HL7 FHIR Security & Privacy
The HL7 FHIR Security & Privacy classroom tutorial describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), how to enable appropriate access by apps and users and how to keep records about what events have been performed (audit logging and provenance).
My slides are freely available on google slides at this easy to type address http://bit.ly/FHIR-SecPriv. Each time I give the tutorial I update these master slides. So, each time you go there you will see the latest set of slides. Some slides do have notes, and there is additional detail in slides that I don't cover during the tutorial.
actual Classroom : January 17 afternoon at the HL7 Workgroup meeting in Vegas
This will be a refreshed version of the Tutorial I have given mostly annually to HL7. Each year I do update and enrich the content. More, if you ask questions.My slides are freely available on google slides at this easy to type address http://bit.ly/FHIR-SecPriv. Each time I give the tutorial I update these master slides. So, each time you go there you will see the latest set of slides. Some slides do have notes, and there is additional detail in slides that I don't cover during the tutorial.
I will have to compress these into just two parts, so look for some of this to not be covered
Part 1 - Basics
- Security Principles
- Privacy Principles
- Basic Security and Privacy Considerations
- Anonymous Read
- Business Sensitive
- Individual Sensitive
- Patient Sensitive
- Not Classified
- HTTP[S] - TLS
- Authentication & Authorization
- SMART on FHIR - Covered more by Rob on Monday Afternoon
- IUA
- Mutual-Authenticated TLS
- Access Denied Responses
Part 2 - FHIR capability
- Provenance
- Basic
- Digital Signature
- Audit Logging
- Audit Reporting
- Audit Purging
- Consent - for Privacy
- Permission
- Attribute Based Access Control
- Security Tags
- Compartments / Clearance
- Obligations
- Break-Glass
- De-Identification
Part 3 - Practical application
- Multiple Organization Provider Directory
- using relational linking
- Multiple Organization Profile Directory
- using security tags as compartments with clearance
- simple ABAC
- Extra-Sensitive Treatment
- Share with Protections
- Proxy server to multiple
- De-Identified Research
Note that ALL of these topics have been covered in this blog. See Security Topics, Consent/Privacy, and FHIR for index to these articles.
Note this is NOT a SMART-on-FHIR tutorial - See that one on Monday Afternoon
Love these slides John, invaluable
ReplyDelete