Difference between revisions of "HL7 FHIR Security 2018-09-04"

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Agenda

• Roll;
• approval of agenda
• approval of HL7 FHIR Security 2018-08-28 Minutes
• Announcements
  • TBD?
• Process for "Security and Privacy Considerations" section
• Plan for maturing security (and privacy) parts of FHIR -- FMM
• All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
• New business

ACTIONS

• John - forward safety checklist updates with explanation to FHIR-I
• John - propose next steps on "Security Considerations" on each FHIR page
• John - bring proposal to Grahame to see how the FHIR build tools can aid us

Security Considerations on each page

• General sensitivity:
  • All resources can contain sensitive information, these groups are only general expectations based on the Resource intended use-case
  • Public/Infrastructure, --- Should be Public and not sensitive themselves, but care as inappropriate use might put sensitive information within
    • Bundle, Linage, MessageHeader, OperationOutcome, Parameters, Subscription, CapabilityStatement, StructureDefinition, ImplementationGuide, SearchParameters, MessageDefinition, OperationDefinition, CompartmentDefinition, StrucureMap, GraphDefinition, ExampleScenario, CodeSystem, ValueSet, ConceptMap, NamingSystem, TermininologyCapability, Library, Questioniare, ActivityDefinition, DeviceDefinition, EntryDefinition, EventDefinition, ObservationDefinition, PlanDefinition, SpecimenDefinition, TestScript, TestReport
  • Business-Sensitive, --- Mostly Public and not sensitive, but care as they may contain business sensitive
    • Organization, OrganizationAlliliation, HealthcareServices, Endpoint, Location, Substance, BiologicallyDerivedProduct, Device, DeviceMetric, Task, PractitionerRole, Schedule, Slot, ProcessRequest, ProcessResponse, Measure, MeasureReport
    • all of the Financial ????
    • all of the Medication Definition ???
  • Provider-Sensitive, --- Provider identified data, may be appropriate to release for specific use-cases, but does expose the provider individual
    • Appointment, AppointmentResponse, Practitioner, PractitionerRole, Person, CareTeam
    • all Patient-Sensitive
    • all of the Financial
  • Patient-Sensitive
    • Patient, RelatedPerson, Person, Encounter, EpisodeOfCare, Flag
    • all of the Clinical
    • all of the Financial
  • Unknowable -- Could contain anything, thus might be public or might be highly sensitive
    • Binary, List, Group, QuestionaireResponse

resources

• To focus on FHIR as a scoping mechanism. That is to say that this effort could be applied everywhere, but we need to start somewhere. There has been some interest for this kind of review in FHIR.
  • Person resource http://build.fhir.org/person.html#security
• Much like IETF has with W3C PING?
  • W3C PING https://w3c.github.io/privacy-considerations/
  • W3C specification for writing Privacy Considerations http://yrlesru.github.io/SPA/
  • W3C Self-Review Questionnaire: Security and Privacy https://www.w3.org/TR/security-privacy-questionnaire/
• IETF guidance on writing the Security Considerations section https://tools.ietf.org/html/rfc3552
• IETF guidance on writing a protocol module -- a description of your standard so that an analysis can be made https://tools.ietf.org/html/rfc4101
• Could try to apply W3C process without customization to see how well it applies?
  • W3C Self-Review Questionnaire: Security and Privacy -- GITHUB active version https://w3ctag.github.io/security-questionnaire/
  • Note not all FHIR resources are sensitive, some are intended to be publicly exposed.

references

• stream for Security and Privacy discussions. Specification development, and Implementation.
  • https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy
• stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
  • https://chat.fhir.org/#narrow/stream/patient.20empowerment
• Proposed FHIR Connectathon track for Cologne -- GDPR
  • http://wiki.hl7.org/index.php?title=201805_GDPR
• Blockchain FHIR Connectathon
  • Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
  • See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
• Certificate Management
  • Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Do.20we.20need.20to.20say.20anything.20about.20Certificate.20Management
• Improvement beyond SMART scopes
  • Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Improvement.20beyond.20SMART.20scopes
• Patient Directed backend communication
  • Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Patient.20directed.20backend.20communication
• Oauth App Registration
  • Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/OAuth.20App.20Registration

Current Open issues in gForge

• 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
• 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
• 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
• 12660 HCS+use+clarification (John Moehrke) None
• 17192 Verification+of+given+resource+without+changing+the+content (Thomas Johansen) None
• 17299 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) None
• 17300 Break-Glass+description+needs+clarifications (John Moehrke) None
• 14678 Implementation+guide+for+signatures+-+2018-Jan+Core+%231 (Brian Pech) Not Persuasive

Minutes

• John chaired
• Roll;
• approval of agenda
• approval of HL7 FHIR Security 2018-08-28 Minutes -- Diana/Mike Davis: 4-0-0
• Announcements
  • Mike -- Will be opening up a new project to revise and improve the Privacy and Security DAM.
    • It has been found to be missing ABAC, possibly other
    • Mike will look for old PSS to see if it can be revived or used as a start of a new PSS.
    • Mike to take this to full workgroup
    • Might be FHIR impact for this sub-workgroup to address
• Process for "Security and Privacy Considerations" section
  • John is behind on writing his introduction to this work
  • Suzanne points out that when we use the term "Public/Infrastructure" that it beggs the question about "Private"?
  • Mike points out that these buckets are already well known, and have well defined guidance
    • Agreed we want to leverage that.
  • The new part here is the assessment of FHIR resources into these buckets
• Plan for maturing security (and privacy) parts of FHIR -- FMM
  • Reviewed Maturity states in FHIR
  • Doesn't seem like there is much we need to do to prepare for Normative in R5
  • John to add this as a discussion topic at Baltimore
• All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
• New business