Security Tutorials on mHealth Security and Auditing - #FHIR

The two presentations that I gave at the HL7 meeting Wednesday afternoon “Free Security Tutorial”, and again at the Joint Security/EHR/FHIR/SOA meeting on Thursday; are posted on the HL7.org web site. They are:

Security Education: mHealth Security and FHIR

This presentation is made up of current viewpoint

on mHealth security basics, risk-assessment models, network communications security, and user identity and access management. This information is on the HL7 FHIR site, and will improve over the coming month. Front and center is the IHE-Internet User Authorization (IUA) profile, a profiling of oAuth 2.0. Much of the material I cover is also covered on my blog at the following:

• Healthcare: Fail Open vs Fail Closed
• Safety vs Privacy
• IEC 80001 - Risk Assessment to be used when putting a Medical Device onto a Network
• Security Considerations: Healthcare RESTful Resource specifications
• Privacy and Security in Designing an mHealth Application
• mHealth Solution
• Security Considerations: Healthcare RESTful Resource specifications
• IHE efforts in RESTful security
• IHE mHealth Hackathon
• The Magic of FHIR – The HL7 movement toward REST resources, away from v3 and v2 
• IHE Mobile access to Health Documents - Trial Implementation
• Securing RESTful services

Security Education: Security/Privacy Audit Logging and Reporting

This presentation is made up of current viewpoint of Security/Privacy Audit logging using IHE-ATNA and the FHIR-SecurityEvent resource. Much of the material I cover is also covered on my blog at the following:

• Simplifying Security Audit Standards
• Testing your ATNA Audit Log implementation
• MU Patient Engagement - Activity History Log
• Patient Data in the Audit Log
• IHE - Privacy and Security Profiles - Audit Trail and Node Authentication
• Accountability using ATNA Audit Controls
• ATNA and Accounting of Disclosures
• ATNA audit log recording of Query transactions