This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 WGM MAY 2017 - Madrid Spain AGENDA"
Jump to navigation
Jump to search
valign="top"
JohnMoehrke (talk | contribs) (→AGENDA) |
JohnMoehrke (talk | contribs) (→AGENDA) |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
[http://www.hl7.org/documentcenter/public/brochures/wgm/HL7_WGM_20170317.pdf HL7 MAY WGM Event BROCHURE Link] | [http://www.hl7.org/documentcenter/public/brochures/wgm/HL7_WGM_20170317.pdf HL7 MAY WGM Event BROCHURE Link] | ||
− | [http:// | + | [http://www.hl7.org/documentcenter/public/brochures/wgm/HL7_WGM_20170421.pdf TBD Madrid WGM SITE] |
− | Minutes: [http:// | + | Minutes: [http://wiki.hl7.org/index.php?title=HL7_WGM_MAY_2017_-_Madrid_Spain_Minutes May 2017 Security WGM Minutes Madrid, Spain] |
[[Security|Back to Security Meetings]] | [[Security|Back to Security Meetings]] | ||
Line 43: | Line 43: | ||
||''' Joint CBCC - Security''' | ||''' Joint CBCC - Security''' | ||
* [[May 2017 CBCC Working Group Meeting - Madrid, Spain]] | * [[May 2017 CBCC Working Group Meeting - Madrid, Spain]] | ||
− | ||CBCC|| | + | ||CBCC hosting Security |
+ | ||Alcudia | ||
|- | |- | ||
|-valign="top" | |-valign="top" | ||
Line 49: | Line 50: | ||
|| '''Joint with CBCC – New discussion items and projects''' | || '''Joint with CBCC – New discussion items and projects''' | ||
* [[May 2017 CBCC Working Group Meeting - Madrid, Spain]] | * [[May 2017 CBCC Working Group Meeting - Madrid, Spain]] | ||
− | ||CBCC | + | ||CBCC hosting Security |
− | || | + | ||Alcudia |
|- | |- | ||
|- | |- | ||
Line 69: | Line 70: | ||
** FHIR Privacy and Security Conformance Test Suite Development - Discussions planned for WGM | ** FHIR Privacy and Security Conformance Test Suite Development - Discussions planned for WGM | ||
||Security | ||Security | ||
− | || | + | ||Chinchon |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
Line 77: | Line 78: | ||
*[http://gforge... TF4FA Ballot Material] | *[http://gforge... TF4FA Ballot Material] | ||
||Security | ||Security | ||
− | || | + | ||Chinchon |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
Line 84: | Line 85: | ||
*Josh assigned Core team assistance | *Josh assigned Core team assistance | ||
*[http://hl7-fhir.github.io/pcd/consentdirective.html FHIR Consent Resource] | *[http://hl7-fhir.github.io/pcd/consentdirective.html FHIR Consent Resource] | ||
− | ||CBCC | + | ||CBCC hosting Security, MH |
− | || | + | ||Alcudia |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
| ||||Q4||4:30-6:00 | | ||||Q4||4:30-6:00 | ||
||'''Security WG Project Meeting''' | ||'''Security WG Project Meeting''' | ||
− | * | + | *Bernd Blobel - THEWS [https://www.slideshare.net/iirojan/thews-trusted-ehealth-and-ewelfare-space Trusted eHealth and eWelfare Space] Report on current work: trust calculation and informed trust decisions |
− | |||
− | |||
||Security | ||Security | ||
− | || | + | ||Chinchon |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
|WED||MAY 10||Q1||10:00-11:30 | |WED||MAY 10||Q1||10:00-11:30 | ||
||'''Joint w/ EHR, CBCC, FHIR, SOA, Security''' | ||'''Joint w/ EHR, CBCC, FHIR, SOA, Security''' | ||
− | *Discussion with AEGIS Team on development of a FHIR Privacy, Security, Provenance, and Digital Ledger Technology Conformance Testing Suite. Expectation is that WGs will bring any test cases [e.g., Cascading OAuth for Patient Right of Access] have been developed or input to test cases. | + | *1st hour: Discussion with AEGIS Team on development of a FHIR Privacy, Security, Provenance, and Digital Ledger Technology Conformance Testing Suite. Expectation is that WGs will bring any test cases [e.g., Cascading OAuth for Patient Right of Access] have been developed or input to test cases. |
− | ||Security | + | *Last 30 Minutes: Bernd Blobel will brief us on the imminent need for standards such as the FHIR Security Labeling, and the Provenance and AuditEvent Resources, to meet the EU General Data Protection Regulation requirements in 2018. |
− | || | + | ||EHR hosting Security, CBCC, FHIR-I |
+ | ||Oxford | ||
|- | |- | ||
|-valign="top" | |-valign="top" | ||
Line 108: | Line 108: | ||
* Tentative Agenda Items: | * Tentative Agenda Items: | ||
** PASS Audit topics (joint w Security, CBCC, SOA) | ** PASS Audit topics (joint w Security, CBCC, SOA) | ||
− | ||SOA | + | ||SOA hosting Security |
− | || | + | ||La Puebla |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
Line 124: | Line 124: | ||
*** User using mobile App | *** User using mobile App | ||
*** System-to-system (e.g. organization to organization) | *** System-to-system (e.g. organization to organization) | ||
− | * Introduction to CDS | + | * Introduction to CDS Hooks |
− | **Some points that might not be fully clear why I am interested in | + | **Some points that might not be fully clear why I am interested in CDS Hooks. First, |
− | **the security workgroup knows that we are not experts on medical information. We see the general concept of CDS to be a service that fully understands medical information. Thus we callup the general concept to tell us if there are sensitive health topics. This is what we have encapsulated in the SLS. So, wondering how we can leverage | + | **the security workgroup knows that we are not experts on medical information. We see the general concept of CDS to be a service that fully understands medical information. Thus we callup the general concept to tell us if there are sensitive health topics. This is what we have encapsulated in the SLS. So, wondering how we can leverage CDS Hooks similarly. I think this is what Grahame was referring to with the point about suggesting security tags to the user. It would be best if the user doesn't need to think about security-tags, although they should be able to change them authoritatively with proper authorization. Adding a layer that can transparently assess the data using current CDS knowledge and expertise to apply proper security-tags. |
− | **The other point is that to fully protect healthcare data to the very finegrain level that some envision, we need not only security assessment of the data in create/update, or resting, but also during accessing. Today OAuth scopes are very simplistic (i.e. SMART), but eventually they need to get more detailed and multi-layered. Way beyond what OAuth standards support today. The interpretation of the OAuth security token, relative to the query requested, and the results it uncovers; should be done by some security layer that is aware of FHIR, but is not fundamentally changing the baseline concept that is FHIR. --- So I am looking at what you have done with | + | **The other point is that to fully protect healthcare data to the very finegrain level that some envision, we need not only security assessment of the data in create/update, or resting, but also during accessing. Today OAuth scopes are very simplistic (i.e. SMART), but eventually they need to get more detailed and multi-layered. Way beyond what OAuth standards support today. The interpretation of the OAuth security token, relative to the query requested, and the results it uncovers; should be done by some security layer that is aware of FHIR, but is not fundamentally changing the baseline concept that is FHIR. --- So I am looking at what you have done with CDS Hooks to see if there is something similar that can be done to advance the capability toward more fine grain authorization enforcement. |
**background materials from Kevin Shekleton CDS Hooks slide deck from the HSPC HIT Developers Conference today. presentation was recorded and when available will share that link in the Speaker Deck description for the presentation. | **background materials from Kevin Shekleton CDS Hooks slide deck from the HSPC HIT Developers Conference today. presentation was recorded and when available will share that link in the Speaker Deck description for the presentation. | ||
*** https://speakerdeck.com/kpshek/remote-decision-support-with-cds-hooks-hspc-hit-developers-conference | *** https://speakerdeck.com/kpshek/remote-decision-support-with-cds-hooks-hspc-hit-developers-conference | ||
− | ||Security | + | ||Security hosting FHIR-I |
− | || | + | ||Alcudia |
|-valign="top" | |-valign="top" | ||
| ||||Q4||4:30-6:00 | | ||||Q4||4:30-6:00 | ||
||'''Security WG Project Meeting''' | ||'''Security WG Project Meeting''' | ||
− | * Continue TF4FA Reconciliation | + | * [http://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/PSAF/PSAF%20TF4FA%20May%202017/ballotcomments_V3_PSAF_R1_I2_2017MAY%20Amalgamated%20wo%20BB%20or%20depositions.xls Continue TF4FA Reconciliation] |
* Workgroup Health Update - cont. THU Q2 | * Workgroup Health Update - cont. THU Q2 | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9008/13736/2016%20Jan%20Security%20WG%20Three-Year%20Plan.xlsx Current 3 Yr Plan] | ||
Line 141: | Line 141: | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9381/14666/HL7%20Baltimore%202016%20Security%20WGM%20Governance%20and%20Health.pptx Security Health Report] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9381/14666/HL7%20Baltimore%202016%20Security%20WGM%20Governance%20and%20Health.pptx Security Health Report] | ||
||Security | ||Security | ||
− | || | + | ||Chinchon |
|-valign="top" | |-valign="top" | ||
− | | THU||MAY 11||Q1|| | + | | THU||MAY 11||Q1||10:00-11:30 |
||'''Security Joint with CBCC,FHIR-I''' | ||'''Security Joint with CBCC,FHIR-I''' | ||
*Josh assigned FHIR Core team | *Josh assigned FHIR Core team | ||
+ | *FHIR Priorities (email from Lloyd) http://lists.hl7.org/read/archive?id=312425 | ||
*Continued: FHIR Connectathon Privacy and Security testing scenarios | *Continued: FHIR Connectathon Privacy and Security testing scenarios | ||
− | ||Security | + | *how might [http://build.fhir.org/graphdefinition.html GraphDefinition] be used with Provenance? How might it be used in an Audit Analysis/Reporting? |
− | || | + | *how might a client that get subsetted/redacted data be enabled to do Update/Patch? |
+ | ** Subsetted by _summary | ||
+ | ** Subsetted by some client request (not yet available, is this a FHIR-I work item?) | ||
+ | *** Some mechanism that is based on profiles, where client asks data to be subsetted to the constraints in a profile | ||
+ | ** Subsetted by redaction rules -- where communicating the redaction result | ||
+ | ** So That - when an update happens, the server knows that the client is NOT asking to have the elements missing be removed from the server copy. | ||
+ | ** What might be issues? | ||
+ | * Can we use a general subsetting type of a profile to enable more complete de-identification algorithms. | ||
+ | ||Security hosting CBCC, FHIR-I | ||
+ | ||Marsella | ||
+ | |- | ||
|-valign="top" | |-valign="top" | ||
| ||||Q2||12:00-1:30 | | ||||Q2||12:00-1:30 | ||
Line 155: | Line 166: | ||
** Addition to FHIR Agent value set | ** Addition to FHIR Agent value set | ||
** POU additions - HTEST, Research Consent POUs | ** POU additions - HTEST, Research Consent POUs | ||
− | ** | + | ** Addition to FHIR ProvenanceEvent value set for export, disclose, import, receive, disassemble, decompose, which are in the Lifecycle Event matrix. Needed for Provenance Lifecycle test script. |
||Security | ||Security | ||
− | || | + | ||Chinchon |
|-valign="top" | |-valign="top" | ||
− | | ||||Q3||2:45-4:00 | + | | ||||Q3||2:45-4:00||.||||. |
− | || | + | |- |
− | + | valign="top" | |
− | || | + | | ||||Q4||4:30-6:00||.||||. |
− | || | ||
− | |-valign="top" | ||
− | | ||||Q4|| | ||
− | || | ||
− | |||
− | || | ||
− | || | ||
− | |||
|-valign="top" | |-valign="top" | ||
− | | FRI||MAY 12||Q1|| 10:00-11:30|| | + | | FRI||MAY 12||Q1|| 10:00-11:30||.||||. |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
− | | ||||Q2||12:00-1:30|| | + | | ||||Q2||12:00-1:30||.||||. |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
− | | ||||Q3|| | + | | ||||Q3||2:45-4:00||.||||. |
|- | |- | ||
|-valign="top" | |-valign="top" | ||
− | | ||||Q4||4:30-6:00|| | + | | ||||Q4||4:30-6:00||.||||. |
|} | |} | ||
[[Security|Back to Security Wiki Meetings]] | [[Security|Back to Security Wiki Meetings]] |
Latest revision as of 07:51, 11 May 2017
HL7 MAY WGM Event BROCHURE Link
Minutes: May 2017 Security WGM Minutes Madrid, Spain
AGENDA
Day | Date | Qtr | Time | Event | Session Leader | Room |
SUN | MAY 7 | Q1 | 10:00-11:30 | International Affiliates/Connectathon Report Out | International Affiliates/Connectathon | TBD |
Q2 | 12:00-1:30 | International Affiliates/Connectathon Report Out | International Affiliates/Connectathon | TBD | ||
Q3 | 2:45-4:00 | Cochair FHIR Session | FHIR MG | TBD | ||
Q4 | 4:30-6:00 | Cochair Vocabulary Session | Vocabulary WG | TBD | ||
MON | MAY 8 | Q1 | 10:00-11:30 | . | No Meeting | . |
Q2 | 12:00-1:30 | . | No Meeting | . | ||
Q3 | 2:45-4:00 | Joint CBCC - Security | CBCC hosting Security | Alcudia | ||
Q4 | 4:30-6:00 | Joint with CBCC – New discussion items and projects | CBCC hosting Security | Alcudia | ||
TUE | May 9 | Q1 | 10:00-11:30 | Opening Security WG Meeting
|
Security | Chinchon |
Q2 | 12:00-1:30 | Trust Framework Work Session
|
Security | Chinchon | ||
Q3 | 2:45-4:00 | CBCC FHIR-I Joint on FHIR Consent Resource
|
CBCC hosting Security, MH | Alcudia | ||
Q4 | 4:30-6:00 | Security WG Project Meeting
|
Security | Chinchon | ||
WED | MAY 10 | Q1 | 10:00-11:30 | Joint w/ EHR, CBCC, FHIR, SOA, Security
|
EHR hosting Security, CBCC, FHIR-I | Oxford |
Q2 | 12:00-1:30 | Joint w/ SOA
|
SOA hosting Security | La Puebla | ||
Q3 | 2:45-4:00 | Security WG deep FHIR topics
|
Security hosting FHIR-I | Alcudia | ||
Q4 | 4:30-6:00 | Security WG Project Meeting
|
Security | Chinchon | ||
THU | MAY 11 | Q1 | 10:00-11:30 | Security Joint with CBCC,FHIR-I
|
Security hosting CBCC, FHIR-I | Marsella |
Q2 | 12:00-1:30 | Security WG Project Meeting
|
Security | Chinchon | ||
Q3 | 2:45-4:00 | . | . | |||
Q4 | 4:30-6:00 | . | . | |||
FRI | MAY 12 | Q1 | 10:00-11:30 | . | . | |
Q2 | 12:00-1:30 | . | . | |||
Q3 | 2:45-4:00 | . | . | |||
Q4 | 4:30-6:00 | . | . |
Back to Security Wiki Meetings
Session Type: