This page is part of the FHIR Specification (v5.0.0: R5 - STU). This is the current published version in it's permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2
Security Work Group | Maturity Level: 1 | Standards Status: Trial Use |
This specification recommends the use of W3C Digital Signatures or JSON Digital Signatures for digital signatures. Resources can be signed using the Provenance resource to carry a detached digital signature . The Signature datatype is available to support various signature types including non-repudiation purposes. Further details on creation and validation of Signatures are defined.
In addition, documents may be signed using an enveloped signature. A specification for enveloped signature is profiled in the IHE DSG profile .
Neither of these definitions prohibits policies that accept the use of other ways of using digital signatures or scanned wet signatures.
Note to Implementers: The use of signatures with RESTful interfaces is a poorly understood area, and we would welcome reports of implementation experience. See discussion on use of Digital Signature in FHIR
Feedback is welcome here .