Stream: Security and Privacy
Topic: Privacy and use of documents / resources
Jose Costa Teixeira (Jun 03 2020 at 08:08):
In our recent discussions, we have started looking at the privacy impact of using Documents vs Resources.
Documents are esaier to manage in terms of segmentation - It's relatively easy / slow-changing to say "this document contains this information, so it may be seen by these actors".
If we look at Resource-level access, this becomes much more complicated.
Jose Costa Teixeira (Jun 03 2020 at 08:08):
My current view is that this is simply a matter of data segmentation (albeit a slightly skewed notion of "segmentation").
Is this true? What should we consider there?
Jens Villadsen (Jun 03 2020 at 09:18):
well ... Documents are resources - so its more: a single resource vs. a collection of resources
Jose Costa Teixeira (Jun 03 2020 at 09:25):
Yes,
"documents" = "defined, coherent, immutable, authored sets of resources" (not only the fact it is a collection)
"resources" = granular access to data
Jens Villadsen (Jun 03 2020 at 13:26):
security will always be a pain in the bum - especially for documents as it may contain information where parts of it shouldn't be viewed by "everybody".
John Moehrke (Jun 03 2020 at 15:57):
as Jens indicates, there is no fundamental access-control difference between documents and resources. Especially when one recognizes that a resource can contain other resources. There are entry-level segmentation tagging methods for CDA documents, similar to FHIR (although FHIR is more clean and distinct). the access control decision either allows the object to be used in the way the requester asked, or denies access. It does not matter if it is a document, or a resource.
John Moehrke (Jun 03 2020 at 15:58):
I do prefer documents as a useful sized object to apply external access control against, where as there certainly are more scale issues with FHIR Resource. But this is just scale issue, not fundimentals.
John Moehrke (Jun 03 2020 at 16:00):
lastly, when one releases FHIR resources to an external body they will be delivering a set of resources in a Bundle. Either a FHIR Document, Search Set, Message, Batch/Transaction, etc... thus the Bundle in that case is very similar to the Document in your case. In that the top level assessment is about the whole Bundle / Document; where there can be segmentation indicators (Security tags/labels) on various distinct content within that Bundle / Document.
Last updated: Apr 12 2022 at 19:14 UTC
