Difference between revisions of "Minutes - Security WG 2023-07-12"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) (Created page with "===== Attendees ===== * Anthony Maton * Bart Decuypere * Brian Thieren * Dominiek Leclerq * Félix De Tavernier * Hanne Vuegen * Jean-Michel Polfliet * José Costa Teixeira...") |
KarlienErauw (talk | contribs) |
||
| Line 41: | Line 41: | ||
::::* on top, define a Codesystem/valueset with allowed security labels in a Belgian context | ::::* on top, define a Codesystem/valueset with allowed security labels in a Belgian context | ||
::* for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic | ::* for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic | ||
| + | ::::* scty label would be sent by the GP softs - how can we ensure that they are compliant, it would be stated in the IG and the back-end checks if the combination is allowed | ||
| + | ::* [https://hl7-be.github.io/data-access/access-control.html see diagram]: you see the roles & the access rules | ||
| + | ::::* you currently only have roles & data categories | ||
| + | ::::* in DB you have data categories that allow you to check if the role can see that data | ||
| + | ::* scty labels would be the start and essential part for access control, for every project we will need other rules as part of the scty framework in Belgium | ||
| + | ::* scty label is on resource or attribute level ? or on each individual resource or on bundles of resources | ||
| + | ::* scty label will have to be added to all BE implementation guides | ||
| + | ::* we will need to have a clearer view on the value sets for each of the use cases to see how implementable it is | ||
| + | ::::* other elements of the resource might have to be taken into account to check the permission | ||
| − | + | * Discuss search for contained resource | |
| − | + | ::* see [https://github.com/hl7-be/referral/issues/255 issues 255] and [https://github.com/hl7-be/referral/issues/257 257] in referral project | |
===== Action items ===== | ===== Action items ===== | ||
Revision as of 07:41, 12 July 2023
Attendees
- Anthony Maton
- Bart Decuypere
- Brian Thieren
- Dominiek Leclerq
- Félix De Tavernier
- Hanne Vuegen
- Jean-Michel Polfliet
- José Costa Teixeira
- Karlien Erauw
- Maxime Caucheteur
- Philippe Baise
- Werner De Mulder
Excused/Not present
- Benny Verhamme
- Brecht Van Vooren
- Cyprien Janssens
- Didier Temans
- Elien De Koker
- Erwin Bellon
- Filip Veldeman
- Isabelle Pollet
- Jan Lenie
- Jan Stinissen
- Marco Busschots
- Nick Hermans
- Nico Vannieuwenhuyze
- Stef Hoofd
- Steven Van den Berghe
Agenda
- security labels: combination of 2 proposals as sent in
- contained resources & search options
Minutes
- We review the proposal on the use of security labels in Belgium
- the scty labels are there for the system to check if the HCP can see the content or not
- proposal is a combination of
- add security labels to all BE profiles as must support
- on top, define a Codesystem/valueset with allowed security labels in a Belgian context
- for UHMEP: do they have legal value or not ? yes because they refer to the access matrix but UHMEP would have its own logic
- scty label would be sent by the GP softs - how can we ensure that they are compliant, it would be stated in the IG and the back-end checks if the combination is allowed
- see diagram: you see the roles & the access rules
- you currently only have roles & data categories
- in DB you have data categories that allow you to check if the role can see that data
- scty labels would be the start and essential part for access control, for every project we will need other rules as part of the scty framework in Belgium
- scty label is on resource or attribute level ? or on each individual resource or on bundles of resources
- scty label will have to be added to all BE implementation guides
- we will need to have a clearer view on the value sets for each of the use cases to see how implementable it is
- other elements of the resource might have to be taken into account to check the permission
- Discuss search for contained resource
- see issues 255 and 257 in referral project
Action items
- Security controls: continue work on use cases for permission and consent
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Next meetings
- Wednesday 6 Sep at 9AM
