This wiki has undergone a migration to Confluence found Here
Difference between revisions of "201805 GDPR"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
| Line 31: | Line 31: | ||
*http://test.fhir.org/r3 | *http://test.fhir.org/r3 | ||
| + | ==Actors== | ||
| + | * Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data | ||
| + | * etc... | ||
| + | |||
| + | ==FHIR Capabilities== | ||
| + | |||
| + | * Provenance resource | ||
| + | * AuditEvent resource | ||
| + | * Consent resource | ||
| + | * Identity | ||
| + | ** Patient resource | ||
| + | ** RelatedPerson | ||
| + | ** Practitioner, PractitionerRole | ||
| + | ** Group | ||
| + | ** Organization | ||
| + | ** Location | ||
| + | ** etc. | ||
| + | * Security-label mechanism in all FHIR Resource definitions (.meta.security) | ||
| + | ** Confidentiality classification | ||
| + | ** Sensitivity classification | ||
| + | ** Compartment classification | ||
| + | ** Integrity classification | ||
| + | ** Handling caveat | ||
| + | * Security-label vocabulary (aka HCS) | ||
| + | * Signature datatype | ||
| + | * De-Identification | ||
| + | * Authorization mechanisms | ||
| + | ** SMART-on-FHIR | ||
| + | ** IHE-IUA | ||
| + | ** HEART | ||
| + | ** etc... | ||
| + | * User/system Authentication | ||
| + | ** Open-ID-Connect profile of OAuth | ||
| + | *** by way of SMART-on-FHIR | ||
| + | * Communications security | ||
| + | ** HTTPS | ||
==Testing Scenarios== | ==Testing Scenarios== | ||
TBD | TBD | ||
Revision as of 18:58, 28 March 2018
Track Name
GDPR
Submitting WG/Project/Implementer Group
Security WG
Track Orientation Presentation -- TBD
Justification
The justification for this track is to explore how the FHIR specification and Implementation Guides enable and support compliance with GDPR.
This is a collaborative effort, please sign up to help
Relevant background
Prior Connectathon track 201709 Consumer Centered Data Exchange and 201801 Consumer Centered Data Exchange
Proposed Track Leads
- John Moehrke -Security WG co-chair - JohnMoehrke@gmail.com -- skype JohnMoehrke
- Alex Mense - Security WG co-chair
- Rene Spronk
Expected participants
- John Moehrke (HL7 Security co-chair) SME on FHIR Consent
- http://test.fhir.org/r3
Actors
- Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
- etc...
FHIR Capabilities
- Provenance resource
- AuditEvent resource
- Consent resource
- Identity
- Patient resource
- RelatedPerson
- Practitioner, PractitionerRole
- Group
- Organization
- Location
- etc.
- Security-label mechanism in all FHIR Resource definitions (.meta.security)
- Confidentiality classification
- Sensitivity classification
- Compartment classification
- Integrity classification
- Handling caveat
- Security-label vocabulary (aka HCS)
- Signature datatype
- De-Identification
- Authorization mechanisms
- SMART-on-FHIR
- IHE-IUA
- HEART
- etc...
- User/system Authentication
- Open-ID-Connect profile of OAuth
- by way of SMART-on-FHIR
- Open-ID-Connect profile of OAuth
- Communications security
- HTTPS
Testing Scenarios
TBD
