2015May sdc #155 - Add discussion of security labels, etc.

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Not Persuasive with Modification
    • Priority: Medium
    • Structured Data Capture (SDC) (FHIR)
    • DSTU1
    • FHIR Infrastructure
    • (profiles) [deprecated]
    • Hide

      Candidate disposition from discussion 2015/06/11

      AuditEvent expectations are already documented in terms of "equivalent to ATNA". It is out of scope for this project to define the use of security labels, provenance and consent. Different environments may have differing requirements. For example, in some cases, consent may be covered in bulk as part of clinical trial enrollment. In other cases it might be blanket "opt in/opt out". In other cases it might be done at a granular level.

      We will revise the security page to relax the existing security requirements such that expectations for TLS, auditing, authentication, etc. will only be imposed for transactions conveying patient data. TLS will be recommended for form retrievals.

      There is no expectation that data elements will be used to manage the population of QuestionnaireAnswers. For SDC, DataElements are only used during Questionnaire design and to guide auto-population/pre-population.

      Show
      Candidate disposition from discussion 2015/06/11 AuditEvent expectations are already documented in terms of "equivalent to ATNA". It is out of scope for this project to define the use of security labels, provenance and consent. Different environments may have differing requirements. For example, in some cases, consent may be covered in bulk as part of clinical trial enrollment. In other cases it might be blanket "opt in/opt out". In other cases it might be done at a granular level. We will revise the security page to relax the existing security requirements such that expectations for TLS, auditing, authentication, etc. will only be imposed for transactions conveying patient data. TLS will be recommended for form retrievals. There is no expectation that data elements will be used to manage the population of QuestionnaireAnswers. For SDC, DataElements are only used during Questionnaire design and to guide auto-population/pre-population.
    • Enhancement
    • Non-substantive
    • DSTU1

      Comment:

      Include how SDC implementers should utilize the FHIR Security Labels, AuditEvent and Provenance Resources, and Consent Directive profile to meet the privacy and security requirements of their domains. Also, include a detailed end to end workflow about how DataElements are generated and used by SDC Questionnaire and any use case for employing these to manage QuestionnaireAnswer.

            Assignee:
            Unassigned
            Reporter:
            Kathleen Connor
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: