This wiki has undergone a migration to Confluence found Here
HL7 FHIR Security 2018-08-14
Contents
Call Logistics
Weekly: Tuesday at 02:00 pm EST
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| x | Suzanne Gonzales-Webb CBCC Co-Chair | . | Johnathan Coleman CBCC co-chair | . | Chris Shawn Security co-chair | |||
| x | Jim Kretz | . | Kenneth Salyards | . | Nathan Botts Mobile co-chair | |||
| . | Diana Proud-Madruga | x | Joe Lamy AEGIS | . | Beth Pumo | |||
| . | Irina Connelly | . | Matt Blackman Sequoia | . | Mark Underwood NIST | |||
| . | Peter Bachman | . | Grahame Greve FHIR Program Director | . | Kevin Shekleton (Cerner, CDS Hooks) | |||
| . | Luis Maas | . | Julie Mass | . | Francisco Jauregui | |||
| . | Gary Dickinson | . | Dave Silver | . | Foo Bar |
Agenda
- Roll;
- approval of agenda
- approval of HL7 FHIR Security 2018-07-10 Minutes
- Announcements
- Baltimore Connectathon?
- FHIR Build is frozen for R4 ballot. QA happening
- Short report out from ONC Interop Forum - Privacy Standards panel
- Review Kathleen's proposal for Safety Checklist
- Should we have a procedure that other workgroups can bring us FHIR Resources or FHIR IG, where we do a Privacy and Security analysis SO-THAT we inform their "Security and Privacy Considerations" section?
- To focus on FHIR as a scoping mechanism. That is to say that this effort could be applied everywhere, but we need to start somewhere. There has been some interest for this kind of review in FHIR.
- Person resource http://build.fhir.org/person.html#security
- Much like IETF has with W3C PING?
- W3C PING https://w3c.github.io/privacy-considerations/
- W3C specification for writing Privacy Considerations http://yrlesru.github.io/SPA/
- W3C Self-Review Questionnaire: Security and Privacy https://www.w3.org/TR/security-privacy-questionnaire/
- IETF guidance on writing the Security Considerations section https://tools.ietf.org/html/rfc3552
- IETF guidance on writing a protocol module -- a description of your standard so that an analysis can be made https://tools.ietf.org/html/rfc4101
- Could try to apply W3C process without customization to see how well it applies?
- W3C Self-Review Questionnaire: Security and Privacy -- GITHUB active version https://w3ctag.github.io/security-questionnaire/
- Note not all FHIR resources are sensitive, some are intended to be publicly exposed.
- To focus on FHIR as a scoping mechanism. That is to say that this effort could be applied everywhere, but we need to start somewhere. There has been some interest for this kind of review in FHIR.
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- New business
ACTIONS
- Kathleen - update her proposal for safety checklist
references
- stream for Security and Privacy discussions. Specification development, and Implementation.
- stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
- Proposed FHIR Connectathon track for Cologne -- GDPR
- Blockchain FHIR Connectathon
- Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
- See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
- Certificate Management
- TLS 1.2 or higher
- Improvement beyond SMART scopes
- Patient Directed backend communication
- Oauth App Registration
