Skip to end of metadata
Go to start of metadata

Chair:  John Moehrke

Scribe: John Moehrke  

Mondays at 12:00 pm Eastern Time -

NOTE: This attendance applies if you are present at the related meeting/call, regardless if you have signed a different attendance for your WG. 






Minutes Approved as Presented 2020-01-06 FHIR-Security Meeting Agenda

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Management Minutes Approval


no meetings until February 24

See you in Sydney

New projects?

Potential (but only if someone steps forward) new projects this committee could take on:

* Basic Provenance in FHIR
* AuditEvent supporting Patient Empowerment
* Additional guidance for the core security pages
Security around FHIR Subscription
Security around bulk-data access
Security around multi-organization interactions (e.g. HIE)
* App dynamic registration
* Updating of SMART-on-FHIR with next kind of use-case (tbd)
* Templating of IG to drive Security Considerations
* Templating of IG to drive consistent use of Provenance, AuditEvent, and Signatures
* Definition of a new Resource for Permission use-cases
* Creation of a library of security/privacy focused IG that can be included in 'other' IG as modular security solutions (similar to how SMART-on-FHIR is used today, but supporting other security models). This might be where the subscription, bulk-data, and multi-organization solutions are organized for easy use.  

Permission Resource

? Should we move these use-cases into a confluence page that we further clarify the scope ?

  • The fundamental need is a way to encode a set of permissions, constraints, obligations in a set of rules with conditions. 
    • Where as is useful when the constraint or obligation is not conditional
    • Where as Consent is specific to patient giving Consent
    • Where a Contract is specific to where there are contract terms
  • The Permission Resource might be a resource that Consent and Contract refer to, so that all access-control-permissions at the fundamental level are coded the same way.
  • Examples that are not supported today (or might be more efficiently or clearly with a Permission resource)
    • Business contract covers broad use-cases between two organizations, where 'this' transaction is one of those business needs
    • where the communication needs to communicate two different purposeOfUse each with their different constraints
    • where the release is mandated by government regulation, but where the sender still wants to be clear on the release terms
    • ???

FHIR IG Proposal for gov work


How is this related ?

In ProcessSecurity Open Items – now in JIRA

FHIR-24908 - Getting issue details... STATUS  - Where vocabulary and valuesets come from DICOM, they should be imported and used from DICOM – elimination of AuditEvent codeSystem duplicaiton

waiting on dicom

FHIR-24907 - Getting issue details... STATUS  – Lifecycle event valueset should include HL7 lifecycle event vocabulary (ISO 10781) – bring in HL7 lifecycle event vocabulary

waiting on iso

FHIR-24676 - Getting issue details... STATUS  - PurposeOfUse vocabulary from ISO 14265 – bring in ISO vocabulary

waiting on iso

FHIR-23712 - Getting issue details... STATUS  waiting on ISO

waiting on iso

FHIR-11071 - Getting issue details... STATUS  DS4P and CUI will be creating IG. This exercise will result in update of the FHIR core with informed instructions

moved to DS4P

FHIR-23076 - Getting issue details... STATUS  is awaiting FHIR-I applying the change they agreed to in  FHIR-21284 - Getting issue details... STATUS

waiting on FHIR-I

FHIR-20758 - Getting issue details... STATUS  is awaiting FHIR-I applying the change they agreed to in  FHIR-20760 - Getting issue details... STATUS

waiting on FHIR-I
Open Items

FHIR-23703 - Getting issue details... STATUS  – Recommend Persuasive

FHIR-23714 - Getting issue details... STATUS  - 

T Key Summary Assignee Reporter P Status Resolution Created Updated Due

FHIR BlockBlock vote preparation

FMMDefined plan to mature

Connectathon Update on Security at FHIR connectathon

SMARTdiscussion of next generation of SMART

Consent servicediscussion of next generation consent service

Management Next agenda

New Business

60 minutes

Supporting Documents

Outline Reference

Supporting Document

Minute Approval