Cybersecurity

Give me a cyber security check list for FHIR RESTful API Systems

So I asked Gemini, googles latest AI… Cyber Security Checklist for FHIR RESTful API Systems FHIR (Fast Healthcare Interoperability Resources) is a standard for healthcare data exchange. It is important to secure FHIR RESTful API systems to protect sensitive patient data. Here is a checklist to help you secure your FHIR API system: Authentication and

[ Read More ]

IHE IT-Infrastructure Winter 2024

IHE just completed our winter quarter face-to-face meeting, held in Oak Brook IL at the RSNA headquarters. We primarily focused on two IHE-Profiles, and a set of other tasks. The update to PDQm and DSUBm will soon be formally published for Trial-Implementation. PDQm 3.0.0 – adding support for $match operation. DSUBm 1.0.0 – subscription to

[ Read More ]

Provenance use in AI

I have been engaged in a few initiatives around AI/ML, both inside healthcare and broader. I have been engaged to work on a variety of different needs, that all use a variation of Provenance. The following is not a tutorial, but rather an outline of the various ways that Provenance is useful in AI. Useful

[ Read More ]

VIP Patients in #FHIR

The FHIR security tag `VIP` is used to indicate that a patient’s health information is considered to be highly confidential and requires heightened security measures. This may be due to the patient’s public profile, occupation, or other factors. VIP is a designation of a person, not a designation of the data.  To use the VIP

[ Read More ]

Standards for Accounting of Disclosures

I was asked lately if there are standards that support “Accounting of Disclosures”. The use-case of Accounting of Disclosures is specific to the USA, but the broader concept is an expected Privacy Principle. The broader concept of an Access Report, or a Report of Data Uses, would inform a data subject of any use of their

[ Read More ]

IHE IT-Infrastructure Fall 2023

The IHE IT-Infrastructure committee has approved four milestones; sIPS, NPFS, DSUBm, and PDQm match alternative. This winter quarter will be a lighter load, recognizing the holidays: Patient Scheduling, prospective look at FHIR R5/6, and evaluating impact of Gender Harmony.   This article is published before these are formally published, so I include a (will be at)

[ Read More ]

Teaching an AI/ML/LLM should be a distinct PurposeOfUse

I have been thinking about a specific need around AI/ML. That is, that when data are being requested/downloaded for the intent of feeding to a Machine Learning; this action should be distinguished from a request for Treatment. This came up on a TEFCA/QTE call this week, where a question was posed as to how a

[ Read More ]

Test Interactions in a Production Environment

I covered how to include Test data in Production Environments using the HTEST tag. That article explained how data that is not real patient data, that is to say ‘test’ data, would be tagged with HTEST. This is a clear indication of what data in the Production Environment is test data vs not test data.

[ Read More ]

California Bill 352 – aka sex and gender sensitivity

The following question(s) were asked today, and I figure my response is informative to a broader audience. Has anyone implemented anything pertaining to this? Prevent the disclosure, access, transfer, transmission, or processing of medical information related to gender affirming care, abortion and abortion-related services, and contraception to persons and entities outside of this state in

[ Read More ]

IHE Basic Audit Log Patterns using #FHIR AuditEvent

The Basic Audit Log Patterns (BALP) is a Content Profile that defines some basic and reusable AuditEvent patterns. The Audit Log Patterns defined rely on the ATNA Profile for transport of the AuditEvent and query/retrieval of AuditEvents previously recorded. The patterns defined may be used as they are, or further refined to specific use-cases. Where

[ Read More ]