AU Patient Summary Implementation Guide, published by HL7 Australia. This guide is not an authorized publication; it is the continuous build for version 0.5.0-cibuild built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/hl7au/au-fhir-ps/ and changes regularly. See the Directory of published versions

Security and Privacy

Security and Privacy

When implementing AU Patient Summary (AU PS), implementers need to be aware of FHIR security and safety considerations and take appropriate measures to protect information privacy and prevent exploitation by malicious actors. In particular, implementers are advised to review:

• FHIR Security Considerations
• FHIR Implementer Safety Checklist
• IPS Privacy and Security Considerations
• AU Core Security and Privacy

Implementers of AU PS need to be aware of their obligations regarding security, privacy, and consent in Australia.

For AU PS, specific security requirements include:

• Systems SHOULD conform to FHIR Communications Security requirements.
• Systems SHOULD support SMART App Launch for client authentication and authorisation.
• Systems SHALL use TLS version 1.2 or higher for data exchange.
• Systems SHOULD use TLS version 1.3 for data exchange.
• Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.