This page is part of the Da Vinci Unsolicited Notifications (v1.0.0: STU1) based on FHIR R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Security and Privacy

In order to be responsible stewards of data, we will need to follow the data governance laws around sensitive conditions. Sensitive conditions are defined to support masking of clinical data that protects consumer’s privacy and are subject to special disclosure rules which govern the distribution of data to external parties.

The FHIR Security and Privacy Module describes how to protect a patients privacy through de-Identification, pseudonymization, anonymization. FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.

Note to Balloters: We are actively seeking input on security approaches that DaVinci and particularly this IG should adhere to We are aware of the planned FHIR Data Segmentation for Privacy project.