Skip to main content

HL7 FHIR Security & Privacy 2021.07.13

The HL7® FHIR® Security & Privacy online class describes how to protect a FHIR server (through access control and authorization), how to document what permissions a user has granted (consent), how to enable appropriate access by apps and users and how to keep records about what events have been performed (audit logging and provenance).

HL7 FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.

Target Audience

  • Privacy advocates and security architects
  • Developers, implementers and integrators building and maintaining FHIR systems and infrastructure
  • App developers building SMART on FHIR applications
  • Standards authors wanting to make the FHIR specifications more secure

Learning Outcomes
  • A working understanding of FHIR privacy and security mechanics
  • Introductory knowledge about Attribute-Based Access Control use of FHIR Security mechanics
  • A clear understanding of the FHIR Consent Resource
  • Able to apply FHIR Audit and how it informs security audit and privacy access reports
  • Able to apply these mechanics to various real-world use cases


John Moehrke
  • Co-Chair, HL7 Security Work Group
  • Member, HL7 FHIR Management Group
  • Co-Chair, IHE IT Infrastructure Planning Committee
  • Standards Architect, By Light Professional IT Services Inc.