Difference between revisions of "Minutes - Security WG 2023-07-12"

From Health Level 7 Belgium Wiki
 
(One intermediate revision by the same user not shown)
Line 55: Line 55:
  
 
===== Action items =====
 
===== Action items =====
* Security controls: continue work on use cases for permission and consent
+
* Security controls: continue work on valuesets by Brecht
 
* Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
 
* Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
 
* FHIR readiness of Belgian metahub-hub system: see preparation work
 
* FHIR readiness of Belgian metahub-hub system: see preparation work
  
 
===== Next meetings =====
 
===== Next meetings =====
* Wednesday 6 Sep at 9AM
+
* Wednesday 6 Sep at 9AM on security labels

Latest revision as of 07:25, 6 September 2023

Attendees
  • Anthony Maton
  • Bart Decuypere
  • Brian Thieren
  • Dominiek Leclerq
  • Félix De Tavernier
  • Hanne Vuegen
  • Jean-Michel Polfliet
  • José Costa Teixeira
  • Karlien Erauw
  • Maxime Caucheteur
  • Philippe Baise
  • Werner De Mulder
Excused/Not present
  • Benny Verhamme
  • Brecht Van Vooren
  • Cyprien Janssens
  • Didier Temans
  • Elien De Koker
  • Erwin Bellon
  • Filip Veldeman
  • Isabelle Pollet
  • Jan Lenie
  • Jan Stinissen
  • Marco Busschots
  • Nick Hermans
  • Nico Vannieuwenhuyze
  • Stef Hoofd
  • Steven Van den Berghe
Agenda
  • security labels: combination of 2 proposals as sent in
  • contained resources & search options
Minutes
  • the scty labels are there for the system to check if the HCP can see the content or not
  • proposal is a combination of
  • add security labels to all BE profiles as must support
  • on top, define a Codesystem/valueset with allowed security labels in a Belgian context
  • for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic
  • scty label would be sent by the GP softs - how can we ensure that they are compliant, it would be stated in the IG and the back-end checks if the combination is allowed
  • you currently only have roles & data categories
  • in DB you have data categories that allow you to check if the role can see that data
  • scty labels would be the start and essential part for access control, for every project we will need other rules as part of the scty framework in Belgium
  • scty label is on resource or attribute level ? or on each individual resource or on bundles of resources
  • scty label will have to be added to all BE implementation guides
  • we will need to have a clearer view on the value sets for each of the use cases to see how implementable it is
  • other elements of the resource might have to be taken into account to check the permission
  • Discuss search for contained resource
Action items
  • Security controls: continue work on valuesets by Brecht
  • Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
  • FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
  • Wednesday 6 Sep at 9AM on security labels