Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-30263

IG needs to define how keys will be exchanged for encryption

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US Making EHR Data More available for Research and Public Health (MedMorph) (FHIR)
    • 0.1.0
    • Public Health
    • US Public Health PlanDefinition
      US Public Health PlanDefinition Action Codes
    • Provisioning Workflow Specification
      Report Submission
    • Hide

      Add an extension to the PlanDefinition to indicate the following 

      • URL for the Public Key of the Recipient
      • Encryption Algorithm to be used along with the public key for encrypting.

      When the publisher of the Knowledge Artifact decides to use the Encryption Action, they have to populate the above extension for the encryption action to be performed by the Backend Service App. If the action is selected but the above extension is not populated, then the Backend Service App will not perform the encryption action and may fail to perform a submission depending on the use case error handling requirements.

      Show
      Add an extension to the PlanDefinition to indicate the following  URL for the Public Key of the Recipient Encryption Algorithm to be used along with the public key for encrypting. When the publisher of the Knowledge Artifact decides to use the Encryption Action, they have to populate the above extension for the encryption action to be performed by the Backend Service App. If the action is selected but the above extension is not populated, then the Backend Service App will not perform the encryption action and may fail to perform a submission depending on the use case error handling requirements.
    • Becky Angeles / Genny Luensman : 31 - 0 - 0
    • Correction
    • Compatible, substantive

    Description

      The IG states that reports may be encrypted before they are sent from the Backend Service app to where they are going. This statement is made in various locations such as the pages referenced in the ticket as well as through the definition of an action to use in the PlanDefinition. However, there is no mention as to how keys will be exchanged between disparate parties to perform the encryption and ensure that the data can be encrypted once it arrives at it's destination. If this specification expects to allow for automation of these types of actions then it needs to define how the keys will be shared between the systems. This could be as simple as piggy backing on the smart bulk data configuration and stating that there needs to be encryption keys defined in the keyset as well as signing keys , but it needs to be defined somehow.

      Attachments

        Activity

          People

            nageshbashyam Nagesh Bashyam
            rdingwell Rob Dingwell
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: