Learn about challenges, innovations, and best practices related to access control in FHIR-enabled systems.
In the era of digital health, ensuring secure and compliant access to healthcare data is paramount. FHIR has emerged as a standard for healthcare data exchange, offering a framework for managing data access across systems. Implementing FHIR access control poses unique challenges and opportunities for healthcare organizations, developers, and stakeholders.
What to Expect?
Our meetup brings experts to the forefront of addressing FHIR access control challenges. Through a series of talks, discussions, and Q&A sessions, we will explore:
1. Ongoing Challenges: Dive into the current landscape of healthcare data governance, focusing on patient consent management, data sharing, and regulatory compliance challenges.
2. Use Cases: Learn from real-world use cases demonstrating the benefits of effective Consent-based and Label-based access control. From enhancing patient data security to facilitating seamless data sharing between organizations, discover how FHIR access control is transforming healthcare.
3. Best Practices and Solutions: Learn the best practices for implementing FHIR access control, including granular access policies, scalability considerations, and compliance with FHIR specifications.
This meetup is ideal for healthcare IT professionals, developers, data architects, compliance officers, and anyone interested in the intersection of healthcare data privacy, security, and interoperability.
• Foundations of Privacy Policy and Choices
• Capturing Consent
• Profiles of Consent: Basic, Intermediate, and Advanced
• Authorization Decision based on Consent leveraging OAuth
• Enforcing Authorization Decisions
Principal Architect specializing in Health Informatics Standards Architecture in Interoperability, Security, and Privacy. Primarily involved in the development and promulgation of international standards efforts since 1999. Co-chair of the HL7 Security Workgroup, appointed member of the FHIR Management Group, and part of the core FHIR editors and facilitators. Co-chair of the IHE ITI Planning Committee. Active member in the USA National initiatives to create a Nationwide Healthcare Information Network for both the Exchange architecture and the Direct Project, at the regional level with Wisconsin HIE (WISHIN), and various other country, state, and region HIE. Participates in standards development in FHIR, HL7, DICOM, ISO, ASTM, IHE, OASIS, W3C, and IETF.
• Category-based scopes as adopted in the US Core
• WIP: Rich Authorization Requests and Responses
• Gaps in SMART's scope language: FHIR Operations
• FHIR-based authorization in TEFCA: a review of the technical framework
Josh C. Mandel, MD is a physician and software developer working to fuel an ecosystem of health apps with access to clinical and research data. As Chief Architect for Microsoft Healthcare, Chief Architect for SMART Health IT, and Lecturer at the Harvard Medical School Department of Biomedical Informatics, Josh works closely with the standards development community to lay groundwork for frictionless data access, authorization, analytics, and app integration. Josh leads development of the SMART on FHIR specification (the basis for US Patient Access API capabilities that certified EHRs must support) and the SMART Health Cards specification (used by pharmacies, public health departments, and healthcare providers to issue verifiable records of vaccination status).
• How to record security labels and labeling metadata on FHIR resources using the mechanisms defined in FHIR core and FHIR DS4P IG
• High-level ideas on how to implement a security labeling service
• How to incorporate a security labeling service into the broader authorization management and access control including Consent enforcement
Mohammad Jafari (PhD, MBA) is an independent consultant and subject matter expert in privacy, interoperability, and integration and an adjunct faculty at Arizona State University. He has been active in the health informatics industry and standards development community for over a decade in various roles and projects, including as the Principal Investigator and Project Director of the Office of National Coordinator’s LEAP FHIR Consent project and the co-author and technical facilitator of the FHIR Data Segmentation for Privacy (DS4P) Implementation Guide. He is the co-chair of HL7 Community-Based Care and Privacy (CBCP) and Human and Social Services (HSS) working groups.
• Introduction to Label-Based Access Control (LBAC)
• Aidbox LBAC engine demo
• Privacy vs. FHIR conformance
Mikhail Kulakov is a Product Manager at Health Samurai, focusing on the Aidbox FHIR Platform. With a strong background in product management and marketing, Mike contributes to developing solutions that enhance healthcare IT through FHIR technology.
Nikolai will host the event and generally create a welcoming environment for invited guests and speakers.
Nikolai is a CTO at Health Samurai and technical leader of the Aidbox FHIR Platform with more than 15 years of experience in healthcare IT. Since 2012, it has been actively contributing to the FHIR standard and popular open-source projects like Fhirbase and FHIR.js. Author of the FHIR-first development approach and regular speaker of FHIR events.
Aidbox is a developer-friendly FHIR platform where everything remains under your control. Build your enterprise-grade digital healthcare apps and systems using a habitual tech stack and suitable cloud infrastructure: Google, Azure, AWS, or on-premises.
// Read More
