Having completed the HL7 FHIR Security and Privacy tutorial, I have found that there are links in my presentation that might be useful to itemize in a more web friendly way. Some people can't go to google presentation, some struggled with quickly typing them in. So here are the links from my presentation.
The presentation slides are at http://bit.ly/FHIR-SecPriv
I always edit them there, so any improvements made over time will appear. So using that link you will always get the current slides.
HL7 does have recordings of this weeks presentation. Those that signed up, have access to these recordings. Those that did not sign up can pay to get access.
The FHIR core specification has the following main security pages
- Security and Privacy Module
- Security Principles
- Security Labels
- Signatures Discussion
- Signature Datatype
- Consent Resource
- Provenance Resource
- Audit Event Resource
IETF Best Current Practice for
- TLS -- BCP 195
- HTTP -- BCP 56
- OAuth -- not yet assigned a number, but draft available
SMART-on-FHIR presentation at November 2020 DevDays - https://youtu.be/2QENYKqF78U?t=2157
- Presentation at http://bit.ly/smart-fhir-tech
- https://docs.smarthealthit.org/
- New version of SMART-on-FHIR draft http://build.fhir.org/ig/HL7/smart-app-launch/
Here is a security hole found in the Spanish COVID Vaccine Credential system that exposes personal demographics (might be more). Likely because there is no access control check if you are providing an id. Creative use of an API must always be considered in a system design.
- FHIR Security call on Mondays 12 noon eastern
No comments:
Post a Comment