Data Privacy in FHIR
Health data is among the most sensitive personal data that exists. GDPR classifies it as special category data. FHIR provides concrete resources — Consent, AuditEvent, Provenance — to implement privacy requirements at the technical layer. This track covers what that means in practice.
GDPR and Health Data
Health data is special category data under GDPR Article 9. Processing requires explicit consent or another legal basis. FHIR provides the technical primitives to implement these requirements at the data layer.
Consent Resource
The FHIR Consent resource models patient permissions — what data can be accessed, by whom, and for what purpose. It supports granular provision trees for treatment, research and marketing use cases.
AuditEvent
Every access to patient data should be logged. AuditEvent records who accessed what, when, from where, and why — using the DICOM audit trail model. Required for GDPR accountability and EHDS access logs.
Provenance
Provenance tracks the origin and custody chain of a resource — who created it, who modified it, which system transmitted it. Essential for data integrity and regulatory accountability.
Privacy by Design
GDPR Article 25 requires data protection by design and by default. In FHIR this means minimum necessary data in resources, purpose-limited scopes in SMART on FHIR, and Consent checked before data is returned.
EHDS and Patient Rights
The European Health Data Space grants patients the right to access their own data via MyHealth@EU. FHIR is the technical layer. Patient Summary, ePrescription and Lab Results must be accessible cross-border by 2027.
Topics in this track
- GDPR Article 9 — health data
- Legal basis for processing
- Consent resource
- AuditEvent (DICOM model)
- Provenance and custody chain
- Privacy by Design (Art. 25)
- SMART scopes and data minimization
- EHDS patient access rights