Faites-nous part de vos impressions sur le Serveur terminologique, et aidez-nous à améliorer nos services! Vous avez jusqu’au 3 décembre 2024 pour répondre au sondage. Votre avis nous intéresse! En savoir plus >

Partager :

Partager
Partager
  1. Forum
  3. Working Groups
  5. FHIR® Implementations
  7. Recent FHIR Security and Privacy Webinar

file Recent FHIR Security and Privacy Webinar

  • Messages : 169
il y a 4 ans 4 mois #6170 par Joel Francis
Recent FHIR Security and Privacy Webinar a été créé par Joel Francis
Hi All,

I wanted to share my leanings from the recent HL7 FHIR Security and Privacy Webinar.

Speak John Moehrke
Architect: Healthcare Informatics Standards - Interoperability, Privacy, and Security
CyberPrivacy – Enabling authorized communications while respecting Privacy
IHE Co-Chair IT Infrastructure Planning & Technical Committee
HL7 Co-Chair Security WG, FHIR FMG, FHIR facilitator, and
FHIR Foundation founding member
HITRUST Certified CSF Practitioner

What topics were covered?

• Working understanding of privacy and security mechanics
• Introductory knowledge and use of FHIR security mechanics
• A clear understanding of the FHIR consent, provenance and AuditEvent resource


A few things stood out for me:

Provenance resource not intended to be used by Security, Operations or Auditors but by the people who view and use the data. The AuditEvent is what is used to monitor and capture all events (not just data creation)

The Consent resource can not only capture positive consent but also dissent (negative)
1. Consent resource just points at scanned paper
2. Consent resource points at Questionnaire Response
3. Consent with encoded context
4. Consent with depth .provisions (PERMIT vs DENY)
5. Consent using external rules encoding (XACML)

What technologies and frameworks are used for authentication and authorization

Authentication:
Mutual-Authenticated-TLS
API Key
SAML SSO Profile
OAuth 2.0
Cascading OAuth
Open-ID Connect
User Managed Access (UMA)

Authorization:
SMART-on-FHIR
SMART for Bulk Data Access
IHE Internet User Authorization (IUA)
SAML encapsulated
HEART (a healthcare variant of UMA)

What is the general stack and FHIR Resources that are used?

Is transport secure? https
Who is the user? OpenID Connect
What App/Device? OAuth client_id & scopes
What may the user/role do? Access Control rules
What the Patient authorized? Consent Resource
Where does this data come? Provenance Resource
What just happened? AuditEvent


I just wanted to share and encourage you all to attend the webinar if it is hosted again to get a broader understanding of how security mechanics work in FHIR

Thanks,

Joel Francis

Connexion ou Créer un compte pour participer à la conversation.

  1. Forum
  3. Working Groups
  5. FHIR® Implementations
  7. Recent FHIR Security and Privacy Webinar

Logo d'InfoCentral

La santé numérique à votre service

 

Transformer les soins de santé au Canada grâce aux technologies de l'information sur la santé.

Nous joindre