Security
Important: The content on these pages have not been approved or adopted by NHS England.
Describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), and how to keep records about what events have been performed (audit logging and provenance).
Audit
Frameworks and Implementation Guides
Authorisation
Frameworks and Implementation Guides
- SMART App Launch An extension of OAuth2 for client applications to authorize, authenticate, and integrate with FHIR-based data systems.
- HEART (Health Relationship Trust) Is an set of profiles to OpenID that enables patients to control how, when, and with whom their clinical data is shared.