This wiki has undergone a migration to Confluence found Here

Difference between revisions of "201805 GDPR"

From HL7Wiki
Jump to navigation Jump to search
Line 31: Line 31:
 
*http://test.fhir.org/r3
 
*http://test.fhir.org/r3
  
 +
==Actors==
 +
* Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
 +
* etc...
 +
 +
==FHIR Capabilities==
 +
 +
* Provenance resource
 +
* AuditEvent resource
 +
* Consent resource
 +
* Identity
 +
** Patient resource
 +
** RelatedPerson
 +
** Practitioner, PractitionerRole
 +
** Group
 +
** Organization
 +
** Location
 +
** etc.
 +
* Security-label mechanism in all FHIR Resource definitions (.meta.security)
 +
** Confidentiality classification
 +
** Sensitivity classification
 +
** Compartment classification
 +
** Integrity classification
 +
** Handling caveat
 +
* Security-label vocabulary (aka HCS)
 +
* Signature datatype
 +
* De-Identification
 +
* Authorization mechanisms
 +
** SMART-on-FHIR
 +
** IHE-IUA
 +
** HEART
 +
** etc...
 +
* User/system Authentication
 +
** Open-ID-Connect profile of OAuth
 +
*** by way of SMART-on-FHIR
 +
* Communications security
 +
** HTTPS
  
 
==Testing Scenarios==
 
==Testing Scenarios==
  
 
TBD
 
TBD

Revision as of 18:58, 28 March 2018


Track Name

GDPR

Submitting WG/Project/Implementer Group

Security WG

Track Orientation Presentation -- TBD

Justification

The justification for this track is to explore how the FHIR specification and Implementation Guides enable and support compliance with GDPR.

This is a collaborative effort, please sign up to help

Relevant background

Prior Connectathon track 201709 Consumer Centered Data Exchange and 201801 Consumer Centered Data Exchange

Proposed Track Leads

  • John Moehrke -Security WG co-chair - JohnMoehrke@gmail.com -- skype JohnMoehrke
  • Alex Mense - Security WG co-chair
  • Rene Spronk

Expected participants

Actors

  • Agent-Systems -- any system participating in the creation, use, or disclosure of identifiable data
  • etc...

FHIR Capabilities

  • Provenance resource
  • AuditEvent resource
  • Consent resource
  • Identity
    • Patient resource
    • RelatedPerson
    • Practitioner, PractitionerRole
    • Group
    • Organization
    • Location
    • etc.
  • Security-label mechanism in all FHIR Resource definitions (.meta.security)
    • Confidentiality classification
    • Sensitivity classification
    • Compartment classification
    • Integrity classification
    • Handling caveat
  • Security-label vocabulary (aka HCS)
  • Signature datatype
  • De-Identification
  • Authorization mechanisms
    • SMART-on-FHIR
    • IHE-IUA
    • HEART
    • etc...
  • User/system Authentication
    • Open-ID-Connect profile of OAuth
      • by way of SMART-on-FHIR
  • Communications security
    • HTTPS

Testing Scenarios

TBD