security pointing to wrong place

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • US CARIN Real-time Pharmacy Benefit Check (RTPBC) (FHIR)
    • Pharmacy
    • Security
    • Hide

      Modify the content of the Security page to read:

      FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems. 

      Implementers are expected to follow core FHIR security principles (https://www.hl7.org/fhir/security.html).

      In addition, the FHIR Security and Privacy Module ( http://hl7.org/fhir/R4/secpriv-module.html) describes how to protect patient privacy. 

      Show
      Modify the content of the Security page to read: FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.  Implementers are expected to follow core FHIR security principles ( https://www.hl7.org/fhir/security.html). In addition, the FHIR Security and Privacy Module  ( http://hl7.org/fhir/R4/secpriv-module.html ) describes how to protect patient privacy. 
    • Pooja Babbrah / Jean Duteau : 8-0-1
    • Clarification
    • Non-substantive
    • 0.1.0

      NEG

      http://hl7.org/fhir/us/carin-rtpbc/2020FEB/Security.html

      • US Core Implementation Guide’s General Security Considerations page doesn't address anything about messaging security approaches and expectations for authentication and authorization between Senders and Receivers of sensitive patient data (e.g., will TLS, mutual-TLS, OAuth, etc. be required to interoperate?). There are several other implementation guides and ongoing initiatives to address these issues including:

      FHIR Data Segmentation for Privacy project
      SMART Application Launch Framework Implementation Guide Release 1.0.0
      FHIR Bulk Data Access (Flat FHIR) (specifically: SMART Backend Services: Authorization Guide)
      FHIR at Scale Taskforce (FAST)
      Dynamic Registration for SMART Apps

            Assignee:
            Unassigned
            Reporter:
            Eric Haas
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: