Difference between revisions of "Minutes - Security WG 2023-02-08"

From Health Level 7 Belgium Wiki
Line 23: Line 23:
 
* Jan Lenie  
 
* Jan Lenie  
 
* Nick Hermans  
 
* Nick Hermans  
 
  
 
===== Agenda =====
 
===== Agenda =====
Line 34: Line 33:
  
 
===== Minutes =====
 
===== Minutes =====
* Introduction of the group to the newcomers: everyone comes in as a professional, not linked to his organisation as this group is here to advice towards mature FHIR implementations
+
* Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
 
* Security controls: this group has to provide technical guidance supporting the funtional requirements
 
* Security controls: this group has to provide technical guidance supporting the funtional requirements
 
::* it has to be compatible with the current access matrix  
 
::* it has to be compatible with the current access matrix  
Line 51: Line 50:
 
::* our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference  
 
::* our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference  
  
* phrase point of view on R4 & R5 release
+
* Phrase point of view on R4 & R5 release
 
::* what are the current views ?
 
::* what are the current views ?
 
::* there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
 
::* there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
::*  
+
::* once we move to R5 clear guidelines will have to be setup
 +
::* in 2023 we don't plan to move to R5 in FHIR
  
draft
+
* FHIR readiness of hub/metahub system
* Some issues came up in other HL7 Belgium working groups so this group is reconvened since mid December
+
::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here]
* We have the necessary stakeholders on board: RSW, VZN, Cozo, RSB
 
* It is requested to include the link to the meeting minutes & agenda items in the meeting invites
 
* The purpose of this WG is to create recommendations and best practices, we cannot impose anything. Therefore we will continuously ask for feedback to all stakeholders, in particular the hubs.
 
* We agree to continue working on the items (security controls & litoral references) that were tackled during the last meeting
 
* Security controls : [https://wiki.hl7belgium.org/index.php?title=Minutes_-_Security_WG_2022-12-14 see previous discussion here]
 
::* link with access matrix which is evolving
 
::* security labels in FHIR don't have any hierarchy
 
::* we should ask for advice & input before starting specifications towards creating the implementation guide
 
::* action item: we/HL7 Belgium have to write out what the situation/technical possibilities and limits exist in FHIR R4 and R5
 
::::* please provide some input here
 
  
 
===== Action items =====
 
===== Action items =====

Revision as of 08:50, 8 February 2023

Attendees
  • Anthony Maton
  • Bart Decuypere
  • Benny Verhamme
  • Brian Thieren
  • Elien De Koker
  • Félix De Tavernier
  • Jan Stinissen
  • Jean-Michel Polfliet
  • José Costa Teixeira (first part)
  • Karlien Erauw
  • Marco Busschots
  • Philippe Baise
  • Steven Van den Berghe
  • Werner De Mulder (second part)
Excused/Not present
  • Brecht Van Vooren
  • Cyprien Janssens
  • Didier Temans
  • Erwin Bellon
  • Isabelle Pollet
  • Jan Lenie
  • Nick Hermans
Agenda
  • Context / needs
  • Determine meeting schedule
  • Security controls
  • Literal references in FHIR resources: need for guidelines ? see issue from WG referral (linked to Vitalink/brecht VV)
  • Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
  • FHIR readiness of Belgian metahub-hub system: see preparation work
Minutes
  • Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
  • Security controls: this group has to provide technical guidance supporting the funtional requirements
  • it has to be compatible with the current access matrix
  • challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
  • start google doc with the current access matrix to start analysis what is possible in FHIR and how
  • ask Brecht V.V; to join the meting & explain
  • Literal references
  • there is some confusion if you refer to a system that does not exist today
  • a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway
  • logical references are also possible
  • anyone willing to bring a common approach to the table ?
  • our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference
  • Phrase point of view on R4 & R5 release
  • what are the current views ?
  • there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
  • once we move to R5 clear guidelines will have to be setup
  • in 2023 we don't plan to move to R5 in FHIR
  • FHIR readiness of hub/metahub system
Action items
  • security controls: status of document describing the FHIR situation
  • litoral references: phrase our point of view
  • phrase recommendation on R4/R5 release
Next meeting
  • Wednesday 22 Feb at 9AM - TBC (holiday week) change biweekly schedule TBC