This page is part of the AU Patient Summary (v0.5.0-preview: QA Preview) based on FHIR (HL7® FHIR® Standard) R4. No current official version has been published yet. For a full list of available versions, see the Directory of published versions

Security and Privacy

Security and Privacy

When implementing AU Patient Summary (AU PS), implementers need to be aware of FHIR security and safety considerations and take appropriate measures to protect information privacy and prevent exploitation by malicious actors. In particular, implementers are advised to review:

• FHIR Security Considerations
• FHIR Implementer Safety Checklist
• IPS Privacy and Security Considerations
• AU Core Security and Privacy

Implementers of AU PS need to be aware of their obligations regarding security, privacy, and consent in Australia.

For AU PS, specific security requirements include:

• Systems SHOULD conform to FHIR Communications Security requirements.
• Systems SHOULD support SMART App Launch for client authentication and authorisation.
• Systems SHALL use TLS version 1.2 or higher for data exchange.
• Systems SHOULD use TLS version 1.3 for data exchange.
• Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.