This page is part of the FHIR Specification (v0.4.0: DSTU 2 Draft). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

2.14.2.2 General Security Considerations

Most of the DAF transactions make use of patient-specific information which could be exploited by malicious actors resulting in potential exposure of patient data. For this reason, all DAF transactions must be appropriately secured with access to limited to authorized individuals, data protected while in transit and appropriate audit measures taken.

Implementers should be aware of the security considerations associated with FHIR transactions, particularly those related to:

• Communications
• Authentication
• Authorization/Access Control
• Audit Logging
• Digital Signatures

For the purposes of DAF, security conformance rules are as follows:

• Systems SHALL use TLS version 1.0 or higher for all transmissions not taking place over a secure network connection.
  (Using TLS even within a secured network environment is still encouraged to provide defense in depth.)
• Systems SHALL use OAuth or an equivalent mechanism to provide necessary authentication (user or system-level).
  The existing IHE IUA profile specifies how to use OAuth tokens when accessing RESTful resources. Note: OAuth standards and profiles are still in flux and as such this requirement will be replaced in future with newer releases of IHE IUA or equivalent profiles.
• Systems SHALL use either IHE's ATNA standard for audit logging or an equivalent using the SecurityEvent resource
• Where workflow requires digital signatures on forms or on answer submissions, implementers SHALL make use of the Provenance resource to record such signatures.

2.14.2.2 Consent

The DAF FHIR Implementation Guide does not specify how to use Patient Consent currently, however as new FHIR resources or profiles become available to express Consent, the Implementation Guide will reference them and apply the necessary requirements. It is the responsibility of the DAF actors to ensure that any necessary consent records exist and are reviewed prior to each exchange of patient-identifiable healthcare information. This verification should be logged in the same manner as other transactions, as discussed above under General Security Considerations.