search

IHE / ITI.PCF

The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
Creative Commons Attribution 4.0 International
2 stars 2 forks source link

[Bug]: Require Grouping With ATNA Instead of BALP #11

Closed slagesse-epic closed 1 year ago

slagesse-epic commented 1 year ago

Contact Details

slagesse@epic.com

Section Number

53.3 PCF Required Actor Groupings

What is wrong

Currently PCF actors are required to be grouped with BALP Audit Creators. However, implementations may wish to record their audits in alternative formats.

Describe the solution you'd like

Group with ATNA Secure Node/Secure Application instead so that all ATNA audit logging options are available.

Relevant log output

No response

Priority

{"High"=>"Important issue where there is major issue to be resolved. Requires discussion and debate."}

Code of Conduct

JohnMoehrke commented 1 year ago

clarify that ATNA is the mandatory grouping, and that BALP provides the audit semantics, and that those semantics can be recorded using FHIR AuditEvent or ATNA AuditMessage schema accordingly.