CyberSecurity recommendation
Healthcare Exchange Standards
by
1w ago
My top recommendation is to look to experts in that field. I mostly participate in healthcare standards organizations such as HL7, IHE, and DICOM. These standards organizations focus on health informatics interoperability, they are not experts in CyberSecurity. These healthcare standards always recommend that you use standards developed by appropriate standards organizations. See the 2023 HL7 Cyber Security Event with all recordings available now. My HL7 FHIR Security and Privacy Education track. My second top recommendation is to make it very clear that Security (and Privacy, and Safety) are ..read more
Visit website
Give me a cyber security check list for FHIR RESTful API Systems
Healthcare Exchange Standards
by
3w ago
So I asked Gemini, googles latest AI... Cyber Security Checklist for FHIR RESTful API Systems FHIR (Fast Healthcare Interoperability Resources) is a standard for healthcare data exchange. It is important to secure FHIR RESTful API systems to protect sensitive patient data. Here is a checklist to help you secure your FHIR API system: Authentication and Authorization Implement strong authentication: Use a standard like OAuth 2.0 or OpenID Connect to authenticate users and clients. This will help to ensure that only authorized users and applications can access the API. Implement authorization: U ..read more
Visit website
Provenance use in AI
Healthcare Exchange Standards
by
2M ago
I have been engaged in a few initiatives around AI/ML, both inside healthcare and broader. I have been engaged to work on a variety of different needs, that all use a variation of Provenance. The following is not a tutorial, but rather an outline of the various ways that Provenance is useful in AI. Useful is not to say that these are currently used. Provenance on dataset that is available for various uses, including being used as a learning dataset. Provenance on the learning dataset showing where each data came from.  Provenance on a ML model node showing which data influenced this node ..read more
Visit website
VIP Patients in #FHIR
Healthcare Exchange Standards
by
2M ago
The FHIR security tag `VIP` is used to indicate that a patient's health information is considered to be highly confidential and requires heightened security measures. This may be due to the patient's public profile, occupation, or other factors. VIP is a designation of a person, not a designation of the data.  To use the VIP security tag, simply add it to the security tag of any FHIR resource that contains the patient's health information. For example, the following code shows how to add the VIP security tag to a Patient resource: { "resourceType": "Patient",   "id": "12345678 ..read more
Visit website
Standards for Accounting of Disclosures
Healthcare Exchange Standards
by
2M ago
I was asked lately if there are standards that support "Accounting of Disclosures". The use-case of Accounting of Disclosures is specific to the USA, but the broader concept is an expected Privacy Principle. The broader concept of an Access Report, or a Report of Data Uses, would inform a data subject of any use of their data both those that were authorized by the patient (e.g. Consent) and those that were against that authorization. The USA concept of Accounting of Disclosures is a much smaller subset, and in my view a useless subset as this subset is made up of only those uses of the da ..read more
Visit website
IHE IT-Infrastructure Fall 2023
Healthcare Exchange Standards
by
5M ago
The IHE IT-Infrastructure committee has approved four milestones; sIPS, NPFS, DSUBm, and PDQm match alternative. This winter quarter will be a lighter load, recognizing the holidays: Patient Scheduling, prospective look at FHIR R5/6, and evaluating impact of Gender Harmony.   This article is published before these are formally published, so I include a (will be at) link that likely won't be proper until later in November. Sharing IPS (sIPS) Formal Publication (will be at) -- https://profiles.ihe.net/ITI/sIPS This Implementation Guide was out for Public-Comment and is now ready for T ..read more
Visit website
Teaching an AI/ML/LLM should be a distinct PurposeOfUse
Healthcare Exchange Standards
by
5M ago
I have been thinking about a specific need around AI/ML. That is, that when data are being requested/downloaded for the intent of feeding to a Machine Learning; this action should be distinguished from a request for Treatment. This came up on a TEFCA/QTE call this week, where a question was posed as to how a patient could express that they wanted to forbid their data from being used to teach Machine Learning. This use-case would need the above ability to understand when a data request could result in the data being used for Machine Learning. Note that data requests are encouraged to inclu ..read more
Visit website
Test Interactions in a Production Environment
Healthcare Exchange Standards
by
6M ago
I covered how to include Test data in Production Environments using the HTEST tag. That article explained how data that is not real patient data, that is to say 'test' data, would be tagged with HTEST. This is a clear indication of what data in the Production Environment is test data vs not test data. Thus enabling clients to test while connected to the Production Environment, vs having a second environment just for testing. Where having a second environment may still be useful, but the switching from test server to production server can result in errors, usually configuration errors. So being ..read more
Visit website
IHE Basic Audit Log Patterns using #FHIR AuditEvent
Healthcare Exchange Standards
by
6M ago
The Basic Audit Log Patterns (BALP) is a Content Profile that defines some basic and reusable AuditEvent patterns. The Audit Log Patterns defined rely on the ATNA Profile for transport of the AuditEvent and query/retrieval of AuditEvents previously recorded. The patterns defined may be used as they are, or further refined to specific use-cases. Where a more specific audit event is defined, it should be derived off of these basic patterns. Thus, a more specific AuditEvent would be compliant with one or more of the AuditEvent patterns defined here. This Implementation Guide is intended to be f ..read more
Visit website
HL7 Cyber Security Event - recordings available
Healthcare Exchange Standards
by
7M ago
 Announced this morning that HL7 and ONC are making available the recordings of the presentations given at the HL7 CyberSecurity Event. These presentations were very well done, and I encourage everyone to watch them all. https://tinyurl.com/hl7sec ..read more
Visit website

Follow Healthcare Exchange Standards on FeedSpot

Continue with Google
Continue with Apple
OR