Security
and
Privacy
This
page
is
part
of
the
FHIR
Specification
(v5.0.0:
R5
-
STU
v6.0.0-ballot2:
Release
6
Ballot
(2nd
Draft)
(see
Ballot
Notes
).
This
is
the
The
current
published
version
in
it's
permanent
home
(it
will
always
be
available
at
this
URL).
is
5.0.0
.
For
a
full
list
of
available
versions,
see
the
Directory
of
published
versions
| Security Work Group | Maturity Level : N/A | Standards Status : Informative | Compartments : Device , Patient , Practitioner , RelatedPerson |
Raw XML ( canonical form + also see XML Format Specification )
Example of using Provenance as De-Identifiation linkage with security tag protection, enabling Re-Identification with authorization. (id = "example-anon0")
<?xml version="1.0" encoding="UTF-8"?><!-- a search bundle on anon0 patient by a HIGHLY Priviliaged User that is authorized to see linkage --> <!-- This Provenance shows a link between real-world and anon for a given patient --> <!-- Provenance is the link between real-world and anon, so is highest possible confidentiality --> display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%{http://terminology.hl7.org/CodeSystem/v3-Confidentiality http://terminology.hl7.org/CodeSyst em/v3-Confidentiality}{http://terminology.hl7.org/CodeSystem/v3-ObservationValue http://terminology.hl7.org/CodeSys tem/v3-ObservationValue} policy would indicate the rules used for De-Identification, and appropriate purposes of use of the data <!-- policy would indicate the rules used for De-Identification, and appropriate purposes of use of the data --> <!-- not identified in original patient compartment as should not show up there (confidentiatlt yCode V protected too) --> <!-- De-Identifed equivilant, removing all direct identifiers, and keeping only minimally necessary indirect identifiers --> <!-- De-Identified data, change reference to Patient, eliminate free-text, and fuzz dates --> display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%{http://terminology.hl7.org/CodeSystem/v3-Confidentiality http://terminology.hl7.org/CodeSyst em/v3-Confidentiality}{http://terminology.hl7.org/CodeSystem/v3-ObservationValue http://terminology.hl7.org/CodeSys tem/v3-ObservationValue}<Bundle xmlns="http://hl7.org/fhir"> <id value="example-anon0"/> <!-- a search bundle on anon0 patient by a HIGHLY Priviliaged User that is authorized to see linkage --> <meta> <lastUpdated value="2014-08-18T01:43:30Z"/> <security> <!-- Bundle confidentiality at high water mark of most sensitive --> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="V"/> </security> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-ObservationValue"/> <code value="PSEUDED"/> </security> </meta> <type value="searchset"/> <link> <relation value="self"/> <url value="https://example.com/fhir/Patient/anon0/$everything"/> </link> <entry> <fullUrl value="http://example.org/fhir/Provenance/anon0"/> <resource> <Provenance> <!-- This Provenance shows a link between real-world and anon for a given patient --> <id value="anon0"/> <meta> <security> <!-- Provenance is the link between real-world and anon, so is highest possible confidentiality --> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="V"/> </security> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-ObservationValue"/> <code value="PSEUDED"/> </security> </meta> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b> Generated Narrative: Provenance anon0</b> </p> <a name="anon0"> </a> <a name="hcanon0"> </a> <a name="anon0-en-AU"> </a> <p> Provenance for <a href="broken-link.html">??</a> </p> <p> Summary</p> <table class="grid"><tr> <td> Recorded</td> <td> 2015-06-27T08:39:24+10:00</td> </tr> <tr> <td> Policy</td> <td> <a href="broken-link.html">http://example.org/policies/666</a> </td> </tr> <tr> <td> Activity</td> <td> <span title="Codes:{http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle deidentify}">De-Identify (Anononymize) Record Lifecycle Event</span> </td> </tr> </table> <p> <b> Agents</b> </p> <table class="grid"><tr> <td> <b> Type</b> </td> <td> <b> who</b> </td> </tr> <tr> <td> <span title="Codes:{http://terminology.hl7.org/CodeSystem/provenance-participant-type assembler}">Assembler</span> </td> <td> Device/software</td> </tr> </table> </div> </text> <target> <reference value="http://example.org/fhir/Patient/anon0"/> </target> <recorded value="2015-06-27T08:39:24+10:00"/> <!-- policy would indicate the rules used for De-Identification, and appropriate purposes of use of the data --> <policy value="http://example.org/policies/666"/> <activity> <coding> <system value="http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle"/> <code value="deidentify"/> </coding> </activity> <!-- not identified in original patient compartment as should not show up there (confidentiatlty Code V protected too) --> <agent> <type> <coding> <system value="http://terminology.hl7.org/CodeSystem/provenance-participant-type"/> <code value="assembler"/> </coding> </type> <who> <display value="Device/software"/> </who> </agent> <entity> <role value="source"/> <what> <reference value="Patient/example"/> </what> </entity> </Provenance> </resource> <search> <mode value="match"/> </search> </entry> <entry> <fullUrl value="http://example.org/fhir/Patient/anon0"/> <resource> <Patient> <id value="anon0"/> <!-- De-Identifed equivilant, removing all direct identifiers, and keeping only minimally necessary indirect identifiers --> <meta> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="L"/> </security> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-ObservationValue"/> <code value="PSEUDED"/> </security> </meta> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b> Generated Narrative: Patient anon0</b> </p> <p style="border: 1px #661aff solid; background-color: #e6e6ff; padding: 10px;">First-0 Anon-0 male, DoB: 1974-12-01</p> <hr/> </div> </text> <name> <!-- some made up name --> <family value="Anon-0"/> <given value="First-0"/> </name> <!-- male/female gender is needed, and group is big enough. --> <gender value="male"/> <!-- birthdate is generalized to 1st of month of the birth year --> <birthDate value="1974-12-01"/> </Patient> </resource> <search> <mode value="match"/> </search> </entry> <entry> <fullUrl value="http://example.org/fhir/Condition/anon0"/> <resource> <Condition> <id value="anon0"/> <!-- De-Identified data, change reference to Patient, eliminate free-text, and fuzz dates --> <meta> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> <code value="L"/> </security> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-ObservationValue"/> <code value="PSEUDED"/> </security> </meta> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b> Generated Narrative: Condition anon0</b> </p> <p> <b> clinicalStatus</b> : <span title="Codes:{http://terminology.hl7.org/CodeSystem/condition-clinical active}">Active</span> </p> <p> <b> verificationStatus</b> : <span title="Codes:{http://terminology.hl7.org/CodeSystem/condition-ver-status confirmed}">Confirmed</span> </p> <p> <b> category</b> : <span title="Codes:{http://terminology.hl7.org/CodeSystem/condition-category encounter-diagnosis}, {http://snomed.info/sct 439401001}">Encounter Diagnosis</span> </p> <p> <b> severity</b> : <span title="Codes:{http://snomed.info/sct 24484000}">Severe</span> </p> <p> <b> code</b> : <span title="Codes:{http://snomed.info/sct 39065001}">Burn of ear</span> </p> <p> <b> bodySite</b> : <span title="Codes:{http://snomed.info/sct 49521004}">Left external ear structure</span> </p> <p> <b> subject</b> : <a href="broken-link.html">??</a> </p> <p> <b> onset</b> : 2012-05-01</p> </div> </text> <clinicalStatus> <coding> <system value="http://terminology.hl7.org/CodeSystem/condition-clinical"/> <code value="active"/> </coding> </clinicalStatus> <verificationStatus> <coding> <system value="http://terminology.hl7.org/CodeSystem/condition-ver-status"/> <code value="confirmed"/> </coding> </verificationStatus> <category> <coding> <system value="http://terminology.hl7.org/CodeSystem/condition-category"/> <code value="encounter-diagnosis"/> <display value="Encounter Diagnosis"/> </coding> <!-- and also a SNOMED CT coding --> <coding> <system value="http://snomed.info/sct"/> <code value="439401001"/> <display value="Diagnosis"/> </coding> </category> <severity> <coding> <system value="http://snomed.info/sct"/> <code value="24484000"/> <display value="Severe"/> </coding> </severity> <code> <coding> <system value="http://snomed.info/sct"/> <code value="39065001"/> <display value="Burn of ear"/> </coding> </code> <bodySite> <coding> <system value="http://snomed.info/sct"/> <code value="49521004"/> <display value="Left external ear structure"/> </coding> </bodySite> <subject> <!-- patient as anon0 id --> <reference value="Patient/anon0"/> </subject> <!-- dates aligned to first of month --> <onsetDateTime value="2012-05-01"/> </Condition> </resource> <search> <mode value="match"/> </search> </entry> </ Bundle >
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.
FHIR
®©
HL7.org
2011+.
FHIR
R5
hl7.fhir.core#5.0.0
R6
hl7.fhir.core#6.0.0-ballot2
generated
on
Sun,
Mar
26,
2023
15:25+1100.
Mon,
Aug
12,
2024
16:59+0800.
Links:
Search
|
Version
History
|
Contents
|
Glossary
|
QA
|
Compare
to
R4
|
Compare
to
R4B
R5
|
|
Propose
a
change