Healthcare Exchange Standards: HL7 Security & Privacy Tutorial: July 12-14

Tuesday, June 14, 2022

HL7 Security & Privacy Tutorial: July 12-14

HL7 FHIR Security & Privacy

The HL7 FHIR Security & Privacy online class describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), how to enable appropriate access by apps and users and how to keep records about what events have been performed (audit logging and provenance).

Virtual Classroom : July 12-14

This will be a refreshed version of the Tutorial I have given annually to HL7 2021, 2020, and 2019. Each year I do update and enrich the content. More, if you ask questions.

My slides are freely available on google slides at this easy to type address http://bit.ly/FHIR-SecPriv. Each time I give the tutorial I update these master slides. So each time you go there you will see the latest set of slides. Some slides do have notes, and there are additional detail in slides that I don't cover during the tutorial.

In the past, I have had to compress these into two parts, but will be able to give them in the natural three parts

Part 1 - Basics

Security Principles
Privacy Principles
Basic Security and Privacy Considerations

Anonymous Read
Business Sensitive
Individual Sensitive
Patient Sensitive
Not Classified

HTTP[S] - TLS
Authentication & Authorization

SMART on FHIR
IUA
Mutual-Authenticated TLS

Access Denied Responses

Part 2 - FHIR capability

Provenance

Basic
Digital Signature

Audit Logging

Audit Reporting
Audit Purging

Consent - for Privacy

HEART
Permission

Attribute Based Access Control

Security Tags
Compartments / Clearance
Obligations

Break-Glass
De-Identification

Part 3 - Practical application

Multiple Organization Provider Directory

using relational linking

Multiple Organization Profile Directory

using security tags as compartments with clearance

Extra-Sensitive Treatment

Share with Protections

De-Identified Research

Note that ALL of these topics have been covered in this blog. See Security Topics, Consent/Privacy, and FHIR for index to these articles.

Notes and references that I posted after last years presentation

No comments:

Post a Comment

HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, FHIR®, and GREENCDA™ are trademarks owned by Health Level Seven International. HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, and FHIR® are registered with the United States Patent and Trademark Office.

Surely there are other copyright and trademarks that I should recognize, but everyone else seems to be reasonable; expecting readers of blogs know that I am not trying to claim or take ownership of their copyright and trademarks.

Pages