Health Connect Australia Provider Directory FHIR Implementation Guide

Health Connect Australia Provider Directory FHIR Implementation Guide, published by Australian Digital Health Agency. This guide is not an authorized publication; it is the continuous build for version 0.3.0-preview built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/AuDigitalHealth/HealthConnect/ and changes regularly. See the Directory of published versions

Security and Privacy

Security and Privacy

When implementing Health Connect Provider Directory (HCPD), implementers need to be aware of FHIR security and safety considerations and take appropriate measures to protect information privacy and prevent exploitation by malicious actors. In particular, implementers are advised to review:

• FHIR Security Considerations
• FHIR Implementer Safety Checklist
• AU Core Security and Privacy

Implementers of Health Connect Provider Directory need to be aware of their obligations regarding security, privacy, and consent in Australia.

For HCPD, specific security requirements include:

• Systems SHOULD conform to FHIR Communications Security requirements.
• Systems SHALL use TLS version 1.2 or higher for data exchange.
• Systems SHOULD use TLS version 1.3 for data exchange.
• Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.