This page is part of the Documentation Templates and Rules (v0.1.0: STU 1 Ballot 1) based on FHIR R3. The current version which supercedes this version is 1.0.0. For a full list of available versions, see the Directory of published versions

Privacy, Safety and Security

Guidance and conformance expectations around privacy and security are provided by all three specifications this implementation guide relies on. Implementers SHALL be familiar with and adhere to any security and privacy rules defined by:

• FHIR core: Security & Privacy module, Security Principles and Implementer’s Checklist
• CDS Hooks: Security & Safety
• SMART on FHIR: SMART App Launch

It should be noted that there are multiple actors with potential access to patient information. The implementation and deployment of these actors will have an impact on if and when patient information is transmitted from a provider organization to a payer organization.

​Some SMART on FHIR applications are browser based, such as those conforming to the public app profile. In this scenario, patient information is communicated from the EHR system to the DTR application through the EHR’s FHIR endpoint. In this case, unless the DTR application takes explict actions to send the information back to the payer organization, it will reside only in the provider organization.

​Other SMART on FHIR applications are server based, such as those conforming to the confidential app profile. In this case, patient data will be requested by the server hosting the DTR application. This may be external to the provider organization.

Note to ballot comments

This is an area the project is explicitly seeking comments on. Thoughts on the whether EHR systems should be required to support specific SMART on FHIR application profiles or comments on restrictions that should be applied to what payer organizations may do with any received patient information are welcome.