Acute and Community Clinical Data Repository HL7® FHIR® Query Implementation Guide

Implementation Guidance > Consumer Responsibility

Consumer Responsibility

Privacy and Security

Prior to implementing this guide, an organization shall complete security and privacy risk assessments and address the recommendations of those assessments. Care should be taken to ensure the confidentiality and integrity of Personal Health Information in transit and at rest can be maintained at an appropriate level.

The information which adopters receive when submitting/receiving Patient Summaries is considered Personal Information (PI) and Personal Health Information (PHI). As a result, access to the health patient information must be restricted as specified in data-sharing agreements and corresponding legislation.

System Responsibility for User Authorization, Authentication

A “system” level integration is when a Point of Service (PoS) system representing many users, registers for access to the CDR repository, instead of registering individual users. In this case, access to the CDR repository is granted to the PoS System and all access to the CDR by the PoS are treated equally.In this case, the responsibility to Authenticate and Authorize individual access is delegated from the CDR repository to the PoS. The PoS must ensure individual users access the CDR repository as required.

The PoS System is responsible for ensuring the accuracy of the identity of the individual requester specified in the message. User identities must be tied to authenticated user accounts

User Credentials

To support privacy inquiries into the disclosure of patient PHI, the individual’s username, mnemonic or Unique identifier SHALL be included in the message to identify the individual user that initiated a view request. The consumer shall satisfy this requirement through implementation of OAuth2 token defined in the request message header. NOTE: if the exchange is between systems where no PHI is disclosed to an individual, this does not apply. Refer to the Connectivity section for further details.

Auditing

Both the PoS System and CDR Repository MUST log all activity performed via the Application Programming Interface (API). The only exception to this is that PHI in any brokers/intermediaries must be cleared shortly after use.

With a “system” level integration the PoS must audit the user initiating each GET or POST call (this information is invisible to the CDR repository).

Logging

Both the PoS System and CDR Repository MUST log all activity performed via the Application Programming Interface (API) for a support purpose. PHI MUST NOT be stored in application log files.

With a “system” level integration, the client system must log activities of the user initiating each GET or POST call (this information is invisible to CDR repository).

Conformance

A resource submitted to Ontario Health SHALL be well-formed and conform to this specification.