Chair: John Moehrke

Scribe: Kathleen Connor

Mondays at 12:00 - 1:00 pm Eastern Time

Agenda Topics


HL7 WGs are required to acknowledge the  operating under HL7 Code of Conduct & the HL7 Antitrust Statement at the beginning of each meeting.

Professional Associations, such as HL7, which bring together competing entities are subject to strict scrutiny under applicable antitrust laws. HL7 recognizes that the antitrust laws were enacted to promote fairness in competition and, as such, supports laws against monopoly and restraints of trade and their enforcement. Each individual participating in HL7 meetings and conferences, regardless of venue, is responsible for knowing the contents of and adhering to the HL7 Antitrust Policy as stated in §05.01 of the Governance and Operations Manual (GOM).

Security WG calls are recorded per WG approval during 2021-10-27 Security Call unless an objection is sustained.

Agenda Overview

Agenda Approval

Review and Approve:

2022-12-19 Security WG Agenda/Minutes

202301 Security WGM Minutes

  • Jan WGM Report out
  • FHIR Ticket on audit.event item

Approval of

2022-12-19 Security WG Agenda/Minutes

Moved: Kathleen

Second: Alex

Vote: 8-0-0

Approval of

202301 Security WGM Minutes

Moved: Alex

Second: Joe

Vote: 7-0-1


Discuss progress on publication request and THO ticket UP-370 add a new code (HAS-INLINE-SEC-LABELS) to v3-ActCode to the value set ObligationPolicy


Add a new code HAS-INLINE-SEC-LABELS to v3-ActCode to the value set ObligationPolicy to indicate that a resource includes in-line security labels that apply to parts of the resource.
This is a follow up from this FHIR ticket:
FHIR-33917 - extension-has-inline-sec-label should be a code not extension Resolved - change required


UP-370 approved and now in the build. Change pushed to rely on the code but error in build because codes are not in build. Can add CI as a dependency.  Migrated to Sushi to enable build with CI dependency. John will help with this.  CI release end of month?


  1. FHIR Specification Feedback
  2. FHIR-40293

AuditEvent agent relationship to other agent elements

Add comment
In PersonPropose DispositionWorkflow

Share this issue



  • Change Request

  • Status: Triaged (View Workflow)

  • High

  • Resolution: Unresolved

  • FHIR Core (FHIR)

  • R4

  • Security

  • AuditEvent


When an AuditEvent is attributed to many .agent values, and there is an obvious relationship (one Practitoner, one Organization) the relationship is implied to be clear. But when there are many this is not as clear. Use-case is where an AuditEvent is by two Practitoners each working on behalf of different Organizations. 

Possible Solutions:
1. Provenance has an agent.onbehalf to address this. Moving to this would make the models similar.

2. Could just indicate that PractionerRole should be used (which might be a contained instance when that is appropriate)

3. Could add an agent.agent so that one agent can be related to another agent. (Like AuditEvent has for entity->agent.

4. This could be considered not core, and an extension used. This extension could be created in FHIR core so that it is available consistently.

Need discussion


Deferred - discussed but not concluded.
Notes from CHAT

Moved FHIR Chats to separate page

FHIR Privacy and Security Zulip Chats


Security Project and Ballot Management Resources FAQs

Confluence and JIRA Tutorials

TSC Decisions

Call Chat



  • No labels