DevDays FHIR Security & Patient ID



For Dynamic Health IT (DHIT), the recent FHIR DevDays virtual conference was a great opportunity for knowledge sharing. DevDays empowers us with its focus on current trends and future development in Healthcare IT. As usual, interoperability was center-stage as a problem area and also an opportunity, and FHIR is central to the most promising solutions.

In addition, FHIR will soon be mandated for ONC-certified healthcare IT products, along with SMART. FHIR intentionally omits addressing security and SMART helps fill that void by providing a framework for security and authorization. With the implementation of the 21st Century Cures Act, the ONC rolled out 170.315(g)(10) “Standardized API for patient and population services”, a required CEHRT criterion that specifies not only FHIR 4.01 but also SMART and the OpenID Connect standard,

With COVID-19 and its pervasive problems, it’s all-hands-on-deck as healthcare IT strives to support patient care and appropriate sharing of healthcare data. Multiple organizations have already adopted FHIR to solve specific problems. As healthcare data sharing becomes more pervasive, protecting personal information, privacy and security are critical components. This was an important discussion area at DevDays.


Decentralized Identifiers, Verifiable Credentials, & FHIR

As the deployment of FHIR expands across organizations, identity management is a critical challenge. Josh Mandel from Microsoft presented on this topic:

  • Identity Proofing