FHIR meetup®: Fine-grained Security Policies Beyond OAuth2

Meetup Youtube link: https://www.youtube.com/watch?v=CLYB2d4akWU
If you want to join Zoom to speak or ask questions, please send me a message via Zulip or t.me/healthdev and I will share the link with you.

The program of our next FHIR meetup (perhaps in incorrect order):

Overview of fine-grained authorization approaches in FHIR, Josh Mandel
Access control in Aidbo, Nikolai Ryzhikov, Health Samurai
An ABAC Architecture Approach, Matthew Tyler, Resmed
FHIR Data Segmentation for Privacy IG, Kathleen Connor
Classification and Locality, Chris Grenz, ThoughtWorks
Parameterized compartments, Michael Hansen, Microsoft
XYZ, Justin Richer, Bespoke Engineering

Meetup will be led by Josh Mandel and Nikolai Ryzhikov.

To enable FHIR open API and build powerful apps on top of it we need fine-grained access control, which can go beyond role-based control and simple SMART on FHIR scopes.

Here just a few samples:
*Practitioner can see records of 'her' patients
*The user can manage the medical records of her children or old parents
*Some sensitive resources visible only based on Consent
In this panel, we discuss flexible access configuration using 'Policies', how to implement this approach for complicated cases without breaking the REST paradigm and design challenges to make Policies interoperable.

Zulip channel in the FHIR chat on the topic: https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Fine-grained.20Security.20Policies

We plan to have 1-presentation FHIR meetup every other week. Please reach out if you like to make a presentation about a FHIR®-related topic.

FHIR® is the registered trademark of HL7 and is used with the permission of HL7. This event is not sponsored by HL7. The FHIR trademark does not constitute endorsement of the content of the products and/or presentations presented by HL7.