Revisit security requirements - 2016-09 qicore #51

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • US QI Core (FHIR)
    • DSTU2
    • Clinical Quality Information
    • Quality Improvement Core (QI-Core) Implementation Guide
    • Privacy
    • Hide

      Agreed, given that this is not the focus of QI-Core, we will relax the SHALL constraints to SHOULDs, and add a reference to the FHIR Implementer's Patient Safety Checklist with language to indicate implementers should follow best practices, but prescriptive statements along these lines are not within the scope of QI-Core.

      Show
      Agreed, given that this is not the focus of QI-Core, we will relax the SHALL constraints to SHOULDs, and add a reference to the FHIR Implementer's Patient Safety Checklist with language to indicate implementers should follow best practices, but prescriptive statements along these lines are not within the scope of QI-Core.
    • Bryn Rhodes/Anne Smith: 7-0-0
    • Enhancement
    • Non-substantive
    • DSTU2

      Comment:

      I'm not sure we should mandate these particular security requirements. I'm not sure this should be a focus of this content profile IG. Perhaps we should change these to recommended practices, with the SHALL restricted to appropriate methods of authentication, authorization, and logging.

      Summary:

      Revisit security requirements

            Assignee:
            Unassigned
            Reporter:
            Kensaku Kawamoto
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: