Privacy Consent on FHIR (PCF)
The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
https://profiles.ihe.net/ITI/PCF/1.0.0-comment/index.htmlThis first release to Public Comment includes both Consent profiling and Access Control decisions and enforcement. The Consent profiling supports many Basic, Intermediate, and Advanced needs. There are a rudimentary set of privacy policies, and an Appendix that discusses the various attributes and considerations one must consider when writing the privacy policies to be used. This Appendix also includes discussion about refrains and obligations, the FHIR Consent fundamentals, and Security Labeling Service models. The PCF includes technical profiling on the oAuth (IUA) access token to enable decisions to be based on Consent and to carry residual rules for the enforcement point to enforce. The PCF includes technical profiling of the Consent with various complexity represented in Options to enable basic systems to improve over time to add features in support of intermediary and advanced use-cases. The profile includes 21 examples of Consents using the profiling, and for each of them shows the oAuth access token impact.
My announcement - https://healthcaresecprivacy.blogspot.com/2023/05/ihe-it-infrastructure-spring-2023.htmlPlease forward to anyone you think should review or be aware of this. Comments are welcome from anyone. You do not need to be an IHE member to comment. I welcome email comments if that is more easy.
John Moehrke 🔥 Architect: Healthcare Informatics Standards - Interoperability, Privacy, and Security
IHE Co-Chair IT Infrastructure Planning and Technical
HL7 Co-Chair Security WG, FHIR FMG, FHIR facilitator, and FHIR Foundation founding memberEmployee of By Light -- Contractor to VHA MyHealtheVet
JohnMoehrke@gmail.com | M +1 920-564-2067 | John.Moehrke@bylight.com
https://healthcaresecprivacy.blogspot.com
