Trust Profile based Trust Negotiation for the FHIR Standard

Eugene Sanzi, Steven Demurjian


Sensitive healthcare data within Electronic Healthcare Records (EHRs) is traditionally protected through an authentication and authorization process. The user is authenticated based on a username/password combination which requires a pre-registration process. Trust profile based trust negotiation replaces the required human intervention during the traditional pre-registration process with an automated approach of verifying that the user owns the trust profile with digital signatures. To accomplish this, the negotiation process gradually exchanges the credentials within the trust profile to build trust and automatically assign authorization rules to previously unknown users. In this paper, we propose a new model for attaching trust profile authorization data to Fast Healthcare Interoperability Resources (FHIR), a standard created by HL7, in order to integrate the process of trust profile based trust negotiation into FHIR.


Paper Citation