Release 5
Security and PrivacyThis page is part of the FHIR Specification (v5.0.0: R5 - STU). This is the current published version in it's permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions 
. Page versions: R5 R4B R4 R3 R2
| Security Work Group | Maturity Level: 1 | Standards Status: Trial Use |
This specification recommends the use of W3C Digital Signatures
or JSON Digital Signatures for digital signatures.
Resources can be signed using the Provenance resource to carry a
detached digital signature .
The Signature datatype is available to support various signature types including non-repudiation purposes.
Further details on creation and validation of Signatures are defined.
for support of Long Term signatures . The XAdES-X-L specification adds the timestamp of the signing, inclusion of the signing certificate, and statement of revocation. for support of Long Term signatures.
In addition, documents may be signed using an
enveloped
signature. A specification for enveloped signature is profiled in
the IHE DSG profile .
Neither of these definitions prohibits policies that accept the use of other ways of using digital signatures or scanned wet signatures.
Note to Implementers: The use of signatures with RESTful interfaces is a poorly understood area, and we would welcome reports of implementation experience. See discussion on use of Digital Signature in FHIR
Feedback is welcome here
FHIR ®© HL7.org 2011+. FHIR R5 hl7.fhir.core#5.0.0 generated on Sun, Mar 26, 2023 15:26+1100.
Links: Search |
Version History |
Contents |
Glossary |
QA |
Compare to R4 |
Compare to R4B |
|
Propose a change