Skip to end of metadata
Go to start of metadata

Title of item up for approval w/linkVoteDecision
SMART Web Messaging PSS

Project Approval Request

Choices Your Vote Current Result: (7 Total Votes)
abstain Project Approval Request
0 Votes , 0%
affirmative Project Approval Request
7 Votes , 100%
negative Project Approval Request
0 Votes , 0%
refer to telecon Project Approval Request
0 Votes , 0%



Status

APPROVED

Moved-SecondAndrew Statler-SD / Paul Knapp - ITS 
Affirm-Negative-Abstain
Date

May 08, 2020 13:59

Owner
Project Insight ID


7 Comments

  1. Mobile Health has reviewed and votes to affirm, only comment need to assess security concerns (GDPR, HIPPA, FERPA) at Implementation.

  2. The link to the project repository returns a 404 to https://github.com/hl7/smart-web-messaging and searching for SMART didn't show the repository.

  3. Agree with Matthew that this PSS needs to assess security concerns (GDPR, HIPPA, FERPA) at Implementation.

    Security WG is concerned that 3c. Security Risk is still blank.  Please address this entry. 

    Not sure the PSS is valid unless addressed in some way.

  4. Paul Knapp Searching and link is now working. 

    re: Security

    Does this only apply when HL7 provides a piece of software? My memory is this field got added after Josh Mandel identified a security risk in the CDA.xsl. 

    I agree security review is important at implementation, but I don't quite understand the 'inherent risk' in the standard, it's at deployment. SMART on FHIR didn't mark this yes. Maybe John Moehrke has memory of why this wasn't checked.


  5. The security line in the PSS is limited to asking if there will be executable code (javascrypt) provided as part of the publication. This was added to the PSS years ago when the CDA project produced a stylesheet (code) that was not protected against code injection. 

    PSS Appendix A - Instructions#SecurityRisks

    The field does need to be filled with either YES, NO, or Unknown.


    I don't think this is a good question now days, but it is the question we have on the PSS today.

  6. Thank John Moehrke. I have updated to a no.

  7. FYI - MaxOverD is Andrew Statler is Structured Documents