Sensitive information restrictions on FHIR resources

34 views
Skip to first unread message

Patrick Gery

unread,
May 6, 2021, 3:08:03 PM5/6/21
to Cerner FHIR Developers
Hello,

Our app uses the Observation and DiagnosticReport resources to pull result data. We're currently implementing with a customer who is asking that we exclude using any data for certain specific "sensitive" results. For example, HIV tests, genetic testing, etc.

For Observation, we plan on using the LOINC codes that come back on the resource. However, Moxe has sometimes seen with other EHRs that some "sensitive" data may not even be returned on the APIs themselves and instead is filtered out of the whole response. Does Cerner do that? In other words, if a customer marks HIV results as "sensitive/restricted" within the EHR, does that mean that they will not come out on FHIR resource responses? Thank you!

Fenil Desani (Cerner)

unread,
May 7, 2021, 11:16:53 AM5/7/21
to Cerner FHIR Developers
Hello,

Yes, Health Systems can use privileges and encounter security to filter out data, which would not flow through the APIs.

Thanks,
Fenil (Cerner)

Patrick Gery

unread,
May 7, 2021, 11:28:30 AM5/7/21
to Cerner FHIR Developers
Hey Fenil,

So if a health system marked a genetic test or an HIV test as sensitive and we made an Observation call to get that data for the patient, we would receive back all "non-sensitive" results in the API response but the sensitive tests would be "hidden" from Moxe view?

Fenil Desani (Cerner)

unread,
May 7, 2021, 12:02:20 PM5/7/21
to Cerner FHIR Developers
Correct! While the terminologies differ, the basic understanding is correct. Generally, all similar Observations are charted using a single code (example all HIV Tests charted as code 123). If the client decided that we would not want any Observation charted with this particular code (123) to be passed to the APIs, they can add that particular code (123) as an exception and then the Cerner's FHIR API would not return any Observation (HIV Test) to the App charted with that code (123).

Thanks,
Fenil (Cerner)

Patrick Gery

unread,
May 7, 2021, 1:50:11 PM5/7/21
to Cerner FHIR Developers
Got it--thanks makes sense. Does that apply to ALL applicable APIs (DocRef/Binary, DiagnosticReport, Encounter (for sensitive departments)) or just to Observation?

Fenil Desani (Cerner)

unread,
May 10, 2021, 10:36:51 AM5/10/21
to Cerner FHIR Developers
Most Resources have different Privs. Some resource share Privs.
The ones mentioned above, those should be able to filter out.
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages