Difference between revisions of "HL7 FHIR security topics"
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
Line 17: | Line 17: | ||
== Agenda and Minutes== | == Agenda and Minutes== | ||
− | *[[HL7 FHIR Security 2016-8- | + | *[[HL7 FHIR Security 2016-8-30]] |
+ | * August 23, 2016 - Canceled | ||
* August 16, 2016 - Canceled | * August 16, 2016 - Canceled | ||
*[[HL7 FHIR Security 2016-8-9]] | *[[HL7 FHIR Security 2016-8-9]] |
Revision as of 17:38, 23 August 2016
Contents
- 1 Call Logistics
- 2 Scope: Develop and Maintain FHIR Security Resources
- 3 Agenda and Minutes
- 4 Export from Gforge Security Open
- 5 Provenance
- 6 AuditEvent
- 7 Security Pages
- 8 Signatures Datatype
- 9 Not Security WG, but are listed as interested party
- 10 Relation of Provenance and Audit Event, and Security Labels
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Scope: Develop and Maintain FHIR Security Resources
Project ID 1209 This project will identify and define resources, terminology, profiles, extensions as well as security label metadata necessary to support Healthcare Security and Privacy requirements. These requirements include those identified by international domains as articulated in legislation, policy, related standards, and those documented in HL7 Privacy and Security related domain analysis, architectural frameworks, services, and functional models, and various v2, v3, CDA, and FHIR interchange specifications. Specifically, this includes the AuditEvent resource, Provenance resource, Signature datatype, assigned to Security by the FMG as well as profiles and implementation guides created against these resources. The development and maintenance of these artifacts will be conducted in collaboration with other relevant domain work groups as outlined in the Security WG mission and charter. The Security WG will develop guidance regarding use of HL7 Security Standards (e.g. Role and Attribute-based access controls and vocabularies. In addition, the Security WG will work with appropriate external standards organizations to develop appropriate guidance on the use of general purpose security technologies, such as user authentication and authorization, that would aid with the secure and privacy protecting use of FHIR; and guide the FHIR community on the appropriate use of these solutions through the security pages of the FHIR specification, assigned to Security WG by the FMG.
Agenda and Minutes
- HL7 FHIR Security 2016-8-30
- August 23, 2016 - Canceled
- August 16, 2016 - Canceled
- HL7 FHIR Security 2016-8-9
- August 2 2016 - Canceled
- July 26 2016 - Canceled
- HL7 FHIR Security 2016-7-19
- HL7 FHIR Security 2016-7-12
- July 5 2016 - Canceled
- HL7 FHIR Security 2016-6-28
- HL7 FHIR Security 2016-6-21
- HL7 FHIR Security 2016-6-14
- HL7 FHIR Security 2016-6-07
- HL7 FHIR Security 2016-5-31
- HL7 FHIR Security 2016-5-24
- HL7 FHIR Security 2016-5-3
- HL7 FHIR Security 2016-4-26
- HL7 FHIR Security 2016-4-19
- HL7 FHIR Security 2016-4-12
- HL7 FHIR Security 2016-4-5
- HL7 FHIR Security 2016-3-29
- HL7 FHIR Security 2016-3-22
- HL7 FHIR Security 2016-3-15
- HL7 FHIR Security 2016-3-8
- HL7 FHIR Security 2016-3-1
- HL7 FHIR Security 2016-2-23
- HL7 FHIR Security 2016-2-16
- HL7 FHIR Security 2016-2-02
- HL7 FHIR Security 2016-01-26
- HL7 FHIR Security 2016-01-05
- HL7 FHIR Security 2015-12-29
- HL7 FHIR Security 2015-12-22
- HL7 FHIR Security 2015-12-15
- HL7 FHIR Security 2015-12-08
- HL7 FHIR Security 2015-12-01
- HL7 FHIR Security 2015-11-24
- HL7 FHIR Security 2015-11-17
- HL7 FHIR Security 2015-11-10
Export from Gforge Security Open
FHIR disposition link on gForge for review/discussion (ongoing weekly agenda item)
John moved the items from November 3rd, 2015 gForge export and distributed them to the various parts: Provenance, AuditEvent, Security pages, and Signature.
Provenance
HL7 FHIR Provenance Resource Project Work
AuditEvent
HL7 FHIR AuditEvent Resource Project Work
Security Pages
- Security pages
- Including guidance on Authentication and Authorization
- Security Labels Page
- including meta tag use for security labels
- from GForge
Signatures Datatype
- Signature Data Type
- from GForge
Not Security WG, but are listed as interested party
- 5525 Consent Directive does not appear to be aligned with the 80% ()
Relation of Provenance and Audit Event, and Security Labels
- Who records Provenance vs AuditEvent; what are the various architectures. The important point is to assure that the architecture chosen doesn't miss information.
- Risks to Confidentiality, Integrity, and Availability.
- Role of W5
- Privacy Consent as a profile on Contract