This wiki has undergone a migration to Confluence found Here
201805 GDPR
Track Name
GDPR
Submitting WG/Project/Implementer Group
Security WG
Track Orientation Presentation -- TBD
Justification
The justification for this track is to explore how the FHIR specification and Implementation Guides enable and support compliance with GDPR.
This is a collaborative effort, please sign up to help
Relevant background
Prior Connectathon track 201709 Consumer Centered Data Exchange and 201801 Consumer Centered Data Exchange
Proposed Track Leads
- John Moehrke -Security WG co-chair - JohnMoehrke@gmail.com -- skype JohnMoehrke
- Alex Mense - Security WG co-chair
- Rene Spronk
Expected participants
- John Moehrke (HL7 Security co-chair) SME on FHIR Consent
- http://test.fhir.org/r3
Actors
- Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
- etc...
FHIR Capabilities
- Provenance resource
- AuditEvent resource
- Consent resource
- Identity
- Patient resource
- RelatedPerson
- Practitioner, PractitionerRole
- Group
- Organization
- Location
- etc.
- Security-label mechanism in all FHIR Resource definitions (.meta.security)
- Confidentiality classification
- Sensitivity classification
- Compartment classification
- Integrity classification
- Handling caveat
- Security-label vocabulary (aka HCS)
- Signature datatype
- De-Identification
- Authorization mechanisms
- SMART-on-FHIR
- IHE-IUA
- HEART
- etc...
- User/system Authentication
- Open-ID-Connect profile of OAuth
- by way of SMART-on-FHIR
- Open-ID-Connect profile of OAuth
- Communications security
- HTTPS
Testing Scenarios
TBD