If a burglar enters your home, or there is a fire, your most high-valued and loved possessions, can be lost.
The result: you are left feeling personally invaded, or without somewhere to live.
So, to protect ourselves and our homes, we add security such as deadbolts and fire alarms. This increased security helps to deter burglars, reduce risk, and ensures your safety.
In healthcare we face similar security challenges. This means, we need to ensure we are aware of potential risks, and do everything we can to protect our very valuable personal health information. Security measures such as SMART should also be applied to standards in healthcare data integration. SMART (standing for Substitutable Medical Applications and Reusable Technologies) adds a layer of security in front of FHIR interfaces to support safe access to data held within an EHR – or any other repository.
FHIR®, or Fast Healthcare Interoperability Resources, is one of the next generation HL7® standards in healthcare data integration. It focuses on decreasing interoperability costs, and unlocking technical innovation in healthcare by supporting an open ecosystem of information providers and consumers via open APIs. But with any API and particularly one that exposes Personal Health Information (PHI) security issues need consideration. So SMART adds a layer of security to reduce the risk of a patient’s medical record being “burgled” or the information being lost in a “house fire”.
SMART is not yet as well-known as FHIR, but healthcare organisations and national bodies are taking an active interest in its development, through projects such as Argonaut. SMART leverages the existing standards OAuth2 for Authentication and Authorisation, OpenID Connect for user Identity and standardises the process of negotiating access to information and operations between app and server. It also describes a process by which an EHR application can launch an external app preserving context (patient and user), and providing safe access to the data within the EHR or, indeed, any other repository of healthcare data.
By utilising these commonly used standards, FHIR and SMART work together to provide secure and safe access to data held within an EHR, or any data repository using a well-known API managed by the custodian of the clinical data. With the growing support for SMART by large healthcare organisations, vendors, providers and national bodies, this will promote free-flowing healthcare information that in turn can lead to different ‘specialist’ applications. These applications, each focused on some aspect of health care delivery can access data from different data sources, creating numerous ‘sidecar’ applications, truly enabling the open healthcare ecosystem.
Learn about how to maximise security by adding SMART(s) to your FHIR APIs. Download the white paper now.
