Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-33926

security and privacy considerations

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium
    • FHIR Data Segmentation for Privacy (FHIR)
    • 0.3.0
    • Security
    • STU
    • Security and Privacy Considerations
    • Hide

      The section does address non-patient sensitivities. We added additions from the 202105 section. We will rewrite the second sentence and amend the following sentence with the red font:
      This IG should be used in combination with a Privacy and Security Framework, such as the Da Vinci Guiding Principles (http://hl7.org/fhir/security.html#http), and risk assessment based on the FHIR Security Module, which provides guidance to support Communications, Authentication, Authorization, Privacy Consent, Audit Logging, Provenance, Security Labels, etc.

      Show
      The section does address non-patient sensitivities. We added additions from the 202105 section. We will rewrite the second sentence and amend the following sentence with the red font: This IG should be used in combination with a Privacy and Security Framework, such as the Da Vinci Guiding Principles ( http://hl7.org/fhir/security.html#http ), and risk assessment based on the FHIR Security Module, which provides guidance to support Communications, Authentication, Authorization, Privacy Consent, Audit Logging, Provenance, Security Labels, etc.
    • Beth Pumo / John Moehrke: 7-0-0
    • Enhancement
    • Non-substantive
    • 0.3.0

    Description

      The first paragraph may be opened up. I think it would be better to indicate that although most of the examples used are related to patient based sensitivities; the concept presented is applicable to needs beyond just patient sensitivity. Including business sensitivity, worker sensitivity, etc.

      This IG covers Security Label tagging, which supports, but is not sufficient to assure all aspects of FHIR security and privacy and the label or the labeled information in a policy-specific profile of this IG. Typically, the information in scope for this IG is patient sensitive, however, his IG could be profiled for use with non-patient information such as population health or business information.

       

      Attachments

        Activity

          People

            k.connor Kathleen Connor
            john_moehrke John Moehrke
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: