Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36467

Need a section on privacy/security

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US Da Vinci DTR (FHIR)
    • 1.0.0 [deprecated]
    • Clinical Decision Support
    • Requesting Additional Information from the User [deprecated]
    • Hide

      Will move to the security/privacy section.  However, it's not complete/sufficient. Will update as follows:

      • should be pointing to the HRex security/privacy page as a foundation
      • should be addressing the fact that data is going to be auto-populated that may be sensitive - so there may be a need for a human to review and confirm that the information is appropriate to be shared (and be able to remove it without risk of it being put back if they wish)
      • that the app may not have access to certain data for retrieval because of security considerations

      Will not handle hidden/read-only questions yet (may become a separate ticket). Same for "other things". 

      Show
      Will move to the security/privacy section.  However, it's not complete/sufficient. Will update as follows: should be pointing to the HRex security/privacy page as a foundation should be addressing the fact that data is going to be auto-populated that may be sensitive - so there may be a need for a human to review and confirm that the information is appropriate to be shared (and be able to remove it without risk of it being put back if they wish) that the app may not have access to certain data for retrieval because of security considerations Will not handle hidden/read-only questions yet (may become a separate ticket). Same for "other things". 
    • Bob Dieterle / Jeff Brown : 12-0-2
    • Enhancement
    • Compatible, substantive

    Description

      "If information is privacy restricted, the information SHOULD be treated as if it does not exist. The provider SHOULD ask the patient if they want to share the information with the payer."

      This seems like guidance that belongs in a security/privacy section.  However, it's not complete/sufficient:

      • should be pointing to the HRex security/privacy page as a foundation
      • should be addressing the fact that data is going to be auto-populated that may be sensitive - so there may be a need for a human to review and confirm that the information is appropriate to be shared (and be able to remove it without risk of it being put back if they wish)
      • that the app may not have access to certain data for retrieval because of security considerations
      • whether 'hidden' or 'readOnly' questions are allowed - and if so, what constraints there are on what they contain
      • other things?

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            lloyd Lloyd McKenzie
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: