I have a FHIR question that I don’t know the answer to.
It’s a question that I feel every organization that uses FHIR should be asking — but no one is asking.
Let me paint a picture.
A large hospital stores data in a managed FHIR server on the cloud. That data flows in from multiple different sources.
- Their own CMS
- Referrals from clinics and doctors across the region
- Results from pathology and radiology
- A host of third party clinician apps and tools
- Apps that update data on behalf of Patients
- Insurance claim information
This data all conforms to one or more Implementation Guides. Access is via Smart-on-FHIR. Sounds ideal, so where’s the problem?
The hospital is confident that the right data is flowing into its FHIR server, but it doesn’t know what else is flowing in.
An app updates resource elements correctly, but it might be adding extensions filled with PHI data that the hospital’s systems are unaware of.
That same app might be creating or updating resources populated with PII data — again without the hospital being aware.
Extensions, resources not referenced in the ‘traditional’ FHIR way, encoded string values. There are a host of different ways to store data in a FHIR server that effectively hides it from view.
But the FHIR server is owned and managed by the hospital. Responsibility for data management lies with the hospital.
When a particular use case for storing data ends, the hospital is responsible for deleting the data.
When a patient removes consent for specific data to be stored, the hospital is again responsible for deleting data.
How does a hospital fulfil this role when it doesn’t always know the precise data that is being stored in its FHIR server?
Should it intercept all FHIR queries and carefully examine the data before allowing it in?
Should it ban all use of ‘unapproved extensions’?
Isn’t that against the spirit of FHIR?
Implementation Guides and FHIR validation can ensure elements and attributes are correctly populated. But they don’t stop ‘unknown data’ from creeping in.
I’d love to hear opinions on this.
How do you deal with ‘excess’ data entering your FHIR server?
Do you deal with it at all?
Am I inventing a problem that doesn’t exist?
---