Hybrid / Intermediary Exchange
0.1.0 - STU 1 Ballot

This page is part of the Hybrid / Intermediary Exchange (v0.1.0: STU1 Ballot 1) based on FHIR R4. The current version which supercedes this version is 1.0.0. For a full list of available versions, see the Directory of published versions

Security

Transport Security

All exchanges in the exchange SHALL use Transport Layer Security (TLS).

  • The inbound gateway intermediary SHALL hold the TLS certificate for the destination’s public FHIR service base URL
  • The destination system and any delegated intermediaries SHALL hold the certificates for their servers’ private URLs.

Trust Determination

In this exchange model, trust is negotiated or established solely between the originator and destination. The destination SHALL determine whether it trusts the originator or not; any intermediaries involved in the exchange SHALL play a passive, “pass through” role in the process.

Required behavior:

  • security tokens generated by the destination for use by the originator SHALL be forwarded by any intermediaries to the originating client.

The FHIR IG referenced below is currently in ballot reconciliation and has not yet been published by HL7. This reference will be updated to the published version of the referenced security guide prior to this guide's publication

Implementers MAY adopt UDAP workflows for client registration, authentication and authorization as described in the HL7 / UDAP Security for Scalable Registration, Authentication, and Authorization FHIR Implementation Guide

Other Security and Privacy Considerations

Implementers of this guide SHOULD follow core FHIR security principles and protect patient privacy as described in the FHIR Security and Privacy Module.

  • The FHIR Security and Privacy Module provides guidance related to communication security, authentication, authorization/access control, audit, digital signatures, attachments, labels, narrative, and input validation. The FHIR security specification is available here.
  • The Security and Privacy Module describes how to protect a FHIR server through access control and authorization, how to document what permissions a user has granted, and how to keep records about what events have been performed.