Stream: implementers
Topic: Multi tenancy in FHIR
Matthew Steer (Apr 11 2019 at 14:42):
I can't find much information about this. We want our FHIR server to support multi-tenancy. We're expecting several different hospitals that we work with to be calling our API, but of course hospital X absolutely must not be able to GET data belonging to hospital Y. Can anyone point me in the right direction? Or does this model need to be implemented entirely outside the FHIR standard?
Lloyd McKenzie (Apr 11 2019 at 14:46):
So long as your authentication layer can identify what hospital is creating or accessing the data, your security layer should be able to support this. How your store the 'owner' of the data is up to you. If your persistence layer is FHIR-based, you could use Resource.meta.source or an extension to track the creating organization. (Though you might want meta.source to be more granular and to allow tracking of data that's owned by a hospital but came from outside the hospital, so the extension might be a better bet.)
John Moehrke (Apr 11 2019 at 14:49):
This is an implementation system design topic, not a topic that an API would cover. You might leverage the security mechanisms we have put into FHIR, but there is no pre-specified security architecture. http://build.fhir.org/secpriv-module.html
Matthew Steer (Apr 11 2019 at 16:11):
That's perfect, thanks for the answers.
Last updated: Apr 12 2022 at 19:14 UTC
