Difference between revisions of "Minutes - Security WG 2023-02-08"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) (Created page with "===== Attendees ===== * Anthony Maton * Bart Decuypere * Benny Verhamme * Brian Thieren (Cozo) * Félix De Tavernier * Isabelle Pollet * Jan Stinissen * Steven Van den Berg...") |
KarlienErauw (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* Bart Decuypere | * Bart Decuypere | ||
* Benny Verhamme | * Benny Verhamme | ||
− | * Brian Thieren | + | * Brian Thieren |
+ | * Elien De Koker | ||
* Félix De Tavernier | * Félix De Tavernier | ||
− | |||
* Jan Stinissen | * Jan Stinissen | ||
− | |||
* Jean-Michel Polfliet | * Jean-Michel Polfliet | ||
* José Costa Teixeira (first part) | * José Costa Teixeira (first part) | ||
Line 13: | Line 12: | ||
* Marco Busschots | * Marco Busschots | ||
* Philippe Baise | * Philippe Baise | ||
+ | * Steven Van den Berghe | ||
+ | * Werner De Mulder (second part) | ||
===== Excused/Not present ===== | ===== Excused/Not present ===== | ||
Line 19: | Line 20: | ||
* Didier Temans | * Didier Temans | ||
* Erwin Bellon | * Erwin Bellon | ||
+ | * Isabelle Pollet | ||
* Jan Lenie | * Jan Lenie | ||
* Nick Hermans | * Nick Hermans | ||
− | |||
===== Agenda ===== | ===== Agenda ===== | ||
Line 32: | Line 33: | ||
===== Minutes ===== | ===== Minutes ===== | ||
− | * Introduction of the group to the newcomers: everyone comes in as a professional, not linked to his organisation as this group is here to advice towards mature FHIR implementations | + | * Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations |
− | * Security controls | + | * Security controls: this group has to provide technical guidance supporting the funtional requirements |
::* it has to be compatible with the current access matrix | ::* it has to be compatible with the current access matrix | ||
::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation) | ::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation) | ||
− | ::* start google doc with the current access matrix to start analysis what is possible in FHIR and how | + | ::* [https://docs.google.com/document/d/1QdbH-secQSw67krow2IrQIs3vofv2Sq9/edit?usp=share_link&ouid=105469359652835948544&rtpof=true&sd=true start google doc with the current access matrix to start analysis what is possible in FHIR and how] |
::::* reference: https://build.fhir.org/permission | ::::* reference: https://build.fhir.org/permission | ||
::::* ABAC: attribute based access control | ::::* ABAC: attribute based access control | ||
+ | ::::* some atrributes of the patient and user might have to be taken into account | ||
+ | ::* ask Brecht V.V. to join the meting & explain | ||
+ | * Literal references | ||
+ | ::* there is some confusion if you refer to a system that does not exist today | ||
+ | ::::* a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway | ||
+ | ::* logical references are also possible | ||
+ | ::* anyone willing to bring a common approach to the table ? | ||
+ | ::* our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference | ||
+ | * Phrase point of view on R4 & R5 release | ||
+ | ::* what are the current views ? | ||
+ | ::* there will be a mixed ecosystem as R5 will be adopted since it has more functionalities | ||
+ | ::* once we move to R5 clear guidelines will have to be setup | ||
+ | ::* in 2023 we don't plan to move to R5 in FHIR | ||
− | + | * FHIR readiness of hub/metahub system | |
− | * | + | ::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] and [https://drive.google.com/file/d/1c6l9FrW5Jwq3wyuA4nvf5kBiil7iz5xh/view?usp=share_link pdf here] |
− | * | + | ::::* does a FHIR API fit in the hub/metahub system ? |
− | + | ::::* equivalents of FHIR API exist for the metahub services | |
− | + | ::* the transition from a kmehr/soap API | |
− | |||
− | |||
− | :: | ||
− | ::* | ||
− | ::* | ||
− | ::* | ||
− | |||
===== Action items ===== | ===== Action items ===== | ||
− | * security controls: | + | * security controls: start document describing the current access matrix and the possible FHIR functionalities |
− | + | * prepare feedback on FHIR readiness hub/metahub system | |
− | * | ||
===== Next meeting ===== | ===== Next meeting ===== | ||
− | * Wednesday 22 Feb at 9AM | + | * Wednesday 22 Feb at 9AM |
Latest revision as of 10:16, 8 February 2023
Attendees
- Anthony Maton
- Bart Decuypere
- Benny Verhamme
- Brian Thieren
- Elien De Koker
- Félix De Tavernier
- Jan Stinissen
- Jean-Michel Polfliet
- José Costa Teixeira (first part)
- Karlien Erauw
- Marco Busschots
- Philippe Baise
- Steven Van den Berghe
- Werner De Mulder (second part)
Excused/Not present
- Brecht Van Vooren
- Cyprien Janssens
- Didier Temans
- Erwin Bellon
- Isabelle Pollet
- Jan Lenie
- Nick Hermans
Agenda
- Context / needs
- Determine meeting schedule
- Security controls
- Literal references in FHIR resources: need for guidelines ? see issue from WG referral (linked to Vitalink/brecht VV)
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Minutes
- Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
- Security controls: this group has to provide technical guidance supporting the funtional requirements
- it has to be compatible with the current access matrix
- challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
- start google doc with the current access matrix to start analysis what is possible in FHIR and how
- reference: https://build.fhir.org/permission
- ABAC: attribute based access control
- some atrributes of the patient and user might have to be taken into account
- ask Brecht V.V. to join the meting & explain
- Literal references
- there is some confusion if you refer to a system that does not exist today
- a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway
- logical references are also possible
- anyone willing to bring a common approach to the table ?
- our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference
- Phrase point of view on R4 & R5 release
- what are the current views ?
- there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
- once we move to R5 clear guidelines will have to be setup
- in 2023 we don't plan to move to R5 in FHIR
- FHIR readiness of hub/metahub system
-
- does a FHIR API fit in the hub/metahub system ?
- equivalents of FHIR API exist for the metahub services
- the transition from a kmehr/soap API
-
Action items
- security controls: start document describing the current access matrix and the possible FHIR functionalities
- prepare feedback on FHIR readiness hub/metahub system
Next meeting
- Wednesday 22 Feb at 9AM