This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2018-12-11"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
| Line 15: | Line 15: | ||
|- | |- | ||
|| x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | || x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair | ||
| − | |||| | + | ||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair |
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||
|- | |- | ||
| Line 26: | Line 26: | ||
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair | ||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair | ||
|- | |- | ||
| − | || | + | || .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] |
| − | |||| | + | ||||.||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS |
| − | |||| | + | ||||x||[mailto:Beth.Pumo@kp.org Beth Pumo] |
|- | |- | ||
|| .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | || .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | ||
| Line 44: | Line 44: | ||
|| .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson] | || .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson] | ||
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver] | ||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver] | ||
| − | |||| | + | ||||.||[mailto:mike.davis@va.gov Mike Davis] |
|- | |- | ||
|| x||[mailto:peter.van.liesdonk@philips.com Peter van Liesdonk] | || x||[mailto:peter.van.liesdonk@philips.com Peter van Liesdonk] | ||
| − | |||| | + | ||||x||[mailto:isaac@epic.com Isaac Vetter] |
| − | |||| | + | ||||.||[mailto:Theresa Ardel Connor] |
|- | |- | ||
|} | |} | ||
| Line 80: | Line 80: | ||
* John chaired | * John chaired | ||
* Agenda reviewed and approved: Kathleen/Beth: unanimous | * Agenda reviewed and approved: Kathleen/Beth: unanimous | ||
| − | * | + | * approval of [[HL7 FHIR Security 2018-10-30]] , [[HL7 FHIR Security 2018-11-13]] and [[HL7 FHIR Security 2018-12-04]] Minutes |
| + | ** Motion to approve three minutes: Suzanne/Kathleen: unanimous | ||
* announcements | * announcements | ||
** FHIR R4 is in Grahame's hands and expected released by the end of the year. | ** FHIR R4 is in Grahame's hands and expected released by the end of the year. | ||
* Isaac reviewed FHIR cast | * Isaac reviewed FHIR cast | ||
| − | ** | + | ** Specification: http://fhircast.org/ |
| − | *** | + | ** Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast |
| + | ** GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security | ||
** Uses W3C web-sub | ** Uses W3C web-sub | ||
*** a spec that is used for web content distribution | *** a spec that is used for web content distribution | ||
Revision as of 20:23, 11 December 2018
Call Logistics
Weekly: Tuesday at 02:00 pm EST
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| x | Suzanne Gonzales-Webb CBCC Co-Chair | . | Johnathan Coleman CBCC co-chair | . | Chris Shawn Security co-chair | |||
| . | Jim Kretz | . | Kenneth Salyards | . | Nathan Botts Mobile co-chair | |||
| . | Diana Proud-Madruga | . | Joe Lamy AEGIS | x | Beth Pumo | |||
| . | Irina Connelly | . | Matt Blackman Sequoia | . | Mark Underwood NIST | |||
| . | Peter Bachman | . | Grahame Greve FHIR Program Director | . | Kevin Shekleton (Cerner, CDS Hooks) | |||
| . | Luis Maas | . | Julie Maas | . | Francisco Jauregui | |||
| . | Gary Dickinson | . | Dave Silver | . | Mike Davis | |||
| x | Peter van Liesdonk | x | Isaac Vetter | . | Ardel Connor |
Agenda
- Roll;
- approval of agenda
- approval of HL7 FHIR Security 2018-10-30 , HL7 FHIR Security 2018-11-13 and HL7 FHIR Security 2018-12-04 Minutes
- Announcements
- TBD?
- FHIRcast review by security wg
- Isaac Vetter
- Specification: http://fhircast.org/
- Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
- GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security
- Review CarePlan FHIR Connectathon and HIMSS demo for impact on FHIR Security/privacy opportunity improvements -- Kathleen
- Plan for maturing security (and privacy) parts of FHIR -- FMM
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- New business
ACTIONS
references
- stream for Security and Privacy discussions. Specification development, and Implementation.
- stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
Minutes
- John chaired
- Agenda reviewed and approved: Kathleen/Beth: unanimous
- approval of HL7 FHIR Security 2018-10-30 , HL7 FHIR Security 2018-11-13 and HL7 FHIR Security 2018-12-04 Minutes
- Motion to approve three minutes: Suzanne/Kathleen: unanimous
- announcements
- FHIR R4 is in Grahame's hands and expected released by the end of the year.
- Isaac reviewed FHIR cast
- Specification: http://fhircast.org/
- Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
- GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security
- Uses W3C web-sub
- a spec that is used for web content distribution
- a standards based rest-hook
- https://www.w3.org/TR/websub/
- See Websub security considerations https://www.w3.org/TR/websub/#security-considerations
- the hub has last say on context switches, and is usually provided by the dominant software. Often the EHR.
- Recommendation
- Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
- Elevating to SHALL the use of HTTPS, BCP195, and SHA-256
- Address Audit Logging
- May be a responsibility of the hub to record approved context changes
- May be addressed through a subscribing app that does nothing but record context changes
- Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
- Two issues that have been discussed on the FHIR cast github were discussed
