This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 WGM May 2015 - Paris, France - Security WG - Minutes"
Jump to navigation
Jump to search
| Line 78: | Line 78: | ||
Stefano Lotti (SOA) | Stefano Lotti (SOA) | ||
Zachary Huynh | Zachary Huynh | ||
| + | |||
| + | =Wednesday Q3 = | ||
| + | Ballot comments related to FHIR | ||
| + | |||
| + | Josh Mandel | ||
| + | Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these? | ||
| + | SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/ | ||
Revision as of 12:52, 13 May 2015
Minutes from Security WG
Tuesday Q1
- Attendee
- John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Miyohara, Hideyuki
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- NOT! Princess Trish Williams - Co-Chair
- Agenda Reviewed HL7 WGM May 2015 - Paris, France - Security WG
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- Minutes
- HL7 Security January 2015 WGM Minutes
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- International Reportout
- ISO - Hideyuki
- Presentation attacked
- IHE - John
- ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter)
- Reminder about De-Identification Handbook as implementation guide on ISO Pseudonymization
- ISO - Hideyuki
Tuesday Q2
- Attendee
- John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Miyohara, Hideyuki
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- Trish Williams - Co-Chair
- Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com
- Comelia Felder - comelia.felder@roche.com
- Privacy on FHIR - Jonathan Coleman
- ONC and VA initiative to demonstrate Privacy on FHIR
- Not an effort to create standards or guidance documentation
- Using HCS, SLS, Ontology, DS4P, and consent
- OpenID, OAuth2, UMA
- Data Provenance IG - Jonathan Coleman
- comments resolved awaiting final DSTU soon
- FHIR Ballot triage
Tuesday Q3
- FHIR Ballot triage
Tuesday Q4
lack of quorum, canceled
Wednesday Q2
- Joint with SOA (hosted by SEC)
- PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.
- Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- Under a Platform Specific Model this would require specification of the security token platform?
- RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes.
- For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this.
- PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc).
- Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. This is a clarifier of the Platform Specific Model(discussed above)
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- Security will find lead (from those working on the problem). The project will not be created until the people are found.
- PSS on Approved at TSC 12/05/2015
- Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].
Attendees: Trish Williams - Co-Chair John Moehrke - Co-Chair Alex Mense - Co-Chair Miyohara, Hideyuki Clay Sebourn - Clay.Sebourn@emc.com Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com Vince McCauley (SOA) Stefano Lotti (SOA) Zachary Huynh
Wednesday Q3
Ballot comments related to FHIR
Josh Mandel Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these? SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/
