AU Core Implementation Guide
1.0.0-preview - Preview Australia flag

This page is part of the AU Core (v1.0.0-preview: QA Preview) based on FHIR (HL7® FHIR® Standard) R4. . For a full list of available versions, see the Directory of published versions

Security and Privacy

Page standards status: Informative

Security and Privacy

When implementing AU Core, implementers need to be aware of FHIR security considerations and implement measures to protect information privacy and prevent exploitation by malicious actors.

Those implementing AU Core are also advised to review the FHIR Implementer Safety Checklist for important considerations in secure and safe system implementation.

Implementers of AU Core need to be aware of their obligations regarding security, privacy, and consent in Australia.

For AU Core, specific security requirements include:

  • Systems SHOULD conform to FHIR Communications Security requirements.
  • Systems SHOULD support SMART App Launch for client authentication and authorisation.
  • Systems SHALL use TLS version 1.2 or higher for data exchange.
  • Systems SHOULD use TLS version 1.3 for data exchange.
  • Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.