FHIR Chat · Security · finnish PHR

Stream: finnish PHR

Topic: Security

view this post on Zulip Harri Honko (Sep 21 2017 at 21:12):

Another review comment was the recently added meta.security element. In Finnish, I got guidance "Metan security profiloitava kieltojen osalta. Asiaa on kuvattu Finnish PHR ImplementationGuidessa, mallia voi myös katsoa muista Finnish PHR -profiileista." - I fail to find any special guidance related to this from the IG that exists in the Simplifier/Finnish PHR project - seems it's as it's all in FHIR basic specs (?). Missing the right guide? Is there ANYTHING special specific to the FI-PHR related to security, or can e.g. the existing Finnish PHR vital signs profiles' meta.security elements be used as a 1:1 copies on new profiles?

view this post on Zulip Harri Honko (Sep 21 2017 at 21:25):

Commonly on use of security labels within FHIR: https://www.hl7.org/fhir/security-labels.html

view this post on Zulip Harri Honko (Sep 25 2017 at 19:04):

I now updated the Fitness base profile's meta.security a binding to the Finnish confidentiality value set, http://phr.kanta.fi/ValueSet/fiphr-vs-confidentiality.

view this post on Zulip Mika Tuomainen (Sep 27 2017 at 10:23):

More detailed guidance is coming to Profiling Guidelines (still under construction)

The implementation guide just gives an overview for consent exceptions. Mainly it describes the consent resource and security patterns (how to use meta.security).

Here is draft text from the profiling guidelines

Consent exception (resource.meta.security)

The user can restrict healthcare professional's access to user's data giving consent exceptions. The consent exceptions are specified with security labels mechanism of the FHIR standard. A security label is attached to a resource to provide specific security metadata about the information in the resource.

Resource.meta.security SHALL be defined in all profiles
- Value set binding SHALL be Value Set Finnish PHR Confidentiality (https://simplifier.net/FinnishPHR/fiphr-vs-confidentiality)
-- Value set binding SHALL be required
-- security.system SHALL be mandatory 1..1 and SHALL be fixed to http://hl7.org/fhir/v3/Confidentiality
-- security.code SHALL be mandatory 1..1
-- security.display SHALL be mandatory 1..1
-- security.version SHALL be removed 0..0
-- security.userSelected SHALL be removed 0..0

Example of these profilings can be found for example in Finnish PHR Vital Signs profile:
https://simplifier.net/FinnishPHR/fiphr-vitalsigns-stu3

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -