Minutes - Security WG 2023-07-12

From Health Level 7 Belgium Wiki
Revision as of 07:25, 6 September 2023 by KarlienErauw (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Attendees
  • Anthony Maton
  • Bart Decuypere
  • Brian Thieren
  • Dominiek Leclerq
  • Félix De Tavernier
  • Hanne Vuegen
  • Jean-Michel Polfliet
  • José Costa Teixeira
  • Karlien Erauw
  • Maxime Caucheteur
  • Philippe Baise
  • Werner De Mulder
Excused/Not present
  • Benny Verhamme
  • Brecht Van Vooren
  • Cyprien Janssens
  • Didier Temans
  • Elien De Koker
  • Erwin Bellon
  • Filip Veldeman
  • Isabelle Pollet
  • Jan Lenie
  • Jan Stinissen
  • Marco Busschots
  • Nick Hermans
  • Nico Vannieuwenhuyze
  • Stef Hoofd
  • Steven Van den Berghe
Agenda
  • security labels: combination of 2 proposals as sent in
  • contained resources & search options
Minutes
  • the scty labels are there for the system to check if the HCP can see the content or not
  • proposal is a combination of
  • add security labels to all BE profiles as must support
  • on top, define a Codesystem/valueset with allowed security labels in a Belgian context
  • for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic
  • scty label would be sent by the GP softs - how can we ensure that they are compliant, it would be stated in the IG and the back-end checks if the combination is allowed
  • you currently only have roles & data categories
  • in DB you have data categories that allow you to check if the role can see that data
  • scty labels would be the start and essential part for access control, for every project we will need other rules as part of the scty framework in Belgium
  • scty label is on resource or attribute level ? or on each individual resource or on bundles of resources
  • scty label will have to be added to all BE implementation guides
  • we will need to have a clearer view on the value sets for each of the use cases to see how implementable it is
  • other elements of the resource might have to be taken into account to check the permission
  • Discuss search for contained resource
Action items
  • Security controls: continue work on valuesets by Brecht
  • Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
  • FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
  • Wednesday 6 Sep at 9AM on security labels