Minutes - Security WG 2023-10-18

Attendees

• Bart Decuypere
• Benny Verhamme
• Brecht Van Vooren
• Brian Thieren
• Dominiek Leclerq
• Elien De Koker
• Félix De Tavernier
• Hanne Vuegen
• Jean-Michel Polfliet
• Karlien Erauw
• Maxime Caucheteur
• Philippe Baise
• Steven Van den Berghe
• Werner De Mulder

Excused/Not present

• Anthony Maton
• Cyprien Janssens
• Didier Temans
• Erwin Bellon
• Filip Veldeman
• Filoretta Velica
• Isabelle Pollet
• Jan Lenie
• Jan Stinissen
• José Costa Teixeira
• Marco Busschots
• Nick Hermans
• Nico Vannieuwenhuyze
• Stef Hoofd

Agenda

• review feedback on pseudonymization of FHIR resources
• proposal

Minutes

• Pseudonymization technical document: there is an urge from some eHealth projects to move forward faster due to the deadlines on some projects (Vialink FHIR and UHMEP project)

• there have been discussions on a higher level outside the HL7 Belgium community and the decision was to publish asap
• the proposal fitted the projects so it will be published
• an IG in architecture & security will be published, following the slides discussed the previous weeks, the work on the technical artefacts is still ongoing but will be ready in the coming days

• this will not include an overview of the pseudonymization service, it is linked to the cookbook that is published

• We review on how the feedback from the 20 Sept meeting on pseudonymization

• is it possible to have a shorthand for f.e. SSIN

• this is possible but however there is no real use for it. The transit info should be used to transform the pseudonym to its eventual form, because the pseudonym is different for every transmission. This form is not suitable to be stored or processed otherwise.
• On top, this will impact the validation of pseudonymized and non-pseudonymized resources, because of the additional slice to be added to pseudonymizable resources.
• extensions are not preferable, what if you don't store it ; but pseudonymized is not an unique identifier so it could not be used this way
• what about blinding/unblinding (see cookbook): not clear yet

• reuse info from header and omit it from the FHIR message

• Each pseudonym has its own transit info, even if you use the “multiple” functionality

• how to solve the search problem for pseudonymized resources?

• size of getRequest is limited, however there is an alternative in the FHIR standard, using post syntax
• search can done using POST and POST url syntax because of the size of the search parameters
• how will we express the parameters ? There are 2 options:

• treat parameter as composite parameter using a separate token, concatenation using a $ sin
• encode pseudonym in a JWE string, this will have a double impact of Base64 encoding

• which option do we agree upon ?

• this is not a FHIR query, therefore the composite

• this is only for solutions that use pseudonymization

• Discuss search for contained resource

• see issues 255 and 257 in referral project

Action items

• Security controls: continue work on valuesets by Brecht
• Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
• FHIR readiness of Belgian metahub-hub system: see preparation work

Next meetings

• Wednesday 15 Nov at 9AM