October 22, 2018 GDPR whitepaper on FHIR call
|x||Member Name||x||Member Name||x||Member Name||x||Member Name|
|.||John Moehrke Security Co-chair||.||Kathleen Connor Security Co-chair||.||Alexander Mense Security Co-chair||.||Trish Williams Security Co-chair|
|.||Christopher Shawn Security Co-chair||.||David Pyke||.||Giorgio Cangioli||.||Joe Lamy|
|.||[mailto: ]||.||[mailto: ]||.||[mailto: ]||.||[mailto: ]|
- (5 min) Roll Call, Agenda Approval
- (10 min) Need for / granularity use cases (care plan, IPS)
- (5 min) Issues from WGM:
Are update events to be reported in a transparency report? Depth of Provenance
Operations: Grahams to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... Is there a need for it to report what it deleted? Or what it didn't? It does need to report external recipients Is it necessary tp report what was deleted? Operation for transparency: search on AuditEvents?
Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.
We might need to address Break-Glass as a healthcare safety mechanism.
- (20 min) Discussion on GDPR Purpose of use codes (Kathleen)
Link to Confluence page: http://confluence.hl7.org/display/SEC/FHIR+-+GDPR