Clinical Note Document - Local Development build (v26.0.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Security and Privacy

Security and Privacy

When implementing Clinical Note Document (CND), implementers need to be aware of FHIR security and safety considerations and take appropriate measures to protect information privacy and prevent exploitation by malicious actors. In particular, implementers are advised to review:

Implementers of Clinical Note Document need to be aware of their obligations regarding security, privacy, and consent in Australia.

For CND, specific security requirements include:

  • Systems SHOULD conform to FHIR Communications Security requirements.
  • Systems SHALL use TLS version 1.2 or higher for data exchange.
  • Systems SHOULD use TLS version 1.3 for data exchange.
  • Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.