You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear Matjaz. It's a very comprehensive article you wrote, congrats! The one thing is still don't understand: How can you make sure that a patient can only request his/her own data - and does not retrieve data of other patients? Does FHIR (like HAPI or Firely) implement such security or would it be your own *Controller classes that need to read Consent resources and evaluate if a user is allowed to read/write data?
The text was updated successfully, but these errors were encountered:
Hi Thomas, thank you! FHIS does not offer such a security implementation out of the box. This is left to the solution architect who must design a production FHIR system with some kind of security sub-system that administers users, user authentication, and user authorization. Read more here: FHIR Security - General Considerations
This is what I was thinking - but it's good to hear I was not completely wrong. Do you know a product (like WSO2?) which would out-of-the-box support such security implementations?
Dear Matjaz. It's a very comprehensive article you wrote, congrats! The one thing is still don't understand: How can you make sure that a patient can only request his/her own data - and does not retrieve data of other patients? Does FHIR (like HAPI or Firely) implement such security or would it be your own *Controller classes that need to read Consent resources and evaluate if a user is allowed to read/write data?
The text was updated successfully, but these errors were encountered: