March 9, 2022
In a previous blog, Why a security component is critical to your FHIR ecosystem, the case was made for why securing data should be top-of-mind in any FHIR implementation. This blog continues that conversation by focusing on the Infor FHIR product suite and how security is weaved into both product design and implementation aspects.
Outer Layer Security
Traditionally, healthcare data has primarily been exchanged among systems within a secure internal network. Any data exchanged externally would be passed through a VPN tunnel, sent over secure FTP, or secured with an agent such as Cloverleaf Secure Courier. However, external connectivity over the internet will eventually become the norm as healthcare moves to exchanging data via FHIR.
When dealing with external connectivity over the internet, it is important to have an external layer of security to manage and secure the external traffic. Infor API Gateway provides exactly that first line of defense. The functionality provided to secure the outer layer includes:
- Single point of control to configure system security policies consistently,
- Uniform proxy layer to manage all your external endpoints in a single uniform location, and
- Throttling and denial of service protection.
By providing a single point of control to manage the growing number of FHIR connections, API Gateway ensures consistent performance and security of FHIR APIs.
Once inside the outer layer, it is imperative than an app only be able to access the data for which it is authorized. Infor FHIR Server has technology built in to ensure proper access:
- OAuth 2 authentication using client credentials, password, or authorization code grant types, and
- SMART on FHIR scopes.
OAuth 2 authentication ensures that only registered apps are allowed access to the FHIR data, while SMART on FHIR scopes determine what data can be accessed by each request. For example, a patient using a 3rd party FHIR app will only be allowed to access their individual data. In addition, they may only have access to read, or might be limited to the specific resources they can access.
Security zones are an important element of implementing for security. Security zones let you create a strong access control policy that controls the traffic between parts of the network. Resources in the DMZ, or demilitarized zone, are given external access and have the following characteristics:
- Commonly used for public-facing servers, which would include a FHIR server, and
- Allows public access without putting the private, inside zone at risk.
Infor product solutions for FHIR are designed in a modular way so that implementation can leverage the DMZ security zone for external FHIR interfacing while the traditional Cloverleaf engine remains in the internal zone.
In addition to the topics covered so far, Infor FHIR products provide many more features to enforce security requirements including encryption at-rest, encryption in-transit, audit logging, and role-based access to mention a few. Furthermore, every Infor product release must comply with Infor Security Office (ISO) requirements for secure coding and penetration testing. For Infor products, an overview of security policies can be viewed at trust.infor.com.
FHIR is still largely an emerging standard, and the security aspects of sharing data in a FHIR-based ecosystem are still evolving. Infor is committed to security and will continue to be a leader, especially in evolving technologies such as FHIR.
Written by: Rob Brull, Sr. Director of Product, Infor