Skip to end of metadata
Go to start of metadata

Chair:  John Moehrke

Scribe: John Moehrke  


Mondays at 12:00 pm Eastern Time 

Zoom Client Download 

https://zoom.us/j/6754075337

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet

Attendees


Minutes Approved as Presented 2020-09-14 FHIR-Security Meeting Agenda

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."


Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Management Minutes Approvalapproved by general consent

news


HAPI

Notice what HAPI has done for security. Is there something we should learn for Permission or Consent? This seems to be defining a declarative language for FHIR specific rules.

See general HAPI security

See HAPI  RuleBuilder()

likely not directly usable as this is a java implementation of a rule system.

Is there something useful already in RuleBuilder that can't yet be expressed in Consent or Permission?


WGM 

updates from WGM

Kathleen Connor update?

ONC discussion

Mohammad experience with access control decision service

Device vendors looking to leverage EHR 



Consult from PDex

Use of Provenance in PDex

Robert Dieterle update?


will be adding the type extension of source within .entity

will look to recommend entity.what in next generation after the group matures



FASTpurposeOfUse subset on the request as a promise to not use the data returned beyond the subset.

argonaut has it as a token attribute and is adding this to fine grain access control

IHE- IUA has it as a token attribute and is adding this to IUA scope

http header web-category https://tools.ietf.org/html/draft-johnston-http-category-header-02

use of a Permission resource – not yet diagramed, but discussed that Permission could be used for more complex request context


Projects

Permission Resource

http://build.fhir.org/permission is prototyped

FHIR Permission - for use-case submission and analysis





FHIR IG Proposal for gov work (confluence and build shown in github readme)

https://github.com/HL7/us-security-label-regs 





FHIR IG for DS4P 

https://github.com/HL7/fhir-security-label-ds4p

Confluence: FHIR DS4P IG

T Key Summary Assignee Reporter P Status Resolution Created Updated Due
Loading...
Refresh





discussion of next generation of SMART

https://chat.fhir.org/#narrow/stream/179175-argonaut/topic/Scopes.20for.20data.20access


discussion document bit.ly/argo20-granular




In Process




FHIR-24907 - Getting issue details... STATUS

waiting on iso – some movement as ISO has not provided the document. BUT still not clear if licensing is clean. 


FHIR-24676 - Getting issue details... STATUS

waiting on M&M to give modeling guidance

Block Vote




Open Items

T Key Summary Assignee Reporter P Status Resolution Created Updated Due
Loading...
Refresh









FHIR BlockBlock vote preparation



none







FMMDefined plan to mature


Connectathon Update on Security at FHIR connectathon












Management Next agenda


New Business




 Adjournment

55 minutes

Supporting Documents

Outline Reference

Supporting Document

Minute Approval

 


Tasks