Stream: implementers
Topic: Pass Patient sensitive Information
Mahmoud Alakraa (Apr 16 2017 at 23:23):
Hi,
Mahmoud Alakraa (Apr 16 2017 at 23:23):
We want to transfere Password choosen by patient as a part of patient resource, and we are confused what is the best way to pass this sensitive information throw the connection?
Sunanda Veeraganti (Apr 17 2017 at 07:22):
it is better to have the authentication information outside patient resource. Patient password should be stored seperately. You can create a custom extension to pass the login and password information
John Moehrke (Apr 17 2017 at 11:55):
@Mahmoud Alakraa FHIR is a data model and interaction model for the healthcare specifics. It is designed to be built on-top of normal http REST security models. Such as SMART profile of OAuth. The security workgroup has worked hard to keep security out of the model, and in re-usable security layers. This is not to say that security (passwords) are 'more sensitive'; that is not the point. The point is to separate the layers, and leverage technology (security) that is developed for all types of domains.
Mahmoud Alakraa (Apr 17 2017 at 22:06):
thank you very much @John Moehrke @Sunanda Veeraganti
nicola (RIO/SS) (Apr 23 2017 at 05:44):
This issue related not only to password extension. Many of our clients asked for such type of functionality. Couple of times we discussed ability to introduce resource attributes filters or masks. Now FHIR search has _elements parameter, but it does not work with read and other operations - i would recommend to introduce something like VisibleElements resource, which could be attached to Operation and interpreted like filter for resource content.
Grahame Grieve (Apr 23 2017 at 10:39):
_elements does work with read
Last updated: Apr 12 2022 at 19:14 UTC
