← LearnTrack 6

Data Privacy in FHIR

Health data is among the most sensitive personal data that exists. GDPR classifies it as special category data. FHIR provides concrete resources — Consent, AuditEvent, Provenance — to implement privacy requirements at the technical layer. This track covers what that means in practice.

GDPR and Health Data

Health data is special category data under GDPR Article 9. Processing requires explicit consent or another legal basis. FHIR provides the technical primitives to implement these requirements at the data layer.

Consent Resource

The FHIR Consent resource models patient permissions — what data can be accessed, by whom, and for what purpose. It supports granular provision trees for treatment, research and marketing use cases.

AuditEvent

Every access to patient data should be logged. AuditEvent records who accessed what, when, from where, and why — using the DICOM audit trail model. Required for GDPR accountability and EHDS access logs.

Provenance

Provenance tracks the origin and custody chain of a resource — who created it, who modified it, which system transmitted it. Essential for data integrity and regulatory accountability.

Privacy by Design

GDPR Article 25 requires data protection by design and by default. In FHIR this means minimum necessary data in resources, purpose-limited scopes in SMART on FHIR, and Consent checked before data is returned.

EHDS and Patient Rights

The European Health Data Space grants patients the right to access their own data via MyHealth@EU. FHIR is the technical layer. Patient Summary, ePrescription and Lab Results must be accessible cross-border by 2027.

Topics in this track

  • GDPR Article 9 — health data
  • Legal basis for processing
  • Consent resource
  • AuditEvent (DICOM model)
  • Provenance and custody chain
  • Privacy by Design (Art. 25)
  • SMART scopes and data minimization
  • EHDS patient access rights