This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2016-6-28
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692 Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV If you are having difficulty joining, please try: https://global.gotomeeting.com/join/520841173 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | x | Suzanne Gonzales-Webb CBCC Co-Chair | |||
. | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | . | Glen Marshal | . | Galen Mulrooney | |||
x | Dave Silver | x | Rob Horn | . | Judy Fincher | |||
x | Diana Proud-Madruga | x | Beth Pumo | . | Oliver Lawless | |||
. | Bob Dieterle | x | Mario Hyland | . | Joe Lamy | |||
. | Rick Grow | . | [mailto: Richard Etterma] | . | [mailto: Wayne Kubic] |
Agenda
- Roll;
- approval of agenda
- approval of the June 14, 2016 minutes
- FHIR spec was updated from two weeks ago approved CPs, so please review for mistakes.
- How should 'test-data' be identified? Is this a legitimate use of security-tags?
- It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
- See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
- De-Identification topics
- Update on action items
- 9563 Add onBehalfOf to Signature datatype ()
- Proposal edited last week is in the current build
- http://hl7-fhir.github.io/datatypes.html#Signature
- 9564 -- assigned to John -- following the discussion in the CP
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
- 7568 -- assigned to Kathleen, seems this should be satisfid by 9840? -- following the discussion in the CP
- 7568 2015May core #859 - How are agent and activity linked? ()
- 3318 -- assigned to Rick to work with Mike -- following the discussion in the CP
- 3318 Clarify how to use RBAC and ABAC using FHIR ()
- 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
- 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
- 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
- 9996 -- assigned to Glen -- following the discussion in the CP
- 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
- FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
- Discussion with Mario on getting prepared for next connectathon
- What use-case should we focus on? (Lab vs Financial vs Patient)
- Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
- 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
- Prepare for a block vote for next week --
- 9563 Add onBehalfOf to Signature datatype ()