Minutes - Security WG 2023-07-12
From Health Level 7 Belgium Wiki
Attendees
- Anthony Maton
- Bart Decuypere
- Brian Thieren
- Dominiek Leclerq
- Félix De Tavernier
- Hanne Vuegen
- Jean-Michel Polfliet
- José Costa Teixeira
- Karlien Erauw
- Maxime Caucheteur
- Philippe Baise
- Werner De Mulder
Excused/Not present
- Benny Verhamme
- Brecht Van Vooren
- Cyprien Janssens
- Didier Temans
- Elien De Koker
- Erwin Bellon
- Filip Veldeman
- Isabelle Pollet
- Jan Lenie
- Jan Stinissen
- Marco Busschots
- Nick Hermans
- Nico Vannieuwenhuyze
- Stef Hoofd
- Steven Van den Berghe
Agenda
- security labels: combination of 2 proposals as sent in
- contained resources & search options
Minutes
- We review the proposal on the use of security labels in Belgium
- the scty labels are there for the system to check if the HCP can see the content or not
- proposal is a combination of
- add security labels to all BE profiles as must support
- on top, define a Codesystem/valueset with allowed security labels in a Belgian context
- for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic
- scty label would be sent by the GP softs - how can we ensure that they are compliant, it would be stated in the IG and the back-end checks if the combination is allowed
- see diagram: you see the roles & the access rules
- you currently only have roles & data categories
- in DB you have data categories that allow you to check if the role can see that data
- scty labels would be the start and essential part for access control, for every project we will need other rules as part of the scty framework in Belgium
- scty label is on resource or attribute level ? or on each individual resource or on bundles of resources
- scty label will have to be added to all BE implementation guides
- we will need to have a clearer view on the value sets for each of the use cases to see how implementable it is
- other elements of the resource might have to be taken into account to check the permission
- Discuss search for contained resource
- see issues 255 and 257 in referral project
Action items
- Security controls: continue work on valuesets by Brecht
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
- Wednesday 6 Sep at 9AM on security labels
