Hacking #FHIR for the benefit of the FHIR community

I am co-chair of the HL7 Security, and IHE IT-Infrastructure working groups. The dominant topic in my scope over the past 5 years has been Privacy and Security of FHIR.  I have three events that are being discussed in three different organizations, each with a different audience, but all with similar needs and goal. Everyone

[ Read More ]

Are there open-source implementations of IHE XCA and XCPD?

 Amazing how hard this is to figure out. So I asked Chat GPT OpenAI Are there open-source implementations of IHE XCA and XCPD? IHE (Integrating the Healthcare Enterprise) XCA (Cross-Community Access) is a set of standards for securely exchanging patient healthcare information across different healthcare organizations and systems. IHE XCPD (Cross-Community Patient Discovery) is a

[ Read More ]

Open GPT as John Moehrke on Privacy Consent

I have played with Open GPT Chat for a couple of weeks. Mostly being scared at how good it is, laughing at the mistakes, and having it write FHIR code. I have seen other bloggers asking Open GPT to write in their voice, so I gave it a try… I didn’t know I had a

[ Read More ]

Privacy Consent on FHIR – looking for initial feedback

IHE has agreed to work on the Privacy Consent on FHIR implementation guide. This is the work that I hinted at in IHE FHIR Privacy Consent IG. I am so happy that it won’t be called BPPCm, although I am not all that happy with “FHIR” in the name as the name should invoke an understanding

[ Read More ]

HL7 FHIR Security & Privacy tutorial – Vegas

 HL7 FHIR Security & Privacy The HL7 FHIR Security & Privacy classroom tutorial describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), how to enable appropriate access by apps and users and how to keep records about what events have been performed

[ Read More ]

IHE FHIR Privacy Consent IG

 IHE IT-Infrastructure has agreed to start a new work item on the topic of Privacy Consent, using FHIR. This minimally would be a re-evaluation of the use-cases in BPPC for use with FHIR Consent, but likely will go beyond that scope simply because of modern needs, modern toolings, and ease at which the FHIR Consent

[ Read More ]

IT-Infrastructure Fall 2022

Releases  Four publications released from IHE IT-Infrastructure, one in Public Comment Release for Public-Comment — Mobile access to Health Document (MHD) – Improvements changed to AuditEvent profiling leveraging Basic Audit Log Patterns (BALP) Release 1.1 changes to RESTful type, and query subtype Added new features Add a Generate Metadata that adds the ITI-106 operation that

[ Read More ]

Security Labeling Service

Data may be “Normal” medical data or “Restricted” medical data. The distinction is for this IG focused purely on data classification for sensitive topics. The various clinical Resources in FHIR are very complex and highly variable. Although Observation is the most often used Resource, sensitive data may exist in ANY other FHIR resource including Allergies,

[ Read More ]

MHD Document Responder: patient.identifier chaining

This is a quick article on a requirement of the MHD Document Responder that may be less obvious to some. The specific requirement is related to chained search parameters, like `patient.identifier`;  `source.given` and `source.family`; and `author.given` and `author.family`. These search parameters have a `.` that indicates that one is to search deeper, aka chaining the

[ Read More ]

eConsent standards

 As with any standard, one more is clearly needed.  as to the different Consent Standards.. I likely don’t know about all of them, but here are some. I am also not indicating that there should be no improvement or even new standards. I just don’t want historic lessons-learned to be lost. for use in Document

[ Read More ]