Difference between revisions of "Minutes - Security WG 2023-06-28"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) |
KarlienErauw (talk | contribs) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
* José Costa Teixeira | * José Costa Teixeira | ||
* Karlien Erauw | * Karlien Erauw | ||
− | * Maxime | + | * Maxime Caucheteur (smals) |
* Philippe Baise | * Philippe Baise | ||
* Stephane Houpresse | * Stephane Houpresse | ||
Line 36: | Line 36: | ||
===== Minutes ===== | ===== Minutes ===== | ||
* Presentation of the access matrix by Stephane Houpresse | * Presentation of the access matrix by Stephane Houpresse | ||
− | ::* the reglementation | + | ::* the reglementation drives the accesses: [https://www.ehealth.fgov.be/ehealthplatform/nl/reglementen see here], including [https://www.ehealth.fgov.be/ehealthplatform/file/view/AWedzvUXgwvToiwBkfwJ?filename=18-190-n256-toegangsmatrix-gewijzigd%20op%206%20juli%202021.pdf CSI/IVC deliberation] |
− | ::* the Excel is a translation of this reglementation | + | ::* the Excel is a translation of this reglementation |
::* the matrix is under evolution | ::* the matrix is under evolution | ||
::* at a time we talked about "paradigm shift": open everything up, this is still under (political) discussion | ::* at a time we talked about "paradigm shift": open everything up, this is still under (political) discussion | ||
::* there are also requests to open it up to organisations/care providers that are not part of KB78 | ::* there are also requests to open it up to organisations/care providers that are not part of KB78 | ||
::* is the matrix only for read, or also for write: it is only about consultations | ::* is the matrix only for read, or also for write: it is only about consultations | ||
− | ::* the matrix is implemented in the field by the hubs and vaults etc | + | ::* the matrix is implemented in the field by the hubs and vaults etc, and by developers |
::::* the roles of the health care providers is managed in Cobhra | ::::* the roles of the health care providers is managed in Cobhra | ||
+ | ::* there are also other "rules" that apply in practice, f.e. "circle of trust", note that there is not a single law that probably governs this (access right based on certification <> access rights based on relation to patient != access rights based on specific emergency circumstances , ...) | ||
− | : | + | * we refer to [https://profiles.ihe.net/ITI/PCF/1.0.0-comment/ch-P.html#p1-consents-in-a-sensitivity-labeled-and-role-based-access-control-environment FHIR] |
+ | * there may be some outcome of the rules / matrix that may be referred in the law | ||
+ | * we could always use a matrix - but a N-dimension matrix, not a 2D matrix | ||
− | |||
− | |||
− | |||
===== Action items ===== | ===== Action items ===== |
Latest revision as of 12:51, 7 July 2023
Attendees
- Bart Decuypere
- Brecht Van Vooren
- Brian Thieren
- Dominiek Leclerq
- Elien De Koker
- Erwin Bellon
- Félix De Tavernier
- Hanne Vuegen
- Jan Stinissen
- José Costa Teixeira
- Karlien Erauw
- Maxime Caucheteur (smals)
- Philippe Baise
- Stephane Houpresse
- Steven Van den Berghe
- Werner De Mulder
Excused/Not present
- Anthony Maton
- Benny Verhamme
- Cyprien Janssens
- Didier Temans
- Filip Veldeman
- Isabelle Pollet
- Jan Lenie
- Jean-Michel Polfliet
- Marco Busschots
- Nick Hermans
- Nico Vannieuwenhuyze
- Stef Hoofd
Agenda
- guest to enlighten us on the access matrix
Minutes
- Presentation of the access matrix by Stephane Houpresse
- the reglementation drives the accesses: see here, including CSI/IVC deliberation
- the Excel is a translation of this reglementation
- the matrix is under evolution
- at a time we talked about "paradigm shift": open everything up, this is still under (political) discussion
- there are also requests to open it up to organisations/care providers that are not part of KB78
- is the matrix only for read, or also for write: it is only about consultations
- the matrix is implemented in the field by the hubs and vaults etc, and by developers
- the roles of the health care providers is managed in Cobhra
- there are also other "rules" that apply in practice, f.e. "circle of trust", note that there is not a single law that probably governs this (access right based on certification <> access rights based on relation to patient != access rights based on specific emergency circumstances , ...)
- we refer to FHIR
- there may be some outcome of the rules / matrix that may be referred in the law
- we could always use a matrix - but a N-dimension matrix, not a 2D matrix
Action items
- Security controls: continue work on use cases for permission and consent
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
- Wednesday 12 July on contained resources and search options May at 9AM