HL7 FHIR Security 2016-5-31

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Agenda

• Roll;
• approval of agenda and the May 5, 2016 minutes
• approval of agenda and the May 24, 2016 minutes
• FMM evaluation vs desire
  • email from David Hay - What would help us a lot is to understand from each committee what level they believe the resources they are responsible for should be at. In particular we’re looking for resources that the committees believe are reasonably mature (say level 2 or3) but are being blocked by insufficient vendor experience, as this is a pre-requisite for advancing in FMM levels. We can then use that information to encourage vendor activity – or find out what in a more targeted way is being used in the community.
  • FMM levels http://hl7-fhir.github.io/resource.html#maturity
  • FMM evaluation -- community desire -- https://docs.google.com/spreadsheets/d/1QJXTTUbvSHkf8GgLY3Dxyv8BMAxzoIpgJcg9-0DFHVI
    • AuditEvnt - 9/37 voters, vote average 3.8
      • Current is 2
    • Provenance - 7/37 voters, vote average 2.7
      • Current is 1
• Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?
• Discussion around _confidentiality code vocabulary.
• 9840 Provenance.entity.provenance (Kathleen Connor) None
• update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
• TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
• TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
• New items - nothing new
• Prepare for a block vote for next week -- 9919, 10046,

All Security Open

*3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
*6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
*7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
*9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
*9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
*9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
*9150 Provenance TODO section cleanup (John Moehrke) None
*9151 AuditEvent has TODO section to be removed (John Moehrke) None
*9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
*9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
*9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
*9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
*9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
*9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
*9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
*9840 Provenance.entity.provenance (Kathleen Connor) None
*9919 Add parameters to AuditEvent (John Moehrke) None
*9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
*10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None

Minutes