This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-2-23"

From HL7Wiki
Jump to navigation Jump to search
 
(One intermediate revision by one other user not shown)
Line 20: Line 20:
 
! ||'''Member Name'''|| !!  ||'''Member Name''' !!|| ||'''Member Name''' !!
 
! ||'''Member Name'''|| !!  ||'''Member Name''' !!|| ||'''Member Name''' !!
 
|-
 
|-
|||x|[mailto:jmoehrke@ge.med.com John Moehrke] Security Co-Chair
+
|| x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
||||x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
|-
 
|-
|||x|[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair
+
|| x||[mailto:gary.dickinson@ehr-standards.com Gary Dickinson] EHR Co-Chair
||||||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
+
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair
||||||[mailto:Mike.Davis@va.gov Mike Davis]
+
||||.||[mailto:Mike.Davis@va.gov Mike Davis]
 
|-
 
|-
||||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
+
|| .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
|||x|||[mailto:gfm@securityrs.com Glen Marshal]
+
||||x||[mailto:gfm@securityrs.com Glen Marshal]
||||||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
+
||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
|-
 
|-
||||[mailto:dsilver@electrosoft-inc.com Dave Silver]
+
|| .||[mailto:dsilver@electrosoft-inc.com Dave Silver]
||||||[mailto:robert.horn@agfa.com Rob Horn]  
+
||||x||[mailto:robert.horn@agfa.com Rob Horn]  
||||x||[mailto:Judith.Fincher@va.gov Judy Fincher]
+
||||.||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
|-
 
|-
|||| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+
|| x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
||||||[mailto:]  
+
||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
||||||[mailto:]
+
||||.||[mailto:]
 
|-
 
|-
 
|}
 
|}
Line 87: Line 87:
  
 
==Minutes==
 
==Minutes==
*Discussed the various approaches to ranking and typing "bags of agents"....
+
*Discussion on the various approaches to modeling delegation deferred.
 +
*Kathleen to update Agent CP 9570, 9571with revised definitions
 +
*Kathleen to update this group on outcome of FM discussion on
 +
*John to organize block vote for next Tuesday March 1 call.
 +
*Kathleen to continue work on an aligned definition for activity, as well as other definitions in the cross FHIR S&P alignment spreadsheet.

Latest revision as of 19:27, 1 March 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
x Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn . Judy Fincher
x Diana Proud-Madruga x Beth Pumo . [mailto:]

Agenda

Implement the following changes per 2 new CPs

  • CP 1: Align AuditEvent and Provenance action/activity element name and definition. Recommend changing to "activity".

AuditEvent.action [Change to AuditEvent.activity

Question: What to do with the definitional differences - e.g., possibly combine. Current AuditEven.action Definition: Indicator for type of action [Change to "activity".] performed during the event that generated the audit. Control 0..1 Binding AuditEventAction: Indicator for type of action[Change to "activity".] performed during the event that generated the audit. (Required) Type code Requirements This broadly indicates what kind of action [Change to "activity".] was done on the AuditEvent.entity by the AuditEvent.agent.

Definition: An activity is something that occurs over a period of time and acts upon or with entities; it may include consuming, processing, transforming, modifying, relocating, using, or generating entities. Control 0..1 Binding ProvenanceEventCurrentState: The activity that took place. (Extensible) Type Coding

Current Audit.entity.lifecycle Definition Identifier for the data life-cycle stage for the entity. Control 0..1 Binding AuditEventObjectLifecycle: Identifier for the data life-cycle stage for the object. (Extensible) Type Coding Requirements Institutional policies for privacy and security may optionally fall under different accountability rules based on data life cycle. This provides a differentiating value for those cases. Comments This can be used to provide an audit trail for data, over time, as it passes through the system."

  • Discuss the various approaches to ranking and typing "bags of agents" including situation where the ranking is between a delegator and a delegatee. This impacts approaches to use of a Signature Datatype "who" as a delegatee such as a Device, which cannot be a signer party, to sign on behalf of the legal party. Tabled until next call after issue is reviewed by FM on 2/19 call.
  • Discussion items that are possibly ready for a vote.
  • 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
  • 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) None
  • 9570 Change AuditEvent.agent definitions (Kathleen Connor) None
  • 9571 Change Provenance.agent definition (Kathleen Connor) None
  • 9562 Change Signature Datatype - make blob 0..1 (Kathleen Connor) None
  • 9593 Improve advice for Access Denied response (John Moehrke) None

Minutes

  • Discussion on the various approaches to modeling delegation deferred.
  • Kathleen to update Agent CP 9570, 9571with revised definitions
  • Kathleen to update this group on outcome of FM discussion on
  • John to organize block vote for next Tuesday March 1 call.
  • Kathleen to continue work on an aligned definition for activity, as well as other definitions in the cross FHIR S&P alignment spreadsheet.