Stream: implementers
Topic: Security and Encryption - examples / guidelines
Jose Costa Teixeira (May 30 2020 at 08:40):
I'd like to reach out to the community and ask for examples or guidance around using encryption with FHIR implementations - are production systems using SMART on FHIR?
Anyone using end-to-end encryption? And how?
I would look for comparative analysis of possible options, advantages disadvantages, or examples of success (or failure).
Ideally any risk-oriented analysis, with risks and mitigations
Jose Costa Teixeira (May 30 2020 at 08:41):
Or even simple statements of "this is how we are doing this in out system / country"
Mareike Przysucha (May 30 2020 at 11:23):
There is a Security and privacy stream. Perhaps you find ideas/answers there.
Jose Costa Teixeira (May 30 2020 at 11:32):
This implementers stream is a broader channel, and I want to seek information or awareness from a broader group about such comparisons, preferences, guidelines etc. from implementers, not only from security-minded people (I've discussed some details there).
Any pointers are welcome
Michele Mottini (May 30 2020 at 13:14):
are production systems using SMART on FHIR
Yes. EHR that have public-facing FHIR end points in the US uses SMART on FHIR for authorization (eventually all providers and health plans in the US would use it, it is mandated by regulation)
Jose Costa Teixeira (May 30 2020 at 14:19):
Is there any documented rationale for that choice, e.g. comparison between using SMART and another alternative?
Jose Costa Teixeira (May 30 2020 at 14:20):
Curious about what is happening in Germany and north Europe in terms of transport security -
René Spronk (May 30 2020 at 15:32):
AFAIk the Dutch MedMij projects is based on SMART-like usage of OAuth2 and scopes.
Last updated: Apr 12 2022 at 19:14 UTC
