Minutes - Security WG 2021-05-21
From Health Level 7 Belgium Wiki
Attendees
- Bruno Casneuf
- Erwin Bellon
- Hannes De Clercq
- Jean-Michel Polfliet
- Karlien Erauw
- Nick Hermans
- Pablo d'Alcantara
- Raphaël, RSW
- Robin Bosman
Excused/Not present
- Didier Temans
- José Costa Teixeira
Agenda
- Presentation by Hannes
- Plan to go forward
Previous Minutes
- Background: request raised in eHealth Platform WG Architecture from April 30
- RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM
- remark: Hannes should be available as key person
- What exactly is the request:
- see presentation WG Architecture here: Access control in FHIR, https://drive.google.com/file/d/1v-Lg204eKYKEOdCUJtv7gT0G4vd0XIpP/view?usp=sharing
- do we need middleware when using a FHIR server to have access to patient consent and therapeutic relationship
- what are the encountered issues and how can we mitigate these ?
- Plan to go forward:
- benefits of using middleware
- encountered issues when using middleware
- Question: how to interrogate multiple FHIR servers
Minutes
- Hannes presents "Access control in FHIR" that was also
- care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers
- id: solutions FAS or eID, itsme, TOTOP
- access management: need for standardised manner to manage interactions
- solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access
- solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip)
- RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution
- anyone can do setup of its own but we have to be careful to add any additional "signatures"
- Pablo is referring to the vaults FHIR cookbook