This wiki has undergone a migration to Confluence found Here

Difference between revisions of "HL7 FHIR Security 2018-10-23"

From HL7Wiki
Jump to navigation Jump to search
(Created page with " * Blockchain and FHIR use-cases as presented by Abagail Watson at the HL7 WGM. Link to the PDF version on their Google Drive. Link sharing is on, and that should be able to ...")
 
Line 1: Line 1:
 +
==Call Logistics==
 +
Weekly:
 +
'''Tuesday at 02:00 pm EST'''
 +
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36
 +
Online Meeting ID: security36
 +
Phone: +1 515-604-9567, Participant Code: 880898
 +
''' ''Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes'' '''
 +
 +
[[HL7 FHIR security topics|Back to HL7 FHIR security topics]]
  
* Blockchain and FHIR use-cases as presented by Abagail Watson at the HL7 WGM. Link to the PDF version on their Google Drive.  Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. https://drive.google.com/file/d/1nejDmLo_LJkSnSvwGplL_uv7zDGXo9CG/view?usp=sharing
+
==Attendees==
 +
{| class="wikitable"
 +
|-
 +
! ||'''Member Name'''|| !!  ||'''Member Name''' !!|| ||'''Member Name''' !!
 +
|-
 +
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 +
||||.||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 +
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 +
|-
 +
||  x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair 
 +
||||.||[mailto:jc@securityrs.com Johnathan Coleman] CBCC co-chair
 +
||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair
 +
|-
 +
||  .||[mailto:jim.kretz@samhsa.hhs.gov Jim Kretz]
 +
||||.||[mailto:kenneth.salyards@samhsa.hhs.gov Kenneth Salyards]
 +
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
 +
|-
 +
||  x||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 +
||||x||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS
 +
||||.||[mailto:Beth.Pumo@kp.org Beth Pumo]
 +
|-
 +
||  .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly]
 +
||||.||[mailto:mblackmon@sequoiaproject.org  Matt Blackman] Sequoia
 +
||||.||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST
 +
|-
 +
||  .||[mailto:pbspamfilteracct@gmail.com Peter Bachman]
 +
||||.||[mailto:grahame@hl7.org Grahame Greve] FHIR Program Director
 +
||||.||Kevin Shekleton (Cerner, CDS Hooks)
 +
|-
 +
||  .||[mailto:lcmaas@emrdirect.com Luis Maas]
 +
||||.||[mailto:julie@emrdirect.com Julie Maas]
 +
||||.||[mailto:fjauregui@electrosoft-inc.com Francisco Jauregui]
 +
|-
 +
||  .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson]
 +
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
 +
||||x||[mailto:mike.davis@va.gov Mike Davis]
 +
|-
 +
|}
 +
 
 +
==Agenda==
 +
*Roll;
 +
* approval of agenda
 +
* approval of [[HL7 FHIR Security 2018-09-04]] Minutes
 +
* Announcements
 +
** Blockchain and FHIR use-cases as presented by Abagail Watson at the HL7 WGM. Link to the PDF version on their Google Drive.  Link sharing is on, and that should be able to handle as much traffic as we can throw at it; and we can point at it from blog posts, the Symptomatic website, and elsewhere. [https://drive.google.com/file/d/1nejDmLo_LJkSnSvwGplL_uv7zDGXo9CG/view?usp=sharing link]
 +
** TBD?
 +
* Process for "Security and Privacy Considerations" section
 +
* Plan for maturing security (and privacy) parts of FHIR -- [http://build.fhir.org/versions.html#maturity FMM]
 +
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
 +
* New business
 +
 
 +
 
 +
=== ACTIONS ===
 +
* John - forward safety checklist updates with explanation to FHIR-I
 +
* John - propose next steps on "Security Considerations" on each FHIR page
 +
* John - bring proposal to Grahame to see how the FHIR build tools can aid us
 +
 
 +
=== Security Considerations on each page ===
 +
Classification of the various FHIR Resources according to their intended use-case security/privacy sensitivity. It is inspired by some who have approached me wanting on each page a Security Considerations section, that I think is highly redundant. I am thinking of something similar to how compartment is handled in that a Resource can be multi-classified, but that most of the security considerations are on those classification pages with only resource specifics on the resource pages. Hoping the FHIR build can assist with this automation.
 +
 
 +
* General sensitivity:
 +
** All resources can contain sensitive information, these groups are only general expectations based on the Resource intended use-case
 +
** Public/Infrastructure, --- Should be Public and not sensitive themselves, but care as inappropriate use might put sensitive information within
 +
*** Bundle, Linage, MessageHeader, OperationOutcome, Parameters, Subscription, CapabilityStatement, StructureDefinition, ImplementationGuide, SearchParameters, MessageDefinition, OperationDefinition, CompartmentDefinition, StrucureMap, GraphDefinition, ExampleScenario, CodeSystem, ValueSet, ConceptMap, NamingSystem, TermininologyCapability, Library, Questioniare, ActivityDefinition, DeviceDefinition, EntryDefinition, EventDefinition, ObservationDefinition, PlanDefinition, SpecimenDefinition, TestScript, TestReport
 +
** Business-Sensitive,  --- Mostly Public and not sensitive, but care as they may contain business sensitive
 +
*** Organization, OrganizationAlliliation, HealthcareServices, Endpoint, Location, Substance, BiologicallyDerivedProduct, Device, DeviceMetric, Task,  PractitionerRole, Schedule, Slot, ProcessRequest, ProcessResponse, Measure, MeasureReport
 +
*** all of the Financial ????
 +
*** all of the Medication Definition ???
 +
** Provider-Sensitive, --- Provider identified data, may be appropriate to release for specific use-cases, but does expose the provider individual
 +
*** Appointment, AppointmentResponse, Practitioner, PractitionerRole, Person, CareTeam
 +
*** all Patient-Sensitive
 +
*** all of the Financial
 +
** Patient-Sensitive
 +
*** Patient, RelatedPerson, Person, Encounter, EpisodeOfCare, Flag
 +
*** all of the Clinical
 +
*** all of the Financial
 +
** Unknowable -- Could contain anything, thus might be public or might be highly sensitive
 +
*** Binary, List, Group, QuestionaireResponse
 +
 
 +
==== resources====
 +
* To focus on FHIR as a scoping mechanism. That is to say that this effort could be applied everywhere, but we need to start somewhere. There has been some interest for this kind of review in FHIR.
 +
** Person resource http://build.fhir.org/person.html#security
 +
* Much like IETF has with W3C PING?
 +
** W3C PING https://w3c.github.io/privacy-considerations/
 +
** W3C specification for writing Privacy Considerations http://yrlesru.github.io/SPA/
 +
** W3C Self-Review Questionnaire: Security and Privacy https://www.w3.org/TR/security-privacy-questionnaire/
 +
* IETF guidance on writing the Security Considerations section https://tools.ietf.org/html/rfc3552
 +
* IETF guidance on writing a protocol module -- a description of your standard so that an analysis can be made https://tools.ietf.org/html/rfc4101
 +
* Could try to apply W3C process without customization to see how well it applies?
 +
** W3C Self-Review Questionnaire: Security and Privacy -- GITHUB active version https://w3ctag.github.io/security-questionnaire/
 +
** Note not all FHIR resources are sensitive, some are intended to be publicly exposed.
 +
 
 +
=== references ===
 +
* stream for Security and Privacy discussions. Specification development, and Implementation.
 +
** https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy
 +
* stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
 +
** https://chat.fhir.org/#narrow/stream/patient.20empowerment
 +
* Proposed FHIR Connectathon track for Cologne -- GDPR
 +
** http://wiki.hl7.org/index.php?title=201805_GDPR
 +
* Blockchain FHIR Connectathon
 +
** Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
 +
** See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
 +
* Certificate Management
 +
** Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Do.20we.20need.20to.20say.20anything.20about.20Certificate.20Management
 +
* Improvement beyond SMART scopes
 +
** Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Improvement.20beyond.20SMART.20scopes
 +
* Patient Directed backend communication
 +
** Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/Patient.20directed.20backend.20communication
 +
* Oauth App Registration
 +
** Zulip chat https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy/subject/OAuth.20App.20Registration
 +
 
 +
 
 +
=== Current Open issues in gForge ===
 +
 
 +
see gForge
 +
 
 +
==Minutes==
 +
* John chaired

Revision as of 13:11, 23 October 2018

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair . Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
x Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan Coleman CBCC co-chair . Chris Shawn Security co-chair
. Jim Kretz . Kenneth Salyards . Nathan Botts Mobile co-chair
x Diana Proud-Madruga x Joe Lamy AEGIS . Beth Pumo
. Irina Connelly . Matt Blackman Sequoia . Mark Underwood NIST
. Peter Bachman . Grahame Greve FHIR Program Director . Kevin Shekleton (Cerner, CDS Hooks)
. Luis Maas . Julie Maas . Francisco Jauregui
. Gary Dickinson . Dave Silver x Mike Davis

Agenda


ACTIONS

  • John - forward safety checklist updates with explanation to FHIR-I
  • John - propose next steps on "Security Considerations" on each FHIR page
  • John - bring proposal to Grahame to see how the FHIR build tools can aid us

Security Considerations on each page

Classification of the various FHIR Resources according to their intended use-case security/privacy sensitivity. It is inspired by some who have approached me wanting on each page a Security Considerations section, that I think is highly redundant. I am thinking of something similar to how compartment is handled in that a Resource can be multi-classified, but that most of the security considerations are on those classification pages with only resource specifics on the resource pages. Hoping the FHIR build can assist with this automation.

  • General sensitivity:
    • All resources can contain sensitive information, these groups are only general expectations based on the Resource intended use-case
    • Public/Infrastructure, --- Should be Public and not sensitive themselves, but care as inappropriate use might put sensitive information within
      • Bundle, Linage, MessageHeader, OperationOutcome, Parameters, Subscription, CapabilityStatement, StructureDefinition, ImplementationGuide, SearchParameters, MessageDefinition, OperationDefinition, CompartmentDefinition, StrucureMap, GraphDefinition, ExampleScenario, CodeSystem, ValueSet, ConceptMap, NamingSystem, TermininologyCapability, Library, Questioniare, ActivityDefinition, DeviceDefinition, EntryDefinition, EventDefinition, ObservationDefinition, PlanDefinition, SpecimenDefinition, TestScript, TestReport
    • Business-Sensitive, --- Mostly Public and not sensitive, but care as they may contain business sensitive
      • Organization, OrganizationAlliliation, HealthcareServices, Endpoint, Location, Substance, BiologicallyDerivedProduct, Device, DeviceMetric, Task, PractitionerRole, Schedule, Slot, ProcessRequest, ProcessResponse, Measure, MeasureReport
      • all of the Financial ????
      • all of the Medication Definition ???
    • Provider-Sensitive, --- Provider identified data, may be appropriate to release for specific use-cases, but does expose the provider individual
      • Appointment, AppointmentResponse, Practitioner, PractitionerRole, Person, CareTeam
      • all Patient-Sensitive
      • all of the Financial
    • Patient-Sensitive
      • Patient, RelatedPerson, Person, Encounter, EpisodeOfCare, Flag
      • all of the Clinical
      • all of the Financial
    • Unknowable -- Could contain anything, thus might be public or might be highly sensitive
      • Binary, List, Group, QuestionaireResponse

resources

references


Current Open issues in gForge

see gForge

Minutes

  • John chaired