Skip to end of metadata
Go to start of metadata

Chair:  John Moehrke

Scribe: John Moehrke  

Mondays at 12:00 pm Eastern Time 

Zoom Client Download

Meeting ID: 675 407 5337

Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337

Zoom Tip Sheet


Minutes Approved as Presented 2020-09-14 FHIR-Security Meeting Agenda

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Management Minutes Approvalapproved by general consent



Notice what HAPI has done for security. Is there something we should learn for Permission or Consent? This seems to be defining a declarative language for FHIR specific rules.

See general HAPI security

See HAPI  RuleBuilder()

likely not directly usable as this is a java implementation of a rule system.

Is there something useful already in RuleBuilder that can't yet be expressed in Consent or Permission?


updates from WGM

Kathleen Connor update?

ONC discussion

Mohammad experience with access control decision service

Device vendors looking to leverage EHR 

Consult from PDex

Use of Provenance in PDex

Robert Dieterle update?

will be adding the type extension of source within .entity

will look to recommend entity.what in next generation after the group matures

FASTpurposeOfUse subset on the request as a promise to not use the data returned beyond the subset.

argonaut has it as a token attribute and is adding this to fine grain access control

IHE- IUA has it as a token attribute and is adding this to IUA scope

http header web-category

use of a Permission resource – not yet diagramed, but discussed that Permission could be used for more complex request context


Permission Resource is prototyped

FHIR Permission - for use-case submission and analysis

FHIR IG Proposal for gov work (confluence and build shown in github readme) 


Confluence: FHIR DS4P IG

T Key Summary Assignee Reporter P Status Resolution Created Updated Due

discussion of next generation of SMART

discussion document

In Process

FHIR-24907 - Getting issue details... STATUS

waiting on iso – some movement as ISO has not provided the document. BUT still not clear if licensing is clean. 

FHIR-24676 - Getting issue details... STATUS

waiting on M&M to give modeling guidance

Block Vote

Open Items

T Key Summary Assignee Reporter P Status Resolution Created Updated Due

FHIR BlockBlock vote preparation


FMMDefined plan to mature

Connectathon Update on Security at FHIR connectathon

Management Next agenda

New Business


55 minutes

Supporting Documents

Outline Reference

Supporting Document

Minute Approval