search

IHE / IT-Infrastructure

Online repository for information assets supporting the profiles (implementation specifications) in the IHE IT Infrastructure Technical Framework.
Creative Commons Attribution 4.0 International
33 stars 13 forks source link

Privacy Consent on FHIR (PCF) #183

Open JohnMoehrke opened 2 years ago

JohnMoehrke commented 2 years ago

Much like BPPC does for XDS community. This Implementation Guide (IG) would do for FHIR community. This IG could be used with MHDS, which already has some of the framework for more specific Consents, but BPPCm would be more complete than what is indicated in MHDS. This IG could also be used for organization use or community use beyond MHD/XDS, which would include use-cases like QEDm, and IPA. This would leverage BasicAudit to record access control decisions and recording of consents.

This IG would

  1. Define a set of privacy policies with canonical URI and/or code.
  2. Define a set of Consent patterns that are foundational.
  3. Define actors for creation/update of Consent, Registry of Consents, Decision actor, and Enforcement actor.

See article - https://healthcaresecprivacy.blogspot.com/2022/05/explaining-fhir-consent-examples.html

JohnMoehrke commented 2 years ago

see MHDS details - https://profiles.ihe.net/ITI/MHDS/volume-1.html#1505-mhds-security-considerations

JohnMoehrke commented 2 years ago

should this be focused only on Privacy Consents? And not include Advanced Directives, Consent to a Treatment, and Consent to Participate in Research. --> Privacy Consents only