FHIR Chat · Security of FHIR · implementers

Stream: implementers

Topic: Security of FHIR

view this post on Zulip Raja Moiz (Sep 14 2021 at 07:42):

If HL7 is paid then why FHIR is free? what is the credibility and security of FHIR, can you let me know?

view this post on Zulip John Moehrke (Sep 14 2021 at 13:17):

FHIR is an Interoperability Standard specification. I think you might be confusing this with a software product.

view this post on Zulip Daniel Venton (Sep 14 2021 at 13:18):

I'll take a stab at this. The reason the FHIR API and resource definitions are free is because if they were proprietary, then nobody would implement them. HL7 is a not-for profit, industry funded organization to promote the exchange of clinical data (among other things I imagine). If you had to license the ability to use FHIR then there would be less adoption, less adoption would mean less interoperable, which would be contrary to HL7 goals.

I don't know how to answer the "credibility and security of FHIR" question. HL7 doesn't guarantee security in any way, security is implemented by each implementer. You have to decide whether you trust the security of _your implementation_ and the security of _every other implementation_ that you interact with, HL7 can't do that for you.

view this post on Zulip Lloyd McKenzie (Sep 14 2021 at 22:19):

In some cases, security isn't that relevant - e.g. hosting a read-only interface of information that's public knowledge. There's a whole section in the FHIR specification dealing with security considerations. Implementation Guides may set specific security expectations based on their particular threat environment.

FHIR being 'free' is actually an innovation in the standards space. Prior to the existence of FHIR, you needed to pay to have access to any of HL7's standards - which greatly diminished the set of potential implementers. (Though even with that limitation, HL7 v2 and CDA both managed a significant degree of success.) When FHIR was introduced, we wanted to ensure that it was easily accessible to app developers, the open source community and others for whom registration fees to access and use the standard would be a significant barrier. When the intellectual property for FHIR was transferred to HL7, it was done on the condition it be made freely available. A few years after that decision, HL7 opted to make all of its intellectual property available for free, though only FHIR and its IGs are licensed under Creative Commons 0 (i.e. fully public domain) licenses. HL7 is now funded by those who choose to be benefactors, those who pay so they can participate in the standards balloting process (to have a greater say in how the standard evolves), through grants from organizations like the U.S. Office of the National Coordinator, and through funding from education services and conferences.

view this post on Zulip Raja Moiz (Sep 15 2021 at 04:27):

Thank you guys, this information was very helpful.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -