This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "201805 GDPR"

From HL7Wiki
Jump to navigation Jump to search
m
Line 15: Line 15:
  
 
This is a collaborative effort, please sign up to help  
 
This is a collaborative effort, please sign up to help  
 +
 +
[https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/topic/GPDR Zulip chat thread on GDPR] for ongoing dialog
  
 
===Relevant background===
 
===Relevant background===
Line 22: Line 24:
 
*[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/HIMSS%20GDPR%20Webinar%20-%20final%203-20-2018.pdf HIMSS presentation on GDPR]
 
*[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/HIMSS%20GDPR%20Webinar%20-%20final%203-20-2018.pdf HIMSS presentation on GDPR]
 
* blog by Rene http://www.ringholm.com/column/GDPR_impact_on%20healthcare_data_interoperability.htm
 
* blog by Rene http://www.ringholm.com/column/GDPR_impact_on%20healthcare_data_interoperability.htm
 +
* IHE whitepaper on GDPR - https://www.ihe-europe.net/sites/default/files/GDPR_WEB_00.pdf
 +
* Useful GDPR regulation text reference https://gdpr-info.eu/
  
 
==Proposed Track Leads==
 
==Proposed Track Leads==

Revision as of 19:44, 17 April 2018


Track Name

GDPR - General Data Protection Regulation

Submitting WG/Project/Implementer Group

Security WG

Track Orientation Presentation -- TBD

Justification

The justification for this track is to explore how the FHIR specification and Implementation Guides enable and support compliance with GDPR. This is not an overall examination of GDPR.

This is a collaborative effort, please sign up to help

Zulip chat thread on GDPR for ongoing dialog

Relevant background

Prior Connectathon track 201709 Consumer Centered Data Exchange and 201801 Consumer Centered Data Exchange

Proposed Track Leads

  • John Moehrke -Security WG co-chair - JohnMoehrke@gmail.com -- skype JohnMoehrke
  • Alex Mense - Security WG co-chair
  • Rene Spronk

Expected participants

Actors

  • Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
  • etc...

FHIR Capabilities

Expect to produce a cross-reference between the existing FHIR Security & Privacy capabilities and how they aid with GDPR compliance.

  • Provenance resource
  • AuditEvent resource
  • Consent resource
  • Identity
    • Patient resource
    • RelatedPerson
    • Practitioner, PractitionerRole
    • Group
    • Organization
    • Location
    • etc.
  • Security-label mechanism in all FHIR Resource definitions (.meta.security)
    • Confidentiality classification
    • Sensitivity classification
    • Compartment classification
    • Integrity classification
    • Handling caveat
  • Security-label vocabulary (aka HCS)
  • Signature datatype
  • De-Identification
  • Authorization mechanisms
    • SMART-on-FHIR
    • Sync for Science
    • IHE-IUA
    • HEART
    • etc...
  • User/system Authentication
    • Open-ID-Connect profile of OAuth
      • by way of SMART-on-FHIR
  • Communications security
    • HTTPS

Testing Scenarios