Difference between revisions of "HL7 FHIR Security 2016-6-28"

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try: 
https://global.gotomeeting.com/join/520841173  
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Agenda

• Roll;
• approval of agenda
• approval of the June 21, 2016 minutes
• FHIR spec was updated from two weeks ago approved CPs, so please review for mistakes.
• How should 'test-data' be identified? Is this a legitimate use of security-tags?
  • It is clear that security-tags already support de-identified methods. The question is specifically about completely fabricated data.
  • See FHIR chat thread https://chat.fhir.org/#narrow/stream/implementers/topic/Distinguishing.20test.20patients
• De-Identification topics
  • mobile health workgroup http://lists.hl7.org/read/messages?id=297060
  • FHIR chat https://chat.fhir.org/#narrow/stream/implementers/topic/De-identification.20mechanisms.20in.20FHIR
• Update on action items
• 9563 Add onBehalfOf to Signature datatype ()
  • Proposal edited last week is in the current build
  • http://hl7-fhir.github.io/datatypes.html#Signature
• 9564 -- assigned to John -- following the discussion in the CP
  • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? ()
• 7568 -- assigned to Kathleen, seems this should be satisfid by 9840? -- following the discussion in the CP
  • 7568 2015May core #859 - How are agent and activity linked? ()
• 3318 -- assigned to Rick to work with Mike -- following the discussion in the CP
  • 3318 Clarify how to use RBAC and ABAC using FHIR ()
• 9042, 9043, 9052 -- assigned to Kathleen, she has the XML almost ready to go
  • 9042 Add RBAC as value set for AuditEvent.participant.role ()
  • 9043 Add ABAC as alternative value set for AuditEvent.participant.role ()
  • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role ()
• 9167 -- assigned to John, only creating an example AuditEvent -- following the discussion in the CP
  • 9167 AuditEvent needs to make more obvious how to record a break-glass event ()
• 9996 -- assigned to Glen -- following the discussion in the CP
  • 9996 Using Provenance resource to annotate content derived from non-FHIR sources ()
• FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
• Discussion with Mario on getting prepared for next connectathon
  • What use-case should we focus on? (Lab vs Financial vs Patient)
• Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
  • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None

• Prepare for a block vote for next week --
  • 9563 Add onBehalfOf to Signature datatype ()

Minutes

• John Chair
• Approved Agenda
• Approved minutes from 21st.
• Gary identified a typo -> GF#10254
• 9563 is prototyped and part of upcoming block vote
• 9564 John is working on it
• discussed 3318
  • Added question in followup around how strict the ABAC definition needs to be.
  • Action: John to poke Rick
• Discussion on 9996
  • See threaded discussion on the FHIR Chat
  • https://chat.fhir.org/#narrow/stream/implementers/topic/Provenance.20resource.20for.20Middleware
  • Oliver has some questions regarding proper use of assembler, composer, and author
  • Encouraged discussion on the chat as Glen is the owner of the CP and he is not on right now.
• EHR Record Lifecycle IG
  • Gary has shared a draft word document with updates.
  • He is aligning with current build (the changes we have done with Provenance and AuditEvent)