This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

November 19, 2018 GDPR whitepaper on FHIR call

From HL7Wiki
Revision as of 15:25, 19 November 2018 by Alexander Mense (talk | contribs)
Jump to navigation Jump to search

Back to Security GDPR Page


x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair . Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair . David Pyke PCBP Co-Chair . Giorgio Cangioli . Joe Lamy
. Peter van Liesdonk . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security GDPR Page


  1. (5 min) Roll Call, Agenda Approval
  2. (10 min) Presentation Proposal "Purpose of Processing" (Peter) (link:
  3. (20 min) Harmonization discussion - PoU vs. Purpose of Processing
  4. (10 min) Uses cases (Georgio)
  5. (5 min) Reminder - issues from WGM:

Are update events to be reported in a transparency report? Depth of Provenance

Operations: Grahams to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... Is there a need for it to report what it deleted? Or what it didn't? It does need to report external recipients Is it necessary tp report what was deleted? Operation for transparency: search on AuditEvents?

Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.

We might need to address Break-Glass as a healthcare safety mechanism.


Harmonization proposal:

Link to Confluence page:

Meeting Minutes (DRAFT)