This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-10-04"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Conference Audio: '''770-657-9270,''' Access: '''845692'' '''Join online meeting: https://global.gotomeetin...")
 
Line 62: Line 62:
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?  (Gary will join)
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?  (Gary will join)
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
 +
 +
==FHIR Security Open Issues==
 +
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set ()
 +
** Action: Gary
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 9042] Add RBAC as value set for AuditEvent.participant.role ()
 +
** Action: Kathleen
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 9043] Add ABAC as alternative value set for AuditEvent.participant.role ()
 +
** Action: Kathleen
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9052 9052] Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
 +
** Action: Kathleen
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
 +
** Action: John
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9750 9750] Add Standard Extension to Domain Resource for Sourcing Acquired Data ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources ()
 +
** Action: Glen
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10184 10184] Linkage vs provenance ()
 +
** Unclear
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10343 10343] Three additional Signature.type codes ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10408 10408] AuditEvent - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10409 10409] Provenance - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10465 10465] Change AuditEvent.purposeOfUse and AuditEvent.agent.purposeOfUse from Coding to CodeableConcept ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10579 10579] New Security and Privacy "Module" page needs content ()
 +
 +
From September ballot
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent needs to make more obvious how to record a break-glass event ()
 +
** Action: John
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10382 10382] Provenance activity codes are insufficient/inappropriate ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10580 10580] How should test data be identified? ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10581 10581] something should be said about de-identification ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071 11071] Improve security label guidance - 2016-09 core #90 ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11082 11082] Make proposed wording change - 2016-09 core #163 ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11083 11083] OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity - 2016-09 core #164 ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11084 11084] Typo - 2016-09 core #165 ()
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11141 11141] Specify agent organizational role - 2016-09 core #295 ()
  
 
==Minutes==
 
==Minutes==

Revision as of 14:13, 4 October 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692
Join online meeting:  https://global.gotomeeting.com/join/520841173  
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair . Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
. Diana Proud-Madruga . Beth Pumo . Oliver Lawless
. Bob Dieterle . Mario Hyland x Joe Lamy
. Rick Grow . [mailto: Richard Etterma] . [mailto: Wayne Kubic]

Agenda

  • Roll;
  • approval of agenda
  • approval of the August 30, 2016 minutes
  • All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
  • Update on action items
  • 9564 -- assigned to John -- following the discussion in the CP
    • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
  • 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
    • 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
  • 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
    • 9042 Add RBAC as value set for AuditEvent.participant.role ()
    • 9043 Add ABAC as alternative value set for AuditEvent.participant.role ()
    • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
  • 9996 -- assigned to Glen -- following the discussion in the CP
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
    • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None

FHIR Security Open Issues

  • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set ()
    • Action: Gary
  • 9042 Add RBAC as value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9043 Add ABAC as alternative value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
    • Action: Kathleen
  • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
    • Action: John
  • 9750 Add Standard Extension to Domain Resource for Sourcing Acquired Data ()
  • 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
    • Action: Glen
  • 10184 Linkage vs provenance ()
    • Unclear
  • 10343 Three additional Signature.type codes ()
  • 10408 AuditEvent - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
  • 10409 Provenance - Add ISO/HL7 10781 (EHR-S FM) and ISO 21089 (Trusted End-to-End) to Front Matter ()
  • 10465 Change AuditEvent.purposeOfUse and AuditEvent.agent.purposeOfUse from Coding to CodeableConcept ()
  • 10579 New Security and Privacy "Module" page needs content ()

From September ballot

  • 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
    • Action: John
  • 10382 Provenance activity codes are insufficient/inappropriate ()
  • 10580 How should test data be identified? ()
  • 10581 something should be said about de-identification ()
  • 11071 Improve security label guidance - 2016-09 core #90 ()
  • 11082 Make proposed wording change - 2016-09 core #163 ()
  • 11083 OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity - 2016-09 core #164 ()
  • 11084 Typo - 2016-09 core #165 ()
  • 11141 Specify agent organizational role - 2016-09 core #295 ()

Minutes