This page is part of the PACIO Personal Functioning and Engagement Implementation Guide (v2.0.0-ballot: STU 2 Ballot 1) based on FHIR (HL7® FHIR® Standard) R4. The current version which supersedes this version is 1.0.0. For a full list of available versions, see the Directory of published versions
Security and Data Sharing
General Considerations
Implementation of the Personal Functioning and Engagement IG involves communication of patient-specific clinical information across multiple parties, which requires proper security and privacy protections to avoid malicious or unintentional exposure of such information. All exchanges of data under this IG must be secured appropriately in transit and ensure access is limited only to authorized individuals, which may include the person the information is about, that person’s caregivers, payers paying for the associated services, or other individuals or entities who have permission to use the information.
Security Considerations and Guidance
All implementers of the Personal Functioning and Engagement IG SHOULD follow the HL7® FHIR® Security guidance, Security and Privacy Module, the FHIR Implementer’s Safety Checklist guidance as defined in the FHIR standard, and US Core security recommendations where applicable and not otherwise superseded by this section of the Personal Functioning and Engagement IG.
- The FHIR Security specification provides guidance related to communication security, authentication, authorization/access control, audit, digital signatures, attachments, labels, narrative, and input validation. The FHIR security specification is available here.
- The FHIR Security and Privacy Module describes access control and authorization considerations to protect a FHIR server, how to document permissions granted, and how to keep records of performed events. The FHIR Security and privacy module is available here.
- The FHIR Implementer’s Safety Checklist helps implementers to be sure that they have considered all the parts of FHIR that impact their system design regarding safety. The FHIR safety check list is available here.
- The US Core IG provides specific requirements and guidance for US Realm IGs around security, privacy, and auditing. The US Core IG is available here.
Security Requirements
For the purposes of the Personal Functioning and Engagement IG, additional security conformance requirements are as follows:
Exchange Security
- In order to protect sensitive patient data while in transit between systems, the exchange of information using the Personal Functioning and Engagement IG SHALL support Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246) or a more recent version of TLS for transport layer security.
- Server implementations that expect to support browser-based javascript applications SHOULD enable Cross-Origin Resource Sharing (CORS) for REST operations. See the Communications section of the FHIR security page for additional details and recommendations on safely enabling CORS.
Authentication and Authorization
To prevent unauthorized access to sensitive data, implementers SHALL use at least one of the following:
- The security requirements from the US Core Implementation Guide,
- The SMART on FHIR App Launch Framework,
- SMART on FHIR Backend Services,
- Mutually authenticated TLS, or
- Unified Data Access Profiles (UDAP) recommended by the ONC FHIR At Scale Taskforce (FAST) security tiger team.