Minutes - Security WG 2023-03-08

Attendees

• Anthony Maton
• Bart Decuypere
• Brecht Van Vooren
• Brian Thieren
• Didier Temans
• Dominiek Leclerq
• Elien De Koker
• Félix De Tavernier
• Jan Stinissen
• Jean-Michel Polfliet
• José Costa Teixeira
• Karlien Erauw
• Philippe Baise
• Steven Van den Berghe
• Werner De Mulder

Excused/Not present

• Benny Verhamme
• Cyprien Janssens
• Erwin Bellon
• Isabelle Pollet
• Jan Lenie
• Marco Busschots
• Nick Hermans

Agenda

• Security controls: continue work on use cases for permission and consent
• Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
• FHIR readiness of Belgian metahub-hub system: see preparation work

Minutes

Use cases for Permission and Consent and respective need for interoperability and computability: see document here

• Steven has added 2 scenarios #6 and #7

• should notes be an element or a resource to tag the resource or the element
• is it an option so make slices in a care plan to put the HCP's notes or the patient's notes
• using an hierarchy for care plans that consists of several elements is an option

• See: https://build.fhir.org/ig/HL7/fhir-security-label-ds4p/

• we are looking at Inline Security Labels

• is there a difference a private and a public annotation ? do we want to go towards attribute filtering access

• proposal of next step: list up approaches and look at variants

• how to tag the attributes
• GDPR: purpose of use in a hospital ?

• it is handled at legal level, they cannot share this by law

• traceability needs to be taken into account
• Are there specific (legal) requirements that need to be taken into account

Action items

• security controls: update document describing the current access matrix and the possible FHIR functionalities
• prepare feedback on FHIR readiness hub/metahub system

Next meeting

• Wednesday 22 March at 9AM