Stream: implementers
Topic: Concept to minimize data accessible by an Application/User
Christopher Schildt (Jun 05 2019 at 06:36):
Hi
I was in the last days wondering, if there are any best practices how to minimize the data that is accessible by an Application or User on a Attribute base. If (as example) if have an Application that needs only to show a very limited amount of attributes of Patient (e.g. First, Last Name and DOB), what would be the proposed way to do so if i want to avoid the possiblity to any additional data at all.
Because just opening the FHIR Api, as i understand it, would lead to two problems
- Performance (i would transfer by far too much data), which could be mitigated using the elements field for querying
- Data Privacy (i do not want to transfer more data that is required in any case, to reduce the risk of leaking data)
For the second one i currently have not seen any solution, as form my understanding most security concepts are to be interpreted on application level or are much more coarse graing.
Is there any proposal/best practice how to configure the security in a way, that only certain attributes of resources will be shown to a user, or would we rather see the FHIR server in such scenarios more as a SQL database, i.e. it should not be reachable by the application user, but only by the application which filters the results provided to the enduser? Which would mitigate the problem somehow, but still render the solution vulnerable if either the isolation breaks, or your application has an injection vulnerability.
Grahame Grieve (Jun 05 2019 at 09:58):
@Chris Grenz has been using profiles for this. I think it's too complex for people, but there's a writeup somewhere...
Chris Grenz (Jun 05 2019 at 10:05):
See here: https://github.com/chrisgrenz/FHIR-Primer/wiki/Profile-Governed-API
Last updated: Apr 12 2022 at 19:14 UTC
