Cybersecurity

Security Labeling Service

Data may be “Normal” medical data or “Restricted” medical data. The distinction is for this IG focused purely on data classification for sensitive topics. The various clinical Resources in FHIR are very complex and highly variable. Although Observation is the most often used Resource, sensitive data may exist in ANY other FHIR resource including Allergies,

[ Read More ]

MHD Document Responder: patient.identifier chaining

This is a quick article on a requirement of the MHD Document Responder that may be less obvious to some. The specific requirement is related to chained search parameters, like `patient.identifier`;  `source.given` and `source.family`; and `author.given` and `author.family`. These search parameters have a `.` that indicates that one is to search deeper, aka chaining the

[ Read More ]

eConsent standards

 As with any standard, one more is clearly needed.  as to the different Consent Standards.. I likely don’t know about all of them, but here are some. I am also not indicating that there should be no improvement or even new standards. I just don’t want historic lessons-learned to be lost. for use in Document

[ Read More ]

IHE IT-Infrastructure Summer 2022

 Four publications released from IHE IT-Infrastructure, three in development: Release for Public-Comment — Sharing of Valuesets, Codes, and Maps (SVCM) — This is now published in Implementation Guide format, previously in PDF supplement format. This IHE-Profile (aka Implementation Guide) provides guidance on how to implement the sharing of terminology ValueSets, CodeSystems, and ConceptMaps. It is

[ Read More ]

Break-Glass

 I was asked to explain how Break-Glass works. There is not a solitary answer, as the context is very important. Define Break-Glass  A method used by authorized clinical people to gain access to information that the patient has indicated they want held more confidential, when that clinician has made a medical assessment that there is

[ Read More ]

RESTful search using POST vs GET on #FHIR

I got a Question:  Can you address a specific example of the intersection of FHIR standards and OWASP guidance?  The FHIR spec allows for sensitive ids such as patient identifier to be used on the query string when searching for a patient.  See the following:https://try.smilecdr.com:8000/baseR4/Patient?identifier=47However, the folks at OWASP consider this practice a vulnerability:https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url Information

[ Read More ]

IHE-Connectathon around the world and back

IHE-Connectathon is scheduled for September 12-16, 2022. IHE-USA — https://www.iheusa.org/ihe-na-connectathon — Atlanta IHE-Europe — https://connectathon.ihe-europe.net/connectathon-2022 — Switzerland Everywhere — virtual — anywhere around the globe or space-stations Many FHIR based IHE – Profiles (Implementation Guides) will be tested, in addition to the other popular Interoperability specifications from IHE. There will even be some testing of HL7 published

[ Read More ]

IHE Most Salient – based on specification use analytics

IHE, especially the IT-Infrastructure domain, has been publishing specifications in HTML format and Implementation Guide format on a new web site — https://profiles.ihe.net.   This web site is enabled with Google Analytics. Thus there is some data available that indicates which parts of the IT-Infrastructure specifications are of interest. Presuming they are interesting because they are used.

[ Read More ]