This wiki has undergone a migration to Confluence found Here

Difference between revisions of "November 19, 2018 GDPR whitepaper on FHIR call"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "Back to Security GDPR Page ==Attendees== {| class="wikitable" |- !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||''...")
 
Line 13: Line 13:
 
|-.
 
|-.
 
||  .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
 
||  .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
||||.|| [mailto:david.pyke@readycomputing.com David Pyke]
+
||||.|| [mailto:david.pyke@readycomputing.com David Pyke] PCBP Co-Chair
 
||||.|| [mailto:giorgio.cangioli@gmail.com Giorgio Cangioli]
 
||||.|| [mailto:giorgio.cangioli@gmail.com Giorgio Cangioli]
 
||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy]
 
||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy]

Revision as of 15:25, 19 November 2018

Back to Security GDPR Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair . Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair . David Pyke PCBP Co-Chair . Giorgio Cangioli . Joe Lamy
. Peter van Liesdonk . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security GDPR Page

Agenda

  1. (5 min) Roll Call, Agenda Approval
  2. (10 min) Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing)
  3. (20 min) Harmonization discussion - PoU vs. Purpose of Processing
  4. (10 min) Uses cases (Georgio)
  5. (5 min) Reminder - issues from WGM:

Are update events to be reported in a transparency report? Depth of Provenance

Operations: Grahams to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... Is there a need for it to report what it deleted? Or what it didn't? It does need to report external recipients Is it necessary tp report what was deleted? Operation for transparency: search on AuditEvents?

Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.

We might need to address Break-Glass as a healthcare safety mechanism.


Links:

Harmonization proposal:

https://gforge.hl7.org/gf/project/security/docman/Harmonization/Nov%202018%20Harmonization/2018JulyHARM%20Initial%20PROPOSAL%20SECURITY%20v3%20and%20v2%20Table%200717%20Privacy%20Law%20and%20Consent%20Directive%20codes%20v2%20GDPR.doc

https://gdpr-info.eu/art-6-gdpr/

https://gdpr-info.eu/art-9-gdpr/

Link to Confluence page: http://confluence.hl7.org/display/SEC/FHIR+-+GDPR

Meeting Minutes (DRAFT)