FHIR Chat · is any UDAP work occurring in Security via the recent PSS? · Security and Privacy

Stream: Security and Privacy

Topic: is any UDAP work occurring in Security via the recent PSS?

view this post on Zulip Isaac Vetter (Mar 04 2021 at 23:06):

Hey Friends! Is there any UDAP work occurring in any of the weekly Security calls, due to the recently approved PSS? If so, which meeting? (Choices are Security main, Security ballot work, Security FHIR).

view this post on Zulip John Moehrke (Mar 05 2021 at 14:00):

I don't think a conclusion has been drawn. I have offered the Monday FHIR-Security, or to schedule a sub-group call for this topic. @Luis Maas ?

view this post on Zulip David Pyke (Mar 05 2021 at 14:01):

Let's do a sub-group call for it. Doodle time!

view this post on Zulip Luis Maas (Mar 05 2021 at 16:02):

@Isaac Vetter the currently planned time for the subgroup is second and fourth Tuesdays from 11-12AM Pacific Time, beginning March 9.

view this post on Zulip David Pyke (Mar 05 2021 at 16:04):

Luis, can you (or a Security co-chair) add that to the HL7 ConCall list?

view this post on Zulip John Moehrke (Mar 05 2021 at 16:13):

I didn't know this had been decided. I can add it to the calendar now that I know.

view this post on Zulip John Moehrke (Mar 05 2021 at 16:21):

I just added it to the HL7 calendar http://www.hl7.org/concalls/CallDetails.aspx?concall=54741

view this post on Zulip Matt Randall (Mar 05 2021 at 16:38):

Out of curiosity, is there a specific UDAP specification/profile that is being targeted for discussion? Or would that be the first topic?

view this post on Zulip Luis Maas (Mar 08 2021 at 19:06):

@John Moehrke, thanks for adding to calendar
@Matt Randall, regarding scope, trusted dynamic registration, authentication, and authorization are all in scope. The PSS can be found here outlining the intended output, and listing some background links to the ONC FHIR at Scale Taskforce Security Tiger Team draft solutions/recommendations document.
The plan is to start from these existing UDAP draft IGs:
-IG for Registration and Authorization of Consumer-Facing Health Apps
-IG for Registration and Authorization of Business-to-Business Health Apps
The current Carequality FHIR implementation guide is also a relevant input.
Hope to see you all tomorrow!

view this post on Zulip John Moehrke (Mar 09 2021 at 20:02):

Our first call was today, and @Luis Maas gave a great introduction to the solution.
I have corrected the HL7 meeting invite to be on the 2nd and 4th Tuesday of the month (previously I set it up as every-other-week).
We will be coordinating all activities on a folder in the security https://confluence.hl7.org/display/SEC/FAST%3A+Scalable+Registration%2C+Authentication%2C+and+Authorization+for+FHIR+Ecosystem+Participants

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -