SMART on FHIR has an important role in securing a ‘FHIR ecosystem’ and supporting safe access to data which enables the open healthcare ecosystem. What else is required?
FHIR®, or Fast Healthcare Interoperability Resources, is the next generation HL7® standard for healthcare data integration. It focuses on decreasing interoperability costs, and unlocking technical innovation in healthcare. FHIR does this by supporting an ecosystem of information providers and consumers via open APIs. But with any API and particularly one that exposes Personal Health Information (PHI), security issues need consideration.
In a recent whitepaper, we discussed the role of SMART on FHIR in establishing a layer or security around FHIR applications, and identifying users and applications to sources of information. SMART (standing for Substitutable Medical Applications and Reusable Technologies) describes how to use OAuth2 in a healthcare setting, and describes a number of server ‘roles’ that are needed.
But security is only part of the story, there are other server roles that can play an important part of a FHIR based ecosystem, and this post describes some of them. Here’s a diagram that shows this: