This wiki has undergone a migration to Confluence found Here
Difference between revisions of "201805 GDPR"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
Line 71: | Line 71: | ||
==Testing Scenarios== | ==Testing Scenarios== | ||
− | TBD | + | * Privacy Consents -- follow [[201801 Consumer Centered Data Exchange]] |
+ | ** or enhancements as needed | ||
+ | * TBD |
Revision as of 20:06, 28 March 2018
Track Name
GDPR
Submitting WG/Project/Implementer Group
Security WG
Track Orientation Presentation -- TBD
Justification
The justification for this track is to explore how the FHIR specification and Implementation Guides enable and support compliance with GDPR.
This is a collaborative effort, please sign up to help
Relevant background
Prior Connectathon track 201709 Consumer Centered Data Exchange and 201801 Consumer Centered Data Exchange
Proposed Track Leads
- John Moehrke -Security WG co-chair - JohnMoehrke@gmail.com -- skype JohnMoehrke
- Alex Mense - Security WG co-chair
- Rene Spronk
Expected participants
- John Moehrke (HL7 Security co-chair) SME on FHIR Consent
- http://test.fhir.org/r3
Actors
- Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
- etc...
FHIR Capabilities
Expect to produce a cross-reference between the existing FHIR Security & Privacy capabilities and how they aid with GDPR compliance.
- Provenance resource
- AuditEvent resource
- Consent resource
- Identity
- Patient resource
- RelatedPerson
- Practitioner, PractitionerRole
- Group
- Organization
- Location
- etc.
- Security-label mechanism in all FHIR Resource definitions (.meta.security)
- Confidentiality classification
- Sensitivity classification
- Compartment classification
- Integrity classification
- Handling caveat
- Security-label vocabulary (aka HCS)
- Signature datatype
- De-Identification
- Authorization mechanisms
- SMART-on-FHIR
- IHE-IUA
- HEART
- etc...
- User/system Authentication
- Open-ID-Connect profile of OAuth
- by way of SMART-on-FHIR
- Open-ID-Connect profile of OAuth
- Communications security
- HTTPS
Testing Scenarios
- Privacy Consents -- follow 201801 Consumer Centered Data Exchange
- or enhancements as needed
- TBD