FHIR Info Gateway
View source on Github
When deploying digital health solutions, preserving patient data privacy is key.
The FHIR Info Gateway makes it easier for developers to enforce organizational
role based access control (RBAC) policies when working with FHIR data.
FHIR Info Gateway is a reverse proxy which controls client access to FHIR
resources on a server by checking requests for authorization to a FHIR URL or
search query. FHIR Info Gateway enables authorization and access-control between
a client application and a FHIR server when used along with any OpenID
Connect compliant Identity Provider
(IdP) and Authorization server (AuthZ). It currently supports Keycloak as the
IDP+AuthZ provider and has been tested with HAPI
FHIR or Cloud Healthcare API FHIR
store
as the FHIR server.
FHIR Info Gateway features include:
- A stand-alone service that can work with FHIR compliant servers
- A pluggable architecture for defining an access-checkers to allow for
implementation configurability
- Query filtering to block/allow specific queries such as for disabling joins
Go to developer documentation on
GitHub
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-23 UTC.
[null,null,["Last updated 2024-07-23 UTC."],[[["FHIR Info Gateway enhances patient data privacy by enabling role-based access control for FHIR data."],["It acts as a reverse proxy, verifying client authorization against an OpenID Connect compliant Identity Provider before granting access to FHIR resources."],["The gateway is compatible with various FHIR servers and offers a flexible architecture for customizing access control implementations."],["Developers can leverage query filtering to further refine data access and security policies."]]],["The FHIR Info Gateway is a reverse proxy that enforces role-based access control (RBAC) for FHIR data, ensuring patient data privacy in digital health solutions. It controls client access to FHIR resources by verifying authorization against requests to a FHIR URL or search query. It is compatible with OpenID Connect Identity Providers and Authorization servers. The Gateway features a pluggable architecture for access-checkers and supports query filtering, allowing control over client interactions with FHIR-compliant servers like HAPI FHIR or Cloud Healthcare API FHIR store.\n"]]
