Pages

Monday, November 14, 2022

HL7 FHIR Security & Privacy tutorial - Vegas

 HL7 FHIR Security & Privacy

The HL7 FHIR Security & Privacy classroom tutorial describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), how to enable appropriate access by apps and users and how to keep records about what events have been performed (audit logging and provenance).

actual Classroom : January 17 afternoon at the HL7 Workgroup meeting in Vegas

This will be a refreshed version of the Tutorial I have given mostly annually to HL7. Each year I do update and enrich the content. More, if you ask questions.

My slides are freely available on google slides at this easy to type address http://bit.ly/FHIR-SecPriv. Each time I give the tutorial I update these master slides. So, each time you go there you will see the latest set of slides. Some slides do have notes, and there is additional detail in slides that I don't cover during the tutorial.

I will have to compress these into just two parts, so look for some of this to not be covered

Part 1 - Basics

  • Security Principles
  • Privacy Principles
  • Basic Security and Privacy Considerations
    • Anonymous Read
    • Business Sensitive
    • Individual Sensitive
    • Patient Sensitive
    • Not Classified
  • HTTP[S] - TLS
  • Authentication & Authorization
  • Access Denied Responses

Part 2 - FHIR capability

  • Provenance
    • Basic
    • Digital Signature
  • Audit Logging
    • Audit Reporting
    • Audit Purging
  • Consent - for Privacy
    • Permission 
  • Attribute Based Access Control
    • Security Tags
    • Compartments / Clearance
    • Obligations
  • Break-Glass
  • De-Identification

Part 3 - Practical application

  • Multiple Organization Provider Directory
    • using relational linking
  • Multiple Organization Profile Directory
    • using security tags as compartments with clearance
  • simple ABAC
  • Extra-Sensitive Treatment
    • Share with Protections
  • Proxy server to multiple
  • De-Identified Research

Note that ALL of these topics have been covered in this blog. See Security TopicsConsent/Privacy, and FHIR for index to these articles.
   

Note this is NOT a SMART-on-FHIR tutorial - See that one on Monday Afternoon

1 comment: