Chair: John Moehrke
Scribe: John Moehrke
Mondays at 12:00 pm Eastern Time - http://join.freeconferencecall.com/security36
NOTE: This attendance applies if you are present at the related meeting/call, regardless if you have signed a different attendance for your WG.
Minutes Approved as Presented 2020-01-06 FHIR-Security Meeting Agenda
This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."
Meeting Minutes from Discussion
|Decision Link(if not child)|
|Management||Minutes Approval||Minutes not reviewed|
Potential (but only if someone steps forward) new projects this committee could take on:
* Basic Provenance in FHIR
some of these are already started. This section should be removed with specific sections on active projects included.
http://build.fhir.org/permission is prototyped
robust discussion on how this might be the basis for more refined redaction such as a permission that allowed a given role to have access to the Patient resource but not the Patient.identifier that holds a given national ID value
This might be by having a Permission.useLimitations that identifies these fine-grain restrictions
Alternative proposed elsewhere is to add a security tag to all elements in all resources; which seems to be more burdensome
FHIR IG Proposal for gov work
Prototype (unofficial) Government Regulated Security IG https://github.com/JohnMoehrke/security-gov-regs
Known issues not yet updated:
Kathleen has made some progress on the confluence pages.
John to look at adding these improvements to the IG build.
John also has previously agreed to actions to implement
Kathleen noted that the build site seems to not be available. John noted that the build output is only preserved for a week, so would need to be refreshed as this is the continuous build site. Ballots and final are preserved elsewhere
|In Process||Security Open Items – now in JIRA|
|FHIR-24908 - Where vocabulary and valuesets come from DICOM, they should be imported and used from DICOM – elimination of AuditEvent codeSystem duplicaiton||waiting on dicom|
|FHIR-24907 – Lifecycle event valueset should include HL7 lifecycle event vocabulary (ISO 10781) – bring in HL7 lifecycle event vocabulary||waiting on iso|
|FHIR-24676 - PurposeOfUse vocabulary from ISO 14265 – bring in ISO vocabulary||waiting on iso|
|waiting on iso|
|moved to DS4P|
|FHIR Block||Block vote preparation|
|FMM||Defined plan to mature|
|Connectathon||Update on Security at FHIR connectathon||AuditEvent and Provenance have plenty of exercise at FHIR Connectathon and IHE Connectathon. They should be able to be moved to Normative by the R5 timeframe.|
|SMART||discussion of next generation of SMART https://chat.fhir.org/#narrow/stream/179170-smart/topic/SMART.20scopes.20v2||Need to gather a group of stakeholders and implementer to work out a plan. Should the improvement be bottom-up or top-down; incremental or comprehensive. We need buyin from argonaut, but the work should not be perceived as specific to argonaut.|
|Consent service||discussion of next generation consent service https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Consent.20Service|