Stream: fhir/infrastructure-wg
Topic: Bulk FHIR Ballot Reconciliation Wed Q4
Michael Donnelly (May 08 2019 at 19:39):
How should JWK Set caching work?
https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=21751
Michael Donnelly (May 08 2019 at 19:39):
How should JWK Set caching work?
Michael Donnelly (May 08 2019 at 19:49):
Michael Donnelly moved and @Nick Robison seconded that we will add:
- The client SHOULD return a “Cache-Control” header in its JWKS response
- The authorization server SHALL NOT cache a JWKS for longer than the client's cache-control header indicates.
- The authorization server SHOULD cache a client's JWK Set according to the client's cache-control header; it doesn't need to retrieve it anew every time.
Passed 6/0/2
Michael Donnelly (May 08 2019 at 19:50):
Optionality of security layer weakens interoperability
https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=21695&start=0
Michael Donnelly (May 08 2019 at 19:52):
There are some implementations that use creative mechanisms to download the bulk data files once they're generated. The SMART Backend Services guide was developed with this use case in mind.
Michael Donnelly (May 08 2019 at 19:53):
Currently we're only recommending this. If SMART Backend Services doesn't meet a systems needs, we should improve that guide.
Michael Donnelly (May 08 2019 at 19:53):
CMS doesn't have a way currently to do Bulk FHIR with OAuth 2 that meets their security and engineering goals.
Michael Donnelly (May 08 2019 at 19:54):
Would CMS provide a different security layer in addition to OAuth 2. 0 or instead of it?
Instead.
Michael Donnelly (May 08 2019 at 19:55):
Can CMS comment on the guide to try to enhance it to get it to meet their needs too?
Yes, that's why Nick is here this week.
Michael Donnelly (May 08 2019 at 19:58):
Is Bulk Data different from the rest of FHIR? Is this more important here?
It's not more important, but this is an IG, so we need to get into more detail than the base spec needs.
Michael Donnelly (May 08 2019 at 19:58):
Can we make a profile for the IG, where the profile defines the requirement to use OAuth 2.0 instead of the base IG?
Michael Donnelly (May 08 2019 at 19:59):
Maybe? Seems confusing.
Michael Donnelly (May 08 2019 at 20:00):
Could we say that servers either have to do OAuth 2.0 or CMS's delegated authorization scheme? And clients have to do whatever the server they're connecting to does?
Michael Donnelly (May 08 2019 at 20:02):
What's CMS's issue?
The ACOs they work with aren't downloading the data directly; third parties are doing it for them, so they need a way to say who's allowed to get the data for them.
Michael Donnelly (May 08 2019 at 20:04):
Could we say that Bulk FHIR requires SMART Backend Services, and later CMS can incorporate delegated authorization into SMART Backend Services?
Michael Donnelly (May 08 2019 at 20:04):
People seem to feel okay about that.
Michael Donnelly (May 08 2019 at 20:05):
CMS could come back later to change either Bulk FHIR or SMART.
Michael Donnelly (May 08 2019 at 20:08):
Healthy discussion about how much this should be locked down.
Michael Donnelly (May 08 2019 at 20:08):
ONC could specify a requirement to use the Bulk Data IG and the SMART Backend Services Guide.
Michael Donnelly (May 08 2019 at 20:10):
In practice, the security layer will be negotiated between parties.
Michael Donnelly (May 08 2019 at 20:11):
There was a motion to require SMART Backend Services that died for lack of a second.
Michael Donnelly (May 08 2019 at 20:17):
@Nick Robison moved to find the ballot comment not persuasive, @Javier Espina seconded.
The motion passed with 3 votes for, 2 against, and 4 abstaining.
Michael Donnelly (May 08 2019 at 20:18):
From Robert's Rules Of Order Newly Revised In Brief by Henry M. III Robert, William J. Evans, Daniel H. Honemann & Thomas J. Balch:
Do abstention votes count?
The phrase “abstention votes” is an oxymoron, an abstention being a refusal to vote. To abstain means to refrain from voting, and, as a consequence, there can be no such thing as an “abstention vote".
In the usual situation, where either a majority vote or a two-thirds vote is required, abstentions have absolutely no effect on the outcome of the vote since what is required is either a majority or two thirds of the votes cast. On the other hand, if the vote required is a majority or two thirds of the members present, or a majority or two thirds of the entire membership, an abstention will have the same effect as a “no” vote. Even in such a case, however, an abstention is not a vote.
Michael Donnelly (May 08 2019 at 20:18):
Support encryption in bulk data
https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=21051
Michael Donnelly (May 08 2019 at 20:22):
CMS is working on per-client payload encryption.
Michael Donnelly (May 08 2019 at 20:23):
Nobody else has had an issue with this yet; encryption in motion (TLS) is necessary but encryption at rest hasn't been needed for any other use cases.
Michael Donnelly (May 08 2019 at 20:23):
Does FHIR support indicating that data are encrypted in the base FHIR spec?
No.
Michael Donnelly (May 08 2019 at 20:24):
Should that be part of the Bulk FHIR spec?
Michael Donnelly (May 08 2019 at 20:24):
That wouldn't drive implementers toward compatibility with the specification.
Michael Donnelly (May 08 2019 at 20:28):
One thing that's tempting (but maybe not a good idea) would be to have an optional keyMap in the file to point at a descriptor about how to decrypt the file (e.g. a decryption algorithm and params).
Michael Donnelly (May 08 2019 at 20:28):
CMS is happy to have conversation with the community about how to do this.
Michael Donnelly (May 08 2019 at 20:29):
What was the threat assessment about this?
If someone gained access to the file system, unencrypted files could expose PHI.
Michael Donnelly (May 08 2019 at 20:31):
If we're going to encrypt these files, we should have the opportunity to compress them first.
Michael Donnelly (May 08 2019 at 20:38):
@Isaac Vetter moved to find the comment non-persuasive with mod and to revisit the topic when CMS brings back a proposal. @Chris Grenz seconded. The motion passed with 7 votes for, 0 against, and 2 abstaining.
Michael Donnelly (May 08 2019 at 20:40):
Reconcile $export vs $everything
https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=21050&start=0
Michael Donnelly (May 08 2019 at 20:47):
$export is more specific than $everything (kind of)
Michael Donnelly (May 08 2019 at 20:48):
$export means
- async
- ndjson format
- a group of patients
$everything means
- either one patient or all patients
Michael Donnelly (May 08 2019 at 20:50):
One view: $everything is for replicating a FHIR server. Converting from one system to another.
Michael Donnelly (May 08 2019 at 20:53):
Does $everything set an inaccurate expectation for clients? Would they be disappointed if they asked for "everything" and just got USCDI?
Michael Donnelly (May 08 2019 at 21:06):
Michael moved to find this non-persuasive. @Adam Culbertson seconded.
The motion passed with 4 votes for, 1 against, and 4 abstaining.
Michael Donnelly (May 08 2019 at 21:21):
We will keep the $export name. Although the target data set is similar, the group sees different use cases for the operations.
Over time, $everything has adopted aspects of the $export operation. In the future, PA may want to more fully reconcile the $everything operations with $export.
Michael Donnelly (May 08 2019 at 21:21):
Q4 ended. Comments in this topic aren't my opinions or arguments, they're notes on the discussion that took place at the WGM.
Michele Mottini (May 08 2019 at 23:07):
If we're going to encrypt these files, we should have the opportunity to compress them first.
Yes yes - this is important
Michael Donnelly (May 09 2019 at 00:20):
@Chris Grenz made that point, but I believe everyone in the room agreed.
Brian Postlethwaite (May 15 2019 at 00:52):
Another note on $everything is that the server can decide what supporting resources are to be included in the set (such as Organization or Practitioner resources referenced by the clinical data)
Last updated: Apr 12 2022 at 19:14 UTC
