HL7 MAY WGM Event BROCHURE Link
TBD Madrid WGM SITE
Minutes: May 2017 Security WGM Minutes Madrid, Spain
Back to Security Meetings
AGENDA
Day
|
Date
|
Qtr
|
Time
|
Event
|
Session Leader
|
Room
|
SUN |
MAY 7 |
Q1 |
10:00-11:30 |
International Affiliates/Connectathon Report Out |
International Affiliates/Connectathon |
TBD
|
|
|
Q2 |
12:00-1:30 |
International Affiliates/Connectathon Report Out |
International Affiliates/Connectathon |
TBD
|
|
|
Q3 |
2:45-4:00 |
Cochair FHIR Session |
FHIR MG |
TBD
|
|
|
Q4 |
4:30-6:00 |
Cochair Vocabulary Session |
Vocabulary WG |
TBD
|
MON |
MAY 8 |
Q1 |
10:00-11:30 |
. |
No Meeting |
.
|
|
|
Q2 |
12:00-1:30 |
. |
No Meeting |
.
|
|
|
Q3 |
2:45-4:00
|
Joint CBCC - Security
|
CBCC |
TBD
|
|
|
Q4 |
4:30-6:00
|
Joint with CBCC – New discussion items and projects
|
CBCC
|
TBD
|
TUE |
May 9 |
Q1 |
10:00-11:30
|
Opening Security WG Meeting
- Introductions
- Approval of agenda
- International Report outs
- HL7 Policy Advisory Committee update
- Liaison Reports: ISO, IHE, ONC
- HL7 Project status and updates:
- FHIR Security - AuditEvent, Provenance, Security Labels
- Trust Framework - Ballot Report and WGM Reconciliation Plans, Links to FHIR Security
- SLS Revisions - WGM Development Plans, Links to FHIR Security
- SOA Audit - Status, Development Plans, Links to FHIR Security
- FHIR Privacy and Security Conformance Test Suite Development - Discussions planned for WGM
|
Security
|
TBD
|
|
|
Q2 |
12:00-1:30
|
Trust Framework Work Session
|
Security
|
TBD
|
|
|
Q3 |
2:45-4:00
|
CBCC FHIR-I Joint on FHIR Consent Resource
|
CBCC
|
TBD
|
|
|
Q4 |
4:30-6:00
|
Security WG Project Meeting
- FHIR Privacy and Security Conformance Test Suite Planning Session
- FHIR Security Front matter Work Session
- Outstanding FHIR Security CR Resolution
|
Security
|
TBD
|
WED |
MAY 10 |
Q1 |
10:00-11:30
|
Joint w/ EHR, CBCC, FHIR, SOA, Security
- Discussion with AEGIS Team on development of a FHIR Privacy, Security, Provenance, and Digital Ledger Technology Conformance Testing Suite. Expectation is that WGs will bring any test cases [e.g., Cascading OAuth for Patient Right of Access] have been developed or input to test cases.
|
Security
|
TBD
|
|
|
Q2 |
12:00-1:30
|
Joint w/ SOA
- Tentative Agenda Items:
- PASS Audit topics (joint w Security, CBCC, SOA)
|
SOA
|
TBD
|
|
|
Q3 |
2:45-4:00
|
Security WG deep FHIR topics
- Josh assigned FHIR Core team
- SMART on FHIR
- Deep dive on HOW it does this
- Experience from the field
- Are their known stepping-stones
- Work on how FHIR should address SMART vs HEART vs IUA vs TLS vs others
- Various use-cases
- User using browser app
- User using mobile App
- System-to-system (e.g. organization to organization)
- Introduction to CDS-Hook
- Some points that might not be fully clear why I am interested in cds-hook. First,
- the security workgroup knows that we are not experts on medical information. We see the general concept of CDS to be a service that fully understands medical information. Thus we callup the general concept to tell us if there are sensitive health topics. This is what we have encapsulated in the SLS. So, wondering how we can leverage the cds-hook similarly. I think this is what Grahame was referring to with the point about suggesting security tags to the user. It would be best if the user doesn't need to think about security-tags, although they should be able to change them authoritatively with proper authorization. Adding a layer that can transparently assess the data using current CDS knowledge and expertise to apply proper security-tags.
- The other point is that to fully protect healthcare data to the very finegrain level that some envision, we need not only security assessment of the data in create/update, or resting, but also during accessing. Today OAuth scopes are very simplistic (i.e. SMART), but eventually they need to get more detailed and multi-layered. Way beyond what OAuth standards support today. The interpretation of the OAuth security token, relative to the query requested, and the results it uncovers; should be done by some security layer that is aware of FHIR, but is not fundamentally changing the baseline concept that is FHIR. --- So I am looking at what you have done with cds-hooks to see if there is something similar that can be done to advance the capability toward more fine grain authorization enforcement.
- background materials from Kevin Shekleton CDS Hooks slide deck from the HSPC HIT Developers Conference today. presentation was recorded and when available will share that link in the Speaker Deck description for the presentation.
|
Security
|
TBD
|
|
|
Q4 |
4:30-6:00
|
Security WG Project Meeting
- Continue TF4FA Reconciliation
- Workgroup Health Update - cont. THU Q2
|
Security
|
TBD
|
THU |
MAY 11 |
Q1 |
10:00-11:30
|
Security Joint with CBCC,FHIR-I
- Josh assigned FHIR Core team
- Continued: FHIR Connectathon Privacy and Security testing scenarios
|
Security
|
TBD|-
|
|
|
Q2 |
12:00-1:30
|
Security WG Project Meeting
- July Harmonization Proposals: Signature Types
- Addition to FHIR Agent value set
- POU additions - HTEST, Research Consent POUs
- Prose Object code system
|
Security
|
TBD
|
|
|
Q3 |
2:45-4:00 |
. |
|
.
|
|
|
Q4 |
4:30-6:00 |
. |
|
.
|
FRI |
MAY 12 |
Q1 |
10:00-11:30 |
. |
|
.
|
|
|
Q2 |
12:00-1:30 |
. |
|
.
|
|
|
Q3 |
2:45-4:00 |
. |
|
.
|
|
|
Q4 |
4:30-6:00 |
. |
|
.
|
Back to Security Wiki Meetings
Session Type: