Healthcare Security/Privacy

I will be speaking at an event coming up on Access Control. This is not just me speaking about IHE-PCF, but much more. Join us for the FHIR® Access Control Meetup  where we'll take a clo...

http://healthcaresecprivacy.blogspot.com/2024/04/meetup-on-fhir-access-control.html

This Implementation Guide ready for Trial-Implementation.  Formal Publication -- https://profiles.ihe.net/ITI/sIPS The Sharing of IPS (sIPS) IHE Profile provides for methods of exchanging t...

http://healthcaresecprivacy.blogspot.com/2024/04/sharing-ips-sips.html

My top recommendation is to look to experts in THAT field. I mostly participate in healthcare standards organizations such as HL7, IHE, and DICOM. These standards organizations focus on health in...

http://healthcaresecprivacy.blogspot.com/2024/03/cybersecurity-recommendation.html

SO I ASKED GEMINI, GOOGLES LATEST AI... CYBER SECURITY CHECKLIST FOR FHIR RESTFUL API SYSTEMS FHIR (Fast Healthcare Interoperability Resources) is a standard for healthcare data exchange. It is...

http://healthcaresecprivacy.blogspot.com/2024/03/give-me-cyber-security-check-list-for.html

Updated with final announcement: IHE IT-Infrastructure with two major new profiles (DSUBm, and PDQm match), and three minor updates (BALP, PIXm, and PCF), all on #FHIR. https://mailchi.mp/ihe/ihe...

http://healthcaresecprivacy.blogspot.com/2024/02/ihe-it-infrastructure-winter-2024.html

I have been engaged in a few initiatives around AI/ML, both inside healthcare and broader. I have been engaged to work on a variety of different needs, that all use a variation of Provenance. The...

http://healthcaresecprivacy.blogspot.com/2024/01/provenance-use-in-ai.html

The FHIR security tag `VIP` is used to indicate that a patient's health information is considered to be highly confidential and requires heightened security measures. This may be due to the patie...

http://healthcaresecprivacy.blogspot.com/2024/01/vip-patients-in-fhir.html

I was asked lately if there are standards that support "Accounting of Disclosures". The use-case of Accounting of Disclosures is specific to the USA, but the broader concept is an expected Priva...

http://healthcaresecprivacy.blogspot.com/2024/01/standards-for-accounting-of-disclosures.html

The IHE IT-Infrastructure committee has approved four milestones; sIPS, NPFS, DSUBm, and PDQm match alternative. This winter quarter will be a lighter load, recognizing the holidays: Patient Sche...

http://healthcaresecprivacy.blogspot.com/2023/11/ihe-it-infrastructure-fall-2023.html

I have been thinking about a specific need around AI/ML. That is, that when data are being requested/downloaded for the intent of feeding to a Machine Learning; this action should be distinguishe...

http://healthcaresecprivacy.blogspot.com/2023/10/teaching-aimlllm-should-be-distinct.html

I covered how to include Test data in Production Environments using the HTEST tag. That article explained how data that is not real patient data, that is to say 'test' data, would be tagged with...

http://healthcaresecprivacy.blogspot.com/2023/10/test-interactions-in-production.html

The following question(s) were asked today, and I figure my response is informative to a broader audience. > Has anyone implemented anything pertaining to this? >  > Prevent the discl...

http://healthcaresecprivacy.blogspot.com/2023/10/california-bill-352-aka-sex-and-gender.html

The Basic Audit Log Patterns (BALP) is a Content Profile that defines some basic and reusable AuditEvent patterns. The Audit Log Patterns defined rely on the ATNA Profile for transport of the ...

http://healthcaresecprivacy.blogspot.com/2023/09/ihe-basic-audit-log-patterns-using-fhir.html

 Announced this morning that HL7 and ONC are making available the recordings of the presentations given at the HL7 CyberSecurity Event. These presentations were very well done, and I encourage e...

http://healthcaresecprivacy.blogspot.com/2023/09/hl7-cyber-security-event-recordings.html

Join me at the #HL7 #FHIR Security Education Event virtually this August 8 & 9! I'll be speaking on:  FHIR Security and Privacy for Developers FHIR Security & Privacy Capabilities FHIR Securit...

http://healthcaresecprivacy.blogspot.com/2023/08/hl7-fhir-security-education-event.html

 Many in the USA are reviewing and preparing comments on HTI-1 . I used to do this top to bottom, but don't really have a work driver to base my comments upon. So I now end up reviewing and comm...

http://healthcaresecprivacy.blogspot.com/2023/06/patient-requested-restrictions.html

The IHE IT-Infrastructure committee continues to produce new and improved specifications for HIE interoperability. This spring we are publishing a supplement that was out for public-comment, a w...

http://healthcaresecprivacy.blogspot.com/2023/05/ihe-it-infrastructure-spring-2023.html

I already have one proposal for the transition from the current Federated Health Information Exchange to supporting FHIR, that is based on a transition from CDA to FHIR-Documents. In that proposa...

http://healthcaresecprivacy.blogspot.com/2023/03/transitioning-federated-hie-from-xca-to.html

 As FHIR systems get bigger and bigger, and support more and more clients... It is more and more important to have Test Data to use to assure that: Your client is connected to the right serve...

http://healthcaresecprivacy.blogspot.com/2023/03/test-data-in-production.html

 At a panel discussion at the IHE-Connectathon there was much discussion about the new IPS specification. This is a new FHIR specification that expresses what a International Patient Summary (IP...

http://healthcaresecprivacy.blogspot.com/2023/03/where-do-i-get-ips.html

I have been invited to speak at the API Secure conference , a virtual event coming up in a few weeks.  UPDATED: 3/14/2023 -- Here is my slide deck   My goal is to inspire cybersecurity co...

http://healthcaresecprivacy.blogspot.com/2023/03/fhir-up-api-secure-community.html

When pointing at a standard, do we expect that that standard organization governance on patch / errata / CP releases are followed? It might be common knowledge that when we reference a standard, ...

http://healthcaresecprivacy.blogspot.com/2023/02/references-to-standards-need-to.html

I am co-chair of the HL7 Security, and IHE IT-Infrastructure working groups. The dominant topic in my scope over the past 5 years has been Privacy and Security of FHIR.  I have three events that...

http://healthcaresecprivacy.blogspot.com/2023/01/hacking-fhir-for-benefit-of-fhir.html

 Amazing how hard this is to figure out. So I asked Chat GPT OpenAI ARE THERE OPEN-SOURCE IMPLEMENTATIONS OF IHE XCA AND XCPD? IHE (Integrating the Healthcare Enterprise) XCA (Cross-Communit...

http://healthcaresecprivacy.blogspot.com/2023/01/are-there-open-source-implementations.html

I have played with Open GPT Chat for a couple of weeks. Mostly being scared at how good it is, laughing at the mistakes, and having it write FHIR code. I have seen other bloggers asking Open GPT...

http://healthcaresecprivacy.blogspot.com/2022/12/open-gpt-as-john-moehrke-on-privacy.html