Privacy  Considerations

Infoway has developed a privacy primer, Privacy as an Enabler, that provides an introduction to interoperability, an overview of Canadian privacy laws and some practical approaches to privacy for interoperability. It delves into the role privacy plays in the creation of interoperable health systems. It addresses the myth that privacy laws mean patient data can’t be shared. The primer outlines how privacy laws enable the sharing of patient data by providing guidance on how to share health data safely, with a patient’s consent, and the responsibilities of both parties when patient information is shared.

Download the privacy primer here: Privacy as an Enabler: Sharing Personal Health Information for Interoperability Primer.

Security Considerations

Fast Healthcare Interoperability Resources (FHIR) is not a security protocol, nor does it define any security related functionality. However, FHIR does define exchange protocols and content models that need to be used with various security protocols defined elsewhere.

FHIR transactions defined as part of the CA:FeX implementation pattern often make use of patient-specific information which could be exploited by malicious actors resulting in exposure of patient data. For this reason, all FHIR transactions must be secured appropriately with access to limited authorized individuals, data protected in transit, and appropriate audit measures taken.

Implementers SHOULD be aware of security considerations associated with FHIR transactions (http://hl7.org/fhir/R4/security.html), particularly those related to:

  • Communications
  • Authentication
  • Authorization/Access Control
  • Audit Logging
  • Digital Signatures
  • Security Labels
  • Narrative

Additionally, many FHIR transactions using HTTP REST will include query parameters that would be identifiers, quasi-identifiers, or sensitive health topics. For example, it is common for patient identifier to be a query parameter. With this URL pattern, the query parameters are typically visible in the server audit log or browser history. The risk from this visibility should be mitigated in system or operational design, by protecting the logs as sensitive data, or by designing other measures into the system to prevent inappropriate exposure.

  • No labels