Difference between revisions of "Minutes - Security WG 2023-02-08"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) |
KarlienErauw (talk | contribs) |
||
Line 58: | Line 58: | ||
* FHIR readiness of hub/metahub system | * FHIR readiness of hub/metahub system | ||
::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] | ::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] | ||
+ | ::::* does a FHIR API fit in the hub/metahub system ? | ||
+ | ::::* equivalents of FHIR API exist for the metahub services | ||
+ | ::* the transition from a kmehr/soap API | ||
===== Action items ===== | ===== Action items ===== | ||
− | * security controls: | + | * security controls: start document describing the current access matrix and the possible FHIR functionalities |
− | + | * prepare feedback on FHIR readiness hub/metahub system | |
− | * | ||
===== Next meeting ===== | ===== Next meeting ===== | ||
− | * Wednesday 22 Feb at 9AM | + | * Wednesday 22 Feb at 9AM |
Revision as of 09:06, 8 February 2023
Attendees
- Anthony Maton
- Bart Decuypere
- Benny Verhamme
- Brian Thieren
- Elien De Koker
- Félix De Tavernier
- Jan Stinissen
- Jean-Michel Polfliet
- José Costa Teixeira (first part)
- Karlien Erauw
- Marco Busschots
- Philippe Baise
- Steven Van den Berghe
- Werner De Mulder (second part)
Excused/Not present
- Brecht Van Vooren
- Cyprien Janssens
- Didier Temans
- Erwin Bellon
- Isabelle Pollet
- Jan Lenie
- Nick Hermans
Agenda
- Context / needs
- Determine meeting schedule
- Security controls
- Literal references in FHIR resources: need for guidelines ? see issue from WG referral (linked to Vitalink/brecht VV)
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Minutes
- Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
- Security controls: this group has to provide technical guidance supporting the funtional requirements
- it has to be compatible with the current access matrix
- challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
- start google doc with the current access matrix to start analysis what is possible in FHIR and how
- reference: https://build.fhir.org/permission
- ABAC: attribute based access control
- some atrributes of the patient and user might have to be taken into account
- ask Brecht V.V; to join the meting & explain
- Literal references
- there is some confusion if you refer to a system that does not exist today
- a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway
- logical references are also possible
- anyone willing to bring a common approach to the table ?
- our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference
- Phrase point of view on R4 & R5 release
- what are the current views ?
- there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
- once we move to R5 clear guidelines will have to be setup
- in 2023 we don't plan to move to R5 in FHIR
- FHIR readiness of hub/metahub system
-
- does a FHIR API fit in the hub/metahub system ?
- equivalents of FHIR API exist for the metahub services
- the transition from a kmehr/soap API
-
Action items
- security controls: start document describing the current access matrix and the possible FHIR functionalities
- prepare feedback on FHIR readiness hub/metahub system
Next meeting
- Wednesday 22 Feb at 9AM