From June 2020 until October 2020 an ad-hoc working group met on a weekly basis and has put together security recommendations when using HL7 FHIR (release 1).
WG participants for release 1 were:
- Erwin Bellon, UZ Leuven
- Nick Hermans, UZ Leuven
- Damien Giry, RSW
- José Costa Teixeira, HL7 Belgium chair
- Robin Bosman, eHealth Platform
- Félix De Tavernier, Abrumet/RSB
- Pablo d'Alcantara, Abrumet/RSB
- Pieter Devolder, UZ Gent/IHE Belgium user co-chair
- Daniel Homerin, RSW
- David Casagrande, RSW
- Bart Rondou, recip-e
- Karlien Erauw, Agoria/IHE Belgium vendor co-chair
You can consult a summary of the recommendations here.
The first release of the document can be found here.
This document provides a first common approach to data exchange and security. The basic mechanisms are described throughout the document. From the discussions that led to this document and from the feedback, the implementation guidance in this document must be further detailed and specified. For example, the implementation of Mutual Authentication or a common standardized specification for End-to-End encryption are possible - and necessary - next steps. This future work should build upon - and hopefully enrich - the international guidance and knowledge that exists in the HL7 FHIR community. Working group meetings are happen in 2021 on Friday noon.