How healthy is your FHIR implementation?
Here’s a quick test you can run to find out, focusing on one red flag.
Pick an important resource type that’s used throughout your app or solution – preferably one that’s created or updated often.
- Observation
- Procedure
- Condition
- MedicationRequest
Run a FHIR search query to get a single instance of one of those resources. Pick one that was created recently.
Now try and work out who created the resource or who was responsible for creating the content in the resource. I’m talking about provenance here. If everything is “as it should be”, then this should not be difficult.
From the official FHIR documentation:
Provenance indicates clinical significance in terms of confidence in authenticity, reliability, trustworthiness, integrity… all of which may impact security, privacy, and trust policies.
Provenance is important.
Commonly used ways of identifying “Who did what and when” to a FHIR resource are:
- An associated Provenance resource
- A populated meta.source element with a URI that identifies the source
- Elements in the resource that might identify a Practitioner or Organization
- A Provenance as a contained resource inside the selected resource
It’s your FHIR server and you have ultimate responsibility for the data inside it. This means you are responsible for ensuring a resource’s provenance is captured and accessible. Some might disagree with me here, but the buck has to stop somewhere, otherwise chaos eventually triumphs.
You or your team should know exactly where to look to find that provenance.
If you don’t, or if you can’t easily find it, or if it doesn’t exist, you have a problem that needs addressing.
A resource without provenance is a serious red flag.
---