Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-25669

security pointing to wrong place

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US CARIN Real-time Pharmacy Benefit Check (RTPBC) (FHIR)
    • Pharmacy
    • Security
    • Hide

      Modify the content of the Security page to read:

      FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems. 

      Implementers are expected to follow core FHIR security principles (https://www.hl7.org/fhir/security.html).

      In addition, the FHIR Security and Privacy Module ( http://hl7.org/fhir/R4/secpriv-module.html) describes how to protect patient privacy. 

      Show
      Modify the content of the Security page to read: FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.  Implementers are expected to follow core FHIR security principles ( https://www.hl7.org/fhir/security.html). In addition, the FHIR Security and Privacy Module  ( http://hl7.org/fhir/R4/secpriv-module.html ) describes how to protect patient privacy. 
    • Pooja Babbrah / Jean Duteau : 8-0-1
    • Clarification
    • Non-substantive
    • 0.1.0

    Description

      NEG

      http://hl7.org/fhir/us/carin-rtpbc/2020FEB/Security.html

      • US Core Implementation Guide’s General Security Considerations page doesn't address anything about messaging security approaches and expectations for authentication and authorization between Senders and Receivers of sensitive patient data (e.g., will TLS, mutual-TLS, OAuth, etc. be required to interoperate?). There are several other implementation guides and ongoing initiatives to address these issues including:

      FHIR Data Segmentation for Privacy project
      SMART Application Launch Framework Implementation Guide Release 1.0.0
      FHIR Bulk Data Access (Flat FHIR) (specifically: SMART Backend Services: Authorization Guide)
      FHIR at Scale Taskforce (FAST)
      Dynamic Registration for SMART Apps

      Attachments

        Activity

          People

            Unassigned Unassigned
            ehaas Eric Haas
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: