This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2018-12-11
Call Logistics
Weekly: Tuesday at 02:00 pm EST
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | . | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| x | Suzanne Gonzales-Webb CBCC Co-Chair | . | Johnathan Coleman CBCC co-chair | . | Chris Shawn Security co-chair | |||
| . | Jim Kretz | . | Kenneth Salyards | . | Nathan Botts Mobile co-chair | |||
| x | Diana Proud-Madruga | x | Joe Lamy AEGIS | . | Beth Pumo | |||
| . | Irina Connelly | . | Matt Blackman Sequoia | . | Mark Underwood NIST | |||
| . | Peter Bachman | . | Grahame Greve FHIR Program Director | . | Kevin Shekleton (Cerner, CDS Hooks) | |||
| . | Luis Maas | . | Julie Maas | . | Francisco Jauregui | |||
| . | Gary Dickinson | . | Dave Silver | x | Mike Davis | |||
| x | Peter van Liesdonk | . | No One | x | No One |
Agenda
- Roll;
- approval of agenda
- approval of HL7 FHIR Security 2018-10-30 , HL7 FHIR Security 2018-11-13 and HL7 FHIR Security 2018-12-04 Minutes
- Announcements
- TBD?
- FHIRcast review by security wg
- Isaac Vetter
- Specification: http://fhircast.org/
- Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
- GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security
- Review CarePlan FHIR Connectathon and HIMSS demo for impact on FHIR Security/privacy opportunity improvements -- Kathleen
- Plan for maturing security (and privacy) parts of FHIR -- FMM
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- New business
ACTIONS
references
- stream for Security and Privacy discussions. Specification development, and Implementation.
- stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
Minutes
- John chaired
- Agenda reviewed and approved: Kathleen/Beth: unanimous
- Approve 3 minutes: Suzanne/Kathleen: unanimous
- announcements
- FHIR R4 is in Grahame's hands and expected released by the end of the year.
- Isaac reviewed FHIR cast
- Prime site for reviewing the specification
- Uses W3C web-sub
- a spec that is used for web content distribution
- a standards based rest-hook
- https://www.w3.org/TR/websub/
- See Websub security considerations https://www.w3.org/TR/websub/#security-considerations
- the hub has last say on context switches, and is usually provided by the dominant software. Often the EHR.
- Recommendation
- Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
- Elevating to SHALL the use of HTTPS, BCP195, and SHA-256
- Address Audit Logging
- May be a responsibility of the hub to record approved context changes
- May be addressed through a subscribing app that does nothing but record context changes
- Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
- Two issues that have been discussed on the FHIR cast github were discussed
