This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2016-6-14
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Suzanne Gonzales-Webb CBCC Co-Chair | |||
. | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
. | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
x | Diana Proud-Madruga | . | Beth Pumo | . | Oliver Lawless | |||
. | Bob Dieterle | . | Mario Hyland | . | Joe Lamy | |||
x | Grow | . | Etterma | . | Kubic |
Agenda
- Roll;
- approval of agenda
- approval of the June 7, 2016 minutes
- Block Vote
- any removals from vote?
- Ready for discussion to resolve to a vote (vote this week, or block vote next week)
- Discussion on signature 'type' that is 'onBehalfOf'
- 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
- Need feedback from the community on how important the other DICOM elements are to FHIR. The DICOM named items we can make as named extensions quite easily. THe ability that DICOM allows for infinite expansion should be left to normal HL7 FHIR extension.
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
- Need discussion. On the one hand, I don't see how this is a critical problem. The use-case given can be addressed with multiple Provenace instances pointing at the same target version, one for each agent. There is notes that Paul and/or Josh have solved the problem elsewhere. I haven't seen any of those details, and still confused on why an easy solution isn't better.
- 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
- Discussion on signature 'type' that is 'onBehalfOf'
- Need assignment
- Need someone to write a paragraph outlining generally how RBAC and ABAC would be used with FHIR. Not a design, but just contrast and explain how they are enabled by FHIR
- 3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
- update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
- Need editor to write paragraph or break-glass. Likely just an sentence or two in second half of AuditEvent resource page explaining the break-glass example. Also need to add that text to the break-glass example.
- Need editor to write text and example. Derived from Rene's --- John?
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
- Need someone to write a paragraph outlining generally how RBAC and ABAC would be used with FHIR. Not a design, but just contrast and explain how they are enabled by FHIR
- FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
- Discussion with Mario on getting prepared for next connectathon
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
- 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
- Discussion around _confidentiality code vocabulary.
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- Prepare for a block vote for next week --
All Security Open
all items have been put into the agenda.
Block Vote
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) Not Persuasive
- 9150 Provenance TODO section cleanup (John Moehrke) Persuasive
- 9151 AuditEvent has TODO section to be removed (John Moehrke) Persuasive
- 9919 Add parameters to AuditEvent (John Moehrke) Persuasive
- 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) Persuasive with Mod
- 9840 Provenance.entity.provenance (Kathleen Connor) Persuasive with Mod
- 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) Persuasive with Mod
Minutes
- John Chaired
- Agenda approved: Glen/Rob: unanimous
- Minutes of June 7th approved: Glen/Rob: unanimous
- Block vote reviewed. No requests to remove items or discuss items
- Motion to approve the bloc: Rob/Glen: unanimous
- 9563 -- assigned to Kathleen, to work with Rob -- Following the discussion in the CP
- 9564 -- assigned to John -- following the discussion in the CP
- 7568 -- assigned to Kathleen, seems this should be satisfid by 9840? -- following the discussion in the CP
- 3318 -- assigned to Rick to work with Mike -- following the discussion in the CP
- Action: John to send email to Rick
- 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
- 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
- 9996 -- assigned to Glen -- following the discussion in the CP