent
+* Discussed use of Provenance to record when a service has confirmed profile tags in a resource.
+** Use Provenance.activity --> 'label'

Difference between revisions of "HL7 FHIR Security 2017-07-25"

Latest revision as of 21:34, 25 July 2017

Contents

Call Logistics

Attendees

Agenda

Open Issues

Discuss

Assigned to John

Assigned to Kathleen

Narrative improvements

Minutes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools