Difference between revisions of "Minutes - Security WG 2023-02-08"

From Health Level 7 Belgium Wiki
 
(2 intermediate revisions by the same user not shown)
Line 23: Line 23:
 
* Jan Lenie  
 
* Jan Lenie  
 
* Nick Hermans  
 
* Nick Hermans  
 
  
 
===== Agenda =====
 
===== Agenda =====
Line 34: Line 33:
  
 
===== Minutes =====
 
===== Minutes =====
* Introduction of the group to the newcomers: everyone comes in as a professional, not linked to his organisation as this group is here to advice towards mature FHIR implementations
+
* Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
 
* Security controls: this group has to provide technical guidance supporting the funtional requirements
 
* Security controls: this group has to provide technical guidance supporting the funtional requirements
 
::* it has to be compatible with the current access matrix  
 
::* it has to be compatible with the current access matrix  
 
::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
 
::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
::* start google doc with the current access matrix to start analysis what is possible in FHIR and how
+
::* [https://docs.google.com/document/d/1QdbH-secQSw67krow2IrQIs3vofv2Sq9/edit?usp=share_link&ouid=105469359652835948544&rtpof=true&sd=true start google doc with the current access matrix to start analysis what is possible in FHIR and how]
 
::::* reference: https://build.fhir.org/permission  
 
::::* reference: https://build.fhir.org/permission  
 
::::* ABAC: attribute based access control
 
::::* ABAC: attribute based access control
 
::::* some atrributes of the patient and user might have to be taken into account  
 
::::* some atrributes of the patient and user might have to be taken into account  
::* ask Brecht V.V; to join the meting & explain  
+
::* ask Brecht V.V. to join the meting & explain  
  
 
* Literal references  
 
* Literal references  
Line 51: Line 50:
 
::* our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference  
 
::* our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference  
  
* phrase point of view on R4 & R5 release
+
* Phrase point of view on R4 & R5 release
 
::* what are the current views ?
 
::* what are the current views ?
 
::* there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
 
::* there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
::*  
+
::* once we move to R5 clear guidelines will have to be setup
 +
::* in 2023 we don't plan to move to R5 in FHIR
  
draft
+
* FHIR readiness of hub/metahub system
* Some issues came up in other HL7 Belgium working groups so this group is reconvened since mid December
+
::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] and [https://drive.google.com/file/d/1c6l9FrW5Jwq3wyuA4nvf5kBiil7iz5xh/view?usp=share_link pdf here]
* We have the necessary stakeholders on board: RSW, VZN, Cozo, RSB
+
::::* does a FHIR API fit in the hub/metahub system ?
* It is requested to include the link to the meeting minutes & agenda items in the meeting invites
+
::::* equivalents of FHIR API exist for the metahub services
* The purpose of this WG is to create recommendations and best practices, we cannot impose anything. Therefore we will continuously ask for feedback to all stakeholders, in particular the hubs.
+
::* the transition from a kmehr/soap API
* We agree to continue working on the items (security controls & litoral references) that were tackled during the last meeting
 
* Security controls : [https://wiki.hl7belgium.org/index.php?title=Minutes_-_Security_WG_2022-12-14 see previous discussion here]
 
::* link with access matrix which is evolving
 
::* security labels in FHIR don't have any hierarchy
 
::* we should ask for advice & input before starting specifications towards creating the implementation guide
 
::* action item: we/HL7 Belgium have to write out what the situation/technical possibilities and limits exist in FHIR R4 and R5
 
::::* please provide some input here
 
  
 
===== Action items =====
 
===== Action items =====
* security controls: status of document describing the FHIR situation
+
* security controls: start document describing the current access matrix and the possible FHIR functionalities
* litoral references: phrase our point of view
+
* prepare feedback on FHIR readiness hub/metahub system
* phrase recommendation on R4/R5 release
 
  
 
===== Next meeting =====
 
===== Next meeting =====
* Wednesday 22 Feb at 9AM - TBC (holiday week) change biweekly schedule TBC
+
* Wednesday 22 Feb at 9AM

Latest revision as of 10:16, 8 February 2023

Attendees
  • Anthony Maton
  • Bart Decuypere
  • Benny Verhamme
  • Brian Thieren
  • Elien De Koker
  • Félix De Tavernier
  • Jan Stinissen
  • Jean-Michel Polfliet
  • José Costa Teixeira (first part)
  • Karlien Erauw
  • Marco Busschots
  • Philippe Baise
  • Steven Van den Berghe
  • Werner De Mulder (second part)
Excused/Not present
  • Brecht Van Vooren
  • Cyprien Janssens
  • Didier Temans
  • Erwin Bellon
  • Isabelle Pollet
  • Jan Lenie
  • Nick Hermans
Agenda
  • Context / needs
  • Determine meeting schedule
  • Security controls
  • Literal references in FHIR resources: need for guidelines ? see issue from WG referral (linked to Vitalink/brecht VV)
  • Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
  • FHIR readiness of Belgian metahub-hub system: see preparation work
Minutes
  • Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
  • Security controls: this group has to provide technical guidance supporting the funtional requirements
  • ask Brecht V.V. to join the meting & explain
  • Literal references
  • there is some confusion if you refer to a system that does not exist today
  • a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway
  • logical references are also possible
  • anyone willing to bring a common approach to the table ?
  • our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference
  • Phrase point of view on R4 & R5 release
  • what are the current views ?
  • there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
  • once we move to R5 clear guidelines will have to be setup
  • in 2023 we don't plan to move to R5 in FHIR
  • FHIR readiness of hub/metahub system
  • does a FHIR API fit in the hub/metahub system ?
  • equivalents of FHIR API exist for the metahub services
  • the transition from a kmehr/soap API
Action items
  • security controls: start document describing the current access matrix and the possible FHIR functionalities
  • prepare feedback on FHIR readiness hub/metahub system
Next meeting
  • Wednesday 22 Feb at 9AM