This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2018-03-20"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (→Agenda) |
JohnMoehrke (talk | contribs) (→Agenda) |
||
| Line 40: | Line 40: | ||
* approval of agenda | * approval of agenda | ||
* approval of the [[HL7 FHIR Security 2017-12-05]] and [[HL7 FHIR Security 2018-02-06]] and [[HL7 FHIR Security 2018-02-20]] and [[HL7 FHIR Security 2018-03-13]] Minutes | * approval of the [[HL7 FHIR Security 2017-12-05]] and [[HL7 FHIR Security 2018-02-06]] and [[HL7 FHIR Security 2018-02-20]] and [[HL7 FHIR Security 2018-03-13]] Minutes | ||
| + | * Poll to determine if a different time for this meeting would bring in more attendance | ||
| + | ** https://doodle.com/poll/nxccanax4ua2rf5m | ||
* Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance | * Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance | ||
**[https://www.healthit.gov/sites/default/files/privacy-security-api.pdf KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)] | **[https://www.healthit.gov/sites/default/files/privacy-security-api.pdf KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)] | ||
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967 | * All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967 | ||
| + | * Grahame suggestion for future topics | ||
| + | ** when are we going to issue a profile around app registration (profiling standard rfc to match smart app launch so we're interoperable at that level too | ||
| + | ** what are we going to do about Smart App Launch scopes? What's the relationship between scopes and consent? | ||
| + | ** when are we going to work on a protocol to leverage to OAuth to enable to different FHIR servers to communicate directly with each other? | ||
| + | ** are we going to back backend services and adopt that? Do we need to say anything about certificate management? Are we going to adopt openID tokens for communicating user in focus on backend services? | ||
| + | ** what questions should I be asking that are blocking patients|providers|payers from actually accessing the information they should be able to get? | ||
==Minutes== | ==Minutes== | ||
* John chaired | * John chaired | ||
Revision as of 13:22, 20 March 2018
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | . | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Johnathan Coleman CBCC Co-Chair | . | Mike Davis | |||
| x | Ali Massihi | . | Glen Marshal | . | Joe Lamy AEGIS | |||
| . | Diana Proud-Madruga | . | Rob Horn | x | Beth Pumo | |||
| . | Irina Connelly | . | Mario Hyland AEGIS | . | Mark Underwood NIST |
Agenda
- Roll;
- approval of agenda
- approval of the HL7 FHIR Security 2017-12-05 and HL7 FHIR Security 2018-02-06 and HL7 FHIR Security 2018-02-20 and HL7 FHIR Security 2018-03-13 Minutes
- Poll to determine if a different time for this meeting would bring in more attendance
- Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- Grahame suggestion for future topics
- when are we going to issue a profile around app registration (profiling standard rfc to match smart app launch so we're interoperable at that level too
- what are we going to do about Smart App Launch scopes? What's the relationship between scopes and consent?
- when are we going to work on a protocol to leverage to OAuth to enable to different FHIR servers to communicate directly with each other?
- are we going to back backend services and adopt that? Do we need to say anything about certificate management? Are we going to adopt openID tokens for communicating user in focus on backend services?
- what questions should I be asking that are blocking patients|providers|payers from actually accessing the information they should be able to get?
Minutes
- John chaired
