This wiki has undergone a migration to Confluence found Here
HL7 FHIR security topics
Revision as of 21:51, 3 November 2015 by Kathleenconnor (talk | contribs)
Project ID 1209
- FHIR disposition link on gForge for review/discussion (ongoing weekly agenda item)
- Security pages
- Including guidance on Authentication and Authorization
- Security Labels Page
- including meta tag use for security labels
- Signature Data Type
Provenance Resource
- Address outstanding Provenance CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure
- Including signature use within Provenance
- Provenance.activity value-set needs to be enlarged with existing vocabulary, and discussion around if it should be marked as Extensible.
- Provenance.entity.role unclear how each vocabulary item should be used.
- how is derivation to be used?
- how is revision to be used, other than the duplicate indication that would be in Provenance.activity.
- Provenance.reason binding only to the PurposeOfUse is not granular. Seems there should be a more clear distinction between reason and activity. question on why this is Extensible
- show how a resource and provenance would look as that resource transitions through lifecycle. In this way one would be able to find each step of the lifecycle, by way of version; and the provenance statement by way of the pointer to that version specific.
- Detailed work plan and notes HL7 FHIR Provenance Resource
AuditEvent Resource
- Address outstanding AuditEvent CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure
- harmonize the structure, element names, and vocabulary as much as possible with Provenance.
- document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise.
- address the thought experiment of why do we have both Provenance and AuditEvent. (motivation vs consequence) (medical records vs security surveillance)
- See http://hl7-fhir.github.io/auditevent-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/auditevent-mappings.html#fhirprovenance
- See http://hl7-fhir.github.io/provenance-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/provenance-mappings.html#fhirauditevent
- See http://hl7-fhir.github.io/w5
- Who records Provenance vs AuditEvent; what are the various architectures. The important point is to assure that the architecture chosen doesn't miss information.
- and various other things concerning Security -- Risks to Confidentiality, Integrity, and Availability.
- also interested in
- W5
- Privacy Consent as a profile on Contract
