Protecting patient information within HL7 FHIR

Keeping information secure is of paramount importance to any industry – but none more so than in healthcare.

A citation from Personal data for the public good by The Academy of Medical Sciences in London states:

“Ignoring patients’ rights to confidentiality would lose their trust, and might prevent people from seeking help when needed. Confidentiality preserves individual dignity, prevents information misuse, and protects autonomous decision making by the patient.”

This definition perfectly encapsulates how important it is to maintain patient confidentiality and security – but with time and resources constantly stretched, fresh ways to maintain patient confidentiality in the modern era must be sought.

Security considerations

This is why HL7 FHIR (Fast Healthcare Interoperability Resources) is so important.

Setting the standard for exchanging healthcare information electronically, it ensures that data is stored and disseminated in the most secure way possible, allowing an holistic approach towards patient welfare and healthcare consultation through the secure flow of information.

FHIR is the latest specification for HL7, and can be used as a standalone data exchange or existing systems can be integrated with it.

The HL7 FHIR security specification gives 11 considerations that organisations need to take into account. These include:

Time keeping
Communications security
Authentication
Authorisation and access control
Audit
Digital signatures
Attachments
Labels
Data management policies
Narrative
Input validation

All these factors allow HL7 FHIR to disseminate information securely to healthcare practitioners, keep records as to what has been done with this information, and document the permissions that users have granted when it comes to their own information.

So – let’s dive into a few of these areas in more detail, and explore how they help to keep your patient data safe.

Authentication

FHIR’s servers are used to ensure that only people with the proper credentials are accessing this information. FHIR gives different levels of permissions based on case use and risk management, and their systems are designed to protect information as much as possible.

Servers can authenticate an entire system or an individual through OpenID Connect, which verifies the identity of users and forms an extra layer of security on OAuth (the recommended tool to authenticate a user or system).

Authorisation and access control

The correct identification of people, devices and locations is the foundation of any security system.

FHIR uses Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). With RBAC, permissions are grouped into roles and if a user’s role has the proper permission, they can gain access to the specific object required.

With ABAC, a user’s access request is based on the attributes and conditions of access control policies for a specific object. Those attributes may include security tags, environment conditions and other user and object characteristics.

Access control in healthcare is often complex. The client’s user identity, user role and level of assurance is one factor, the patient’s consent and relationship to the user must be considered, the sensitivity, confidentiality and type of data requested is important and the context of the transaction (system identity, purpose of use, transport security) are all important criteria for approving or denying access.

How people search for information is also important when it comes to keeping information secure with HL7 FHIR. Chained search, security labels, resources such as Bundle and Composition, and batch and transaction processing are some ways information can be gathered that HL7 FHIR needs to consider when ensuring that appropriate individuals and systems are given access.

If an approach has been denied, HL7 FHIR lets that person know by one of four ways: 401 ‘unauthorized’, 403 ‘forbidden’ or 404 ‘not found’ pages will show up, or zero results will be shown on data requested.

User identity

The functional or structural role of a user is identified when accessing information through HL7 FHIR, which is related to the function the user is trying to interact with.

The Security Role Vocabulary and Purpose of Use Vocabulary are used to convey this, and a purpose of use is asserted for every action that’s requested.

The OAuth authorisation service manages requested actions for resources to ensure information is kept as secure as possible.

Security labels

HL7 FHIR uses security labels that have specific metadata attached to certain resources. This allows the access control decision engine to determine what can be returned to the user, what caveats are attached to any data sent and approve or deny any request.

Security labels allow greater flow of data because policy fragments are enabled and accompanied within the data.

Disclosures and access reports

The AuditEvent resource gives patients the opportunity to be informed about how their data is collected, used and disclosed through HL7 FHIR, ensuring that the dissemination of any information can be scrutinised if requested.

This can be a paper copy, PDF, or FHIR report and the report discloses who has accessed data, what data has been accessed, where and why this data was accessed.

Digital signature

HL7 FHIR protects information through digital signatures that must prove authenticity, integrity and non-repudiation.

FHIR Resources are often parts of a patient’s medical record or communicated as part of medical documentation. This means there is a need to bind a signature to certain data so that parties receiving or using this information can verify the authenticity of where that information has come from and who has authorised its use by another party. Any changes to data makes the digital signature invalid, which is why the digital signature is applied at the end to any changes to data.

Patient confidentiality is always one of the highest priorities within any healthcare setting. That’s why HL7 FHIR adopts stringent security measures to ensure that information is fully secured and patient data remains confidential.

Do you need to learn more about how information is secured through HL7 FHIR?

6B has a vast amount of expertise in providing bespoke, innovative healthcare solutions, building well over 100 systems that have improved efficiency, transparency and better health outcomes.

If you want to learn more about why 6B is a great fit for healthcare interoperability, integration and to make the best use of HL7 FHIR, get in touch with us.

Speak with a designer today