Difference between revisions of "Minutes - Security WG 2023-06-28"

From Health Level 7 Belgium Wiki
Line 44: Line 44:
 
::* the matrix is implemented in the field by the hubs and vaults etc, and by developers
 
::* the matrix is implemented in the field by the hubs and vaults etc, and by developers
 
::::* the roles of the health care providers is managed in Cobhra
 
::::* the roles of the health care providers is managed in Cobhra
::* there are also other "rules" that apply in practice, f.e. "circle of trust"
+
::* there are also other "rules" that apply in practice, f.e. "circle of trust", note that there is not a single law that probably governs this (access right based on certification <> access rights based on relation to patient != access rights based on specific emergency circumstances , ...)
 +
 
 +
* we refer to [https://profiles.ihe.net/ITI/PCF/1.0.0-comment/ch-P.html#p1-consents-in-a-sensitivity-labeled-and-role-based-access-control-environment FHIR]
 +
* there may be some outcome of the rules / matrix that may be referred in the law
 +
* we could always use a matrix - but a N-dimension matrix, not a 2D matrix
 +
 
 +
 
  
 
===== Action items =====
 
===== Action items =====

Revision as of 08:03, 28 June 2023

Attendees
  • Bart Decuypere
  • Brecht Van Vooren
  • Brian Thieren
  • Dominiek Leclerq
  • Elien De Koker
  • Erwin Bellon
  • Félix De Tavernier
  • Hanne Vuegen
  • Jan Stinissen
  • José Costa Teixeira
  • Karlien Erauw
  • Maxime Cauchet
  • Philippe Baise
  • Stephane Houpresse
  • Steven Van den Berghe
  • Werner De Mulder
Excused/Not present
  • Anthony Maton
  • Benny Verhamme
  • Cyprien Janssens
  • Didier Temans
  • Filip Veldeman
  • Isabelle Pollet
  • Jan Lenie
  • Jean-Michel Polfliet
  • Marco Busschots
  • Nick Hermans
  • Nico Vannieuwenhuyze
  • Stef Hoofd
Agenda
  • guest to enlighten us on the access matrix
Minutes
  • Presentation of the access matrix by Stephane Houpresse
  • the reglementation drives the accesses: see here, including CSI/IVC deliberation
  • the Excel is a translation of this reglementation
  • the matrix is under evolution
  • at a time we talked about "paradigm shift": open everything up, this is still under (political) discussion
  • there are also requests to open it up to organisations/care providers that are not part of KB78
  • is the matrix only for read, or also for write: it is only about consultations
  • the matrix is implemented in the field by the hubs and vaults etc, and by developers
  • the roles of the health care providers is managed in Cobhra
  • there are also other "rules" that apply in practice, f.e. "circle of trust", note that there is not a single law that probably governs this (access right based on certification <> access rights based on relation to patient != access rights based on specific emergency circumstances , ...)
  • we refer to FHIR
  • there may be some outcome of the rules / matrix that may be referred in the law
  • we could always use a matrix - but a N-dimension matrix, not a 2D matrix


Action items
  • Security controls: continue work on use cases for permission and consent
  • Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
  • FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
  • Wednesday 12 July on contained resources and search options May at 9AM