Stream: FHIR at Scale (FAST): Exchange with/without intermediaries
Topic: Signed Resource
Patrick Murta (Oct 19 2021 at 12:50):
@Gino Canessa , at our last meeting, you mentioned the 'signed' resource approach as playing into this solution. I see this as complementary but not part of the core solution but perhaps I am not fully appreciating your perspective. Do you have a link or can you provide additional information?
Gino Canessa (Oct 19 2021 at 15:13):
Hi Patrick, I'm trying to remember exactly what we were talking about, but it's been a minute =). But generally speaking, I think that signatures and/or Provenance are going to be an important part of the story once data starts being routed through intermediaries.
For example, if I am not receiving a MedicationRequest directly from Provider A, how do I know it is authentic? There is an assumed level of trust via the intermediary, but it opens up a lot of vectors for a bad actor. E.g., Bad Actor B telling an intermediary that a record came from Provider A.
I think that when we talk about things like patient matching, it is even more important to have a story for provenance/chain of trust. If the patient demographics weren't an exact match, I may want/need to do additional verification before dispensing a controlled substance, etc.
With all of that said, I am not sold yet on the current story in FHIR for signing and Provenance (though I believe Provenance is a closer fit). I'll also be upfront and say that I don't have a better story - right now I'm working* on trying to fully qualify/describe the problem space. Thus far, I believe it is the same set of issues for intermediaries as it is for a patient-centric flow (e.g., I have my records on my local device and want to give them to a new provider), so I think it's something that will be getting more attention in the near future.
*"working" is probably too generous until my schedule opens up more, but I'm at least "thinking" =)
Last updated: Apr 12 2022 at 19:14 UTC
