Chair:  John Moehrke

Scribe: John Moehrke  


Mondays at 12:00 pm Eastern Time - http://join.freeconferencecall.com/security36

NOTE: This attendance applies if you are present at the related meeting/call, regardless if you have signed a different attendance for your WG. 

Attendees

Present

Name

Affiliation

X































Minutes Approved as Presented 2020-01-06 FHIR-Security Meeting Agenda


This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."


Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Management Minutes Approval

news

no meetings until February 24

See you in Sydney


New projects?

Potential (but only if someone steps forward) new projects this committee could take on:

* Basic Provenance in FHIR
* AuditEvent supporting Patient Empowerment
* Additional guidance for the core security pages
Security around FHIR Subscription
Security around bulk-data access
Security around multi-organization interactions (e.g. HIE)
* App dynamic registration
* Updating of SMART-on-FHIR with next kind of use-case (tbd)
* Templating of IG to drive Security Considerations
* Templating of IG to drive consistent use of Provenance, AuditEvent, and Signatures
* Definition of a new Resource for Permission use-cases
* Creation of a library of security/privacy focused IG that can be included in 'other' IG as modular security solutions (similar to how SMART-on-FHIR is used today, but supporting other security models). This might be where the subscription, bulk-data, and multi-organization solutions are organized for easy use.  




Permission Resource

http://zeora.net/blog/2019/11/19/permission-is-key/


? Should we move these use-cases into a confluence page that we further clarify the scope ?

  • The fundamental need is a way to encode a set of permissions, constraints, obligations in a set of rules with conditions. 
    • Where as meta.security is useful when the constraint or obligation is not conditional
    • Where as Consent is specific to patient giving Consent
    • Where a Contract is specific to where there are contract terms
  • The Permission Resource might be a resource that Consent and Contract refer to, so that all access-control-permissions at the fundamental level are coded the same way.
  • Examples that are not supported today (or might be more efficiently or clearly with a Permission resource)
    • Business contract covers broad use-cases between two organizations, where 'this' transaction is one of those business needs
    • where the communication needs to communicate two different purposeOfUse each with their different constraints
    • where the release is mandated by government regulation, but where the sender still wants to be clear on the release terms
    • ???



FHIR IG Proposal for gov work 

https://github.com/HL7/us-security-label-regs




FHIR DS4P IG

How is this related ?




In ProcessSecurity Open Items – now in JIRA


 - Where vocabulary and valuesets come from DICOM, they should be imported and used from DICOM – elimination of AuditEvent codeSystem duplicaiton

waiting on dicom

 – Lifecycle event valueset should include HL7 lifecycle event vocabulary (ISO 10781) – bring in HL7 lifecycle event vocabulary

waiting on iso

 - PurposeOfUse vocabulary from ISO 14265 – bring in ISO vocabulary

waiting on iso

 waiting on ISO

waiting on iso

 DS4P and CUI will be creating IG. This exercise will result in update of the FHIR core with informed instructions

moved to DS4P

 is awaiting FHIR-I applying the change they agreed to in 

waiting on FHIR-I

 is awaiting FHIR-I applying the change they agreed to in 

waiting on FHIR-I
Open Items





 – Recommend Persuasive




 - 






























FHIR BlockBlock vote preparation









FMMDefined plan to mature

Connectathon Update on Security at FHIR connectathon

SMARTdiscussion of next generation of SMART https://chat.fhir.org/#narrow/stream/179170-smart/topic/SMART.20scopes.20v2

Consent servicediscussion of next generation consent service https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Consent.20Service

Management Next agenda

New Business



 Adjournment
60 minutes

Supporting Documents

Outline Reference

Supporting Document

Minute Approval

 

Reference to Agenda Item here Insert Link to document here


Tasks