This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2018-05-29"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (→Agenda) |
JohnMoehrke (talk | contribs) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 16: | Line 16: | ||
|| x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | || x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | ||
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | ||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair | ||
| − | |||| | + | ||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair |
|- | |- | ||
|| x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | || x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||
| Line 22: | Line 22: | ||
||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair | ||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair | ||
|- | |- | ||
| − | || | + | || x||[mailto:jim.kretz@samhsa.hhs.gov Jim Kretz] |
| − | |||| | + | ||||x||[mailto:kenneth.salyards@samhsa.hhs.gov Kenneth Salyards] |
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair | ||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair | ||
|- | |- | ||
|| x||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | || x||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||
| − | |||| | + | ||||x||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS |
||||.||[mailto:Beth.Pumo@kp.org Beth Pumo] | ||||.||[mailto:Beth.Pumo@kp.org Beth Pumo] | ||
|- | |- | ||
|| .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | || .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | ||
| − | |||| | + | ||||.||[mailto:mblackmon@sequoiaproject.org Matt Blackman] Sequoia |
||||.||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST | ||||.||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST | ||
|- | |- | ||
| Line 38: | Line 38: | ||
||||.||Kevin Shekleton (Cerner, CDS Hooks) | ||||.||Kevin Shekleton (Cerner, CDS Hooks) | ||
|- | |- | ||
| − | || x||Luis Maas EMR Direct | + | || x||[mailto:lcmaas@emrdirect.com Luis Maas EMR Direct] |
| − | |||| | + | ||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver] |
| − | |||| | + | ||||x||[mailto:fjauregui@electrosoft-inc.com Francisco Jauregui] |
|- | |- | ||
|} | |} | ||
| Line 47: | Line 47: | ||
*Roll; | *Roll; | ||
* approval of agenda | * approval of agenda | ||
| − | * approval of [[HL7 FHIR Security 2018-04-17]] and [[HL7 FHIR Security 2018-04-24]] Minutes | + | * approval of [[HL7 FHIR Security 2018-04-03]] and [[HL7 FHIR Security 2018-04-10]] and [[HL7 FHIR Security 2018-04-17]] and [[HL7 FHIR Security 2018-04-24]] Minutes |
* Announcements | * Announcements | ||
| − | ** | + | ** [[GDPR (General Data Protection Regulation)]] whitepaper |
* Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance | * Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance | ||
** Johnathan sends regrets | ** Johnathan sends regrets | ||
| Line 82: | Line 82: | ||
==Minutes== | ==Minutes== | ||
| + | * John Chaired | ||
| + | * Minutes approved: Suzanne/Jim: 9-0-0 | ||
| + | * Discussion of GDPR findings at Cologne and interest in a 10 page whitepaper | ||
| + | * JC to build some CR offline for bulk review and approval | ||
| + | * Discussion of newest gForge items, notes saved in the specific gForge items | ||
| + | * Loui mentioned ONC hacking of offered FHIR servers with some shocking simple security mistakes | ||
| + | ** https://github.com/Asymmetrik/node-fhir-server-core/labels/ONC%20FHIR%20Challenge%20Vulnerability | ||
| + | ** Likely should add some reminders of these basic steps on our security.html checklist | ||
Latest revision as of 15:56, 2 June 2018
Call Logistics
Weekly: Tuesday at 02:00 pm EST
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| x | Suzanne Gonzales-Webb CBCC Co-Chair | x | Johnathan Coleman CBCC co-chair | . | Chris Shawn Security co-chair | |||
| x | Jim Kretz | x | Kenneth Salyards | . | Nathan Botts Mobile co-chair | |||
| x | Diana Proud-Madruga | x | Joe Lamy AEGIS | . | Beth Pumo | |||
| . | Irina Connelly | . | Matt Blackman Sequoia | . | Mark Underwood NIST | |||
| . | Peter Bachman | . | Grahame Greve FHIR Program Director | . | Kevin Shekleton (Cerner, CDS Hooks) | |||
| x | Luis Maas EMR Direct | . | Dave Silver | x | Francisco Jauregui |
Agenda
- Roll;
- approval of agenda
- approval of HL7 FHIR Security 2018-04-03 and HL7 FHIR Security 2018-04-10 and HL7 FHIR Security 2018-04-17 and HL7 FHIR Security 2018-04-24 Minutes
- Announcements
- GDPR (General Data Protection Regulation) whitepaper
- Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance
- Johnathan sends regrets
- KEY PRIVACY AND SECURITY CONSIDERATIONS FOR HEALTHCARE APPLICATION PROGRAMMING INTERFACES (APIS)
- Review Access Control section for improvement opportunities
- Action: everyone
- Continuous security testing and remediation
- Using off-the-shelf and open-source tools to simulate attacks, code inspection, and in other ways probe for vulnerabilities, and remediation of those vulnerabilities following Risk-Management methodology.
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- Improvement beyond SMART scopes
- Patient Directed backend communication
- Oauth App Registration
- Certificate Management
- New business
ACTIONS
references
- stream for Security and Privacy discussions. Specification development, and Implementation.
- stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
- Proposed FHIR Connectathon track for Cologne -- GDPR
- Blockchain FHIR Connectathon
- Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
- See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
Minutes
- John Chaired
- Minutes approved: Suzanne/Jim: 9-0-0
- Discussion of GDPR findings at Cologne and interest in a 10 page whitepaper
- JC to build some CR offline for bulk review and approval
- Discussion of newest gForge items, notes saved in the specific gForge items
- Loui mentioned ONC hacking of offered FHIR servers with some shocking simple security mistakes
- https://github.com/Asymmetrik/node-fhir-server-core/labels/ONC%20FHIR%20Challenge%20Vulnerability
- Likely should add some reminders of these basic steps on our security.html checklist
