Stream: implementers
Topic: PII in FHIR Search Parametere
Kapil (Nov 03 2020 at 17:54):
Hello,
got query around, how to deal with PII data that flow as part of resource search/query parameters? in case of cloud based deployment typically all requests are logged at API gateway end point offered by most cloud vendors. so isnt this introduces risk of HIPAA violation or compromising patient identity (e.g. search by Patient MRN) ? your views please.
Lloyd McKenzie (Nov 03 2020 at 19:42):
Whether sent in the URL or in the body, transmitted information can be logged - so all logs need to be appropriately protected. Some organizations may have a policy that requires searches to be sent in the body vs. the URL, but that doesn't necessarily provide better protection.
Last updated: Apr 12 2022 at 19:14 UTC
