This wiki has undergone a migration to Confluence found Here

Difference between revisions of "HL7 FHIR Security 2018-12-11"

From HL7Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by 2 users not shown)
Line 15: Line 15:
 
|-
 
|-
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
||||.||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
+
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
|-
 
|-
Line 26: Line 26:
 
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
 
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
 
|-
 
|-
||  x||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+
||  .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
||||x||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS
+
||||.||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS
||||.||[mailto:Beth.Pumo@kp.org Beth Pumo]
+
||||x||[mailto:Beth.Pumo@kp.org Beth Pumo]
 
|-
 
|-
 
||  .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly]
 
||  .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly]
Line 44: Line 44:
 
||  .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson]
 
||  .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson]
 
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
 
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
||||x||[mailto:mike.davis@va.gov Mike Davis]
+
||||.||[mailto:mike.davis@va.gov Mike Davis]
 +
|-
 +
||  x||[mailto:peter.van.liesdonk@philips.com Peter van Liesdonk]
 +
||||x||[mailto:isaac@epic.com Isaac Vetter]
 +
||||x||[mailto:acg.internasjonal@gmail.com Theresa Ardal Connor]
 
|-
 
|-
 
|}
 
|}
Line 56: Line 60:
 
* FHIRcast review by security wg
 
* FHIRcast review by security wg
 
** Isaac Vetter  
 
** Isaac Vetter  
** chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
+
** Specification: http://fhircast.org/
** GIThub https://github.com/fhircast
+
** Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
 +
** GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security
 
* Review CarePlan FHIR Connectathon and HIMSS demo for impact on FHIR Security/privacy opportunity improvements -- Kathleen
 
* Review CarePlan FHIR Connectathon and HIMSS demo for impact on FHIR Security/privacy opportunity improvements -- Kathleen
 
* Plan for maturing security (and privacy) parts of FHIR -- [http://build.fhir.org/versions.html#maturity FMM]  
 
* Plan for maturing security (and privacy) parts of FHIR -- [http://build.fhir.org/versions.html#maturity FMM]  
Line 73: Line 78:
  
 
==Minutes==
 
==Minutes==
 +
* John chaired
 +
* Agenda reviewed and approved: Kathleen/Beth: unanimous
 +
* approval of [[HL7 FHIR Security 2018-10-30]] , [[HL7 FHIR Security 2018-11-13]] and [[HL7 FHIR Security 2018-12-04]] Minutes
 +
** Motion to approve three minutes: Suzanne/Kathleen: unanimous
 +
* announcements
 +
** FHIR R4 is in Grahame's hands and expected released by the end of the year.
 +
* Isaac reviewed FHIR cast
 +
** Specification: http://fhircast.org/
 +
** Chat stream https://chat.fhir.org/#narrow/stream/118-FHIRcast
 +
** GitHub: https://github.com/fhircast/docs and list of security-related issues: https://github.com/fhircast/docs/labels/security
 +
** Uses W3C web-sub
 +
*** a spec that is used for web content distribution
 +
*** a standards based rest-hook
 +
*** https://www.w3.org/TR/websub/
 +
**** See Websub security considerations https://www.w3.org/TR/websub/#security-considerations
 +
** the hub has last say on context switches, and is usually provided by the dominant software. Often the EHR.
 +
** Recommendation
 +
*** Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
 +
**** Elevating to SHALL the use of HTTPS, BCP195, and SHA-256
 +
*** Address Audit Logging
 +
**** May be a responsibility of the hub to record approved context changes
 +
**** May be addressed through a subscribing app that does nothing but record context changes
 +
** Two issues that have been discussed on the FHIR cast github were discussed
 +
*** https://github.com/fhircast/docs/labels/security
 +
* Adjourned 60 minutes

Latest revision as of 20:30, 11 December 2018

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
x Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan Coleman CBCC co-chair . Chris Shawn Security co-chair
. Jim Kretz . Kenneth Salyards . Nathan Botts Mobile co-chair
. Diana Proud-Madruga . Joe Lamy AEGIS x Beth Pumo
. Irina Connelly . Matt Blackman Sequoia . Mark Underwood NIST
. Peter Bachman . Grahame Greve FHIR Program Director . Kevin Shekleton (Cerner, CDS Hooks)
. Luis Maas . Julie Maas . Francisco Jauregui
. Gary Dickinson . Dave Silver . Mike Davis
x Peter van Liesdonk x Isaac Vetter x Theresa Ardal Connor

Agenda


ACTIONS

references

Minutes