Health Connect Australia Provider Directory FHIR Implementation Guide

Health Connect Australia Provider Directory FHIR Implementation Guide - Local Development build (v26.0.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Security and Privacy

Security and Privacy

When implementing Health Connect Provider Directory (HCPD), implementers need to be aware of FHIR security and safety considerations and take appropriate measures to protect information privacy and prevent exploitation by malicious actors. In particular, implementers are advised to review:

• FHIR Security Considerations
• FHIR Implementer Safety Checklist
• AU Core Security and Privacy

Implementers of Health Connect Provider Directory need to be aware of their obligations regarding security, privacy, and consent in Australia.

For HCPD, specific security requirements include:

• Systems SHOULD conform to FHIR Communications Security requirements.
• Systems SHALL use TLS version 1.2 or higher for data exchange.
• Systems SHOULD use TLS version 1.3 for data exchange.
• Systems SHOULD use the Australian Cyber Security Centre (ACSC) TLS configuration guidelines that include recommendations for configuring protocol features and acceptable cipher suites when implementing TLS.

Data Removal and Privacy Controls

Organizations and Practitioners can elect to have their information removed from the Health Connect Provider Directory (HCPD) through Provider Connect Australia (PCA).

For more information about data removal procedures, providers should consult the PCA documentation and contact the Australian Digital Health Agency directly.