This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-4-26"

From HL7Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 47: Line 47:
  
 
==Agenda==
 
==Agenda==
*Roll; approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-4-19 April 19, 2016 minutes] **Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
+
*Roll; approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-4-19 April 19, 2016 minutes]  
 +
 
 +
**Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
 
*Review CPs
 
*Review CPs
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 CP 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes] Details: the HCS defines confidentiality as just the _confidentiality codes. Yet this page points a a valueset with them all. Should be just a valueset with just _confidentialiity codes. Others have used this confidentiality value-set so would also need to fixup them. KC - not sure what this one is about – and where was it triaged to? [per CP status]
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 CP 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes] Details: the HCS defines confidentiality as just the _confidentiality codes. Yet this page points a a valueset with them all. Should be just a valueset with just _confidentialiity codes. Others have used this confidentiality value-set so would also need to fixup them. KC - not sure what this one is about – and where was it triaged to? [per CP status]
Line 70: Line 72:
  
 
==RE: potential Agent and other S&P actor role value sets==
 
==RE: potential Agent and other S&P actor role value sets==
Call participants agreed that the several CPs related to adding examples of organizational/jurisdictional Agent/Actor Role Types should include an implementer option to create intra/inter Actor value sets based on SNOMED Role Codes or RBAC/ABAC Functional Role [aka Permissions = Object* Action * Structural Role (RBAC) and Security Label/Relationshp Attributes,for ABAC] appropved combining alighned responses to related CPs into a new CP FHIR several CPs  
+
Call participants agreed that the several CPs related to adding examples of organizational/jurisdictional Agent/Actor Role Types should include an implementer option to create intra/inter Actor value sets based on SNOMED Role Codes or RBAC/ABAC Functional Role [aka Permissions = Object* Action * Structural Role (RBAC) and Security Label/Relationshp Attributes,for ABAC] appropved combining aligned responses to related CPs into a new CP FHIR several CPs  
 
* [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 CP 3318 Clarify how to use RBAC and ABAC using FHIR]
 
* [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 CP 3318 Clarify how to use RBAC and ABAC using FHIR]
 
* [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 CP 9042 Add RBAC as value set for AuditEvent.participant.role]
 
* [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 CP 9042 Add RBAC as value set for AuditEvent.participant.role]
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 CP 9043 Add ABAC as alternative value set for AuditEvent.participant.role]  
+
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 CP 9043 Add ABAC as alternative value set for AuditEvent.participant.role]
*CP 9043 Add ABAC as alternative value set for AuditEvent.participant.role
 

Latest revision as of 21:09, 3 May 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
. John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
x Diana Proud-Madruga . Beth Pumo . Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

Minutes

  • Kathleen Chaired. Agenda approved by consensus. Minutes approved 3-0-0 [Glen moved; Suzanne seconded]

RE CP 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, submitted by John Moehrke: "the HCS defines confidentiality as just the _confidentiality codes. Yet this page points a a valueset with them all. Should be just a valueset with just _confidentialiity codes. Others have used this confidentiality value-set so would also need to fixup them." We agree with John that there is an issue. We checked Core Security Labels, which references confidentiality codes (system = http://hl7.org/fhir/v3/Confidentiality.

  • This is code system includes deprecated sensitivity codes, and was revised when the HL7 Privacy and Security Healthcare Classification System [HCS] vocabulary was adopted. The deprecated codes [business, clinician, individual, substance abuse related,HIV related, psychiatry related, sexual and domestic violence related, celebrity, sensitive, taboo], which meet HCS definition of Sensitivty, were moved to a Sensitivity code system.
  • The correct reference to the Confidentiality code system should be to Security Label
    • We agreed that the CP should be updated with this information and request that the deprecated codes be removed so that both the Core Security Label description of Confidentiality codes, and the reference on the Security Label , which includes the correct codes but references to it land readers at the correct Confidentiality code system.
  • ACTION: KC to update the CP with these observations/recommendation.

RE: potential Agent and other S&P actor role value sets

Call participants agreed that the several CPs related to adding examples of organizational/jurisdictional Agent/Actor Role Types should include an implementer option to create intra/inter Actor value sets based on SNOMED Role Codes or RBAC/ABAC Functional Role [aka Permissions = Object* Action * Structural Role (RBAC) and Security Label/Relationshp Attributes,for ABAC] appropved combining aligned responses to related CPs into a new CP FHIR several CPs