This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR security topics"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
|||
| Line 17: | Line 17: | ||
** | ** | ||
** Detailed work plan and notes [[HL7 FHIR Provenance Resource]] | ** Detailed work plan and notes [[HL7 FHIR Provenance Resource]] | ||
| − | * [http://hl7-fhir.github.io/auditevent.html AuditEvent] Resource | + | * ==[http://hl7-fhir.github.io/auditevent.html AuditEvent] Resource== |
| + | ** Address outstanding CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure | ||
** harmonize the structure, element names, and vocabulary as much as possible with Provenance. | ** harmonize the structure, element names, and vocabulary as much as possible with Provenance. | ||
| + | ** document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise. | ||
** address the thought experiment of why do we have both Provenance and AuditEvent. (motivation vs consequence) (medical records vs security surveillance) | ** address the thought experiment of why do we have both Provenance and AuditEvent. (motivation vs consequence) (medical records vs security surveillance) | ||
*** See http://hl7-fhir.github.io/auditevent-mappings.html#w3c.prov | *** See http://hl7-fhir.github.io/auditevent-mappings.html#w3c.prov | ||
Revision as of 21:43, 3 November 2015
Project ID 1209
- FHIR disposition link on gForge for review/discussion (ongoing weekly agenda item)
- Security pages
- Including guidance on Authentication and Authorization
- Security Labels Page
- including meta tag use for security labels
- Signature Data Type
- Provenance Resource
- Including signature use within Provenance
- Provenance.activity value-set needs to be enlarged with existing vocabulary, and discussion around if it should be marked as Extensible.
- Provenance.entity.role unclear how each vocabulary item should be used.
- how is derivation to be used?
- how is revision to be used, other than the duplicate indication that would be in Provenance.activity.
- Provenance.reason binding only to the PurposeOfUse is not granular. Seems there should be a more clear distinction between reason and activity. question on why this is Extensible
- show how a resource and provenance would look as that resource transitions through lifecycle. In this way one would be able to find each step of the lifecycle, by way of version; and the provenance statement by way of the pointer to that version specific.
- Detailed work plan and notes HL7 FHIR Provenance Resource
- ==AuditEvent Resource==
- Address outstanding CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure
- harmonize the structure, element names, and vocabulary as much as possible with Provenance.
- document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise.
- address the thought experiment of why do we have both Provenance and AuditEvent. (motivation vs consequence) (medical records vs security surveillance)
- See http://hl7-fhir.github.io/auditevent-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/auditevent-mappings.html#fhirprovenance
- See http://hl7-fhir.github.io/provenance-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/provenance-mappings.html#fhirauditevent
- See http://hl7-fhir.github.io/w5
- Who records Provenance vs AuditEvent; what are the various architectures. The important point is to assure that the architecture chosen doesn't miss information.
- and various other things concerning Security -- Risks to Confidentiality, Integrity, and Availability.
- also interested in
- W5
- Privacy Consent as a profile on Contract
