Da Vinci Unsolicited Notifications Implementation Guide CI Build

Da Vinci Unsolicited Notifications, published by HL7 International - Infrastructure and Messaging Work Group. This is not an authorized publication; it is the continuous build for version 0.2.1). This version is based on the current content of https://github.com/HL7/davinci-alerts/ and changes regularly. See the Directory of published versions

Security and Privacy

In order to be responsible stewards of data, we will need to follow the data governance laws around sensitive conditions. Sensitive conditions are defined to support masking of clinical data that protects consumer’s privacy and are subject to special disclosure rules which govern the distribution of data to external parties.

The FHIR Security and Privacy Module describes how to protect a patient’s privacy through de-Identification, pseudonymization, and and/or anonymization. FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.

The FHIR Security and Privacy Module describes how to protect a patient’s privacy through de-Identification, pseudonymization, and and/or anonymization. For FHIR RESTful transactions the defacto security layer is SMART’s profile of OAuth2:

There are several ongoing initiatives to address various security and privacy issues including:

Once a suitable approach has been agreed upon and published, it will be referenced in a future version of this guide.

The DaVinci project is actively seeking input on security approaches and expectations for authentication and authorization between Senders and Receivers of sensitive patient data (e.g., will TLS, mutual-TLS, OAuth, etc. be required to interoperate?). There are several implementation guides and ongoing initiatives to address these issues including:

Once an approach has been agreed upon, it will be documented in the the Da Vinci Health Record Exchange (HRex) Implementation Guide.