meetup #12

FHIR® Access Control: Real-world Challenges and Solutions

Learn about challenges, innovations, and best practices related to access control in FHIR-enabled systems.

april, 2024
Tuesday, 11:00 AM PT

Meetup #12

In the era of digital health, ensuring secure and compliant access to healthcare data is paramount. FHIR has emerged as a standard for healthcare data exchange, offering a framework for managing data access across systems. Implementing FHIR access control poses unique challenges and opportunities for healthcare organizations, developers, and stakeholders.

What to Expect?
Our meetup brings experts to the forefront of addressing FHIR access control challenges. Through a series of talks, discussions, and Q&A sessions, we will explore:

1. Ongoing Challenges: Dive into the current landscape of healthcare data governance, focusing on patient consent management, data sharing, and regulatory compliance challenges.

2. Use Cases: Learn from real-world use cases demonstrating the benefits of effective Consent-based and Label-based access control. From enhancing patient data security to facilitating seamless data sharing between organizations, discover how FHIR access control is transforming healthcare.

3. Best Practices and Solutions: Learn the best practices for implementing FHIR access control, including granular access policies, scalability considerations, and compliance with FHIR specifications.

This meetup is ideal for healthcare IT professionals, developers, data architects, compliance officers, and anyone interested in the intersection of healthcare data privacy, security, and interoperability.

To get the slides join the HealthDevHub Slack channel.


11:00 AM PT
FHIR Meetup opening~10 min
11:10 AM PT
Privacy Consent on FHIR by John Moehrke~15 min
11:25 AM PT
Q&A Session ~5 min
11:30 AM PT
Authorization: Granular Scopes and Beyond by Josh Mandel
11:45 AM PT
Q&A Session ~5 min
11:50 AM PT
Data Segmentation for Privacy and Consent by Mohammad Jafari
12:05 AM PT
Q&A Session ~5 min
12:10 AM PT
Label-based Access Control in FHIR by Rostislav Antonov
12:25 AM PT
Q&A Session ~5 min
12:30 AM PT
Round-table (~45 min)~30 min
April 30, 2024
11:00 AM -13:15 PM PT
Online Meetup
Free of charge

Topics & Speakers

Privacy Consent on FHIR
  • Foundations of Privacy Policy and Choices 
  • Capturing Consent   
  • Profiles of Consent: Basic, Intermediate, and Advanced   
  • Authorization Decision based on Consent leveraging OAuth
  •  Enforcing Authorization Decisions
John Moehrke

John Moehrke

Co-Chair: Security WG at HL7, Standards Architect at By Light Professional IT Services
// Bio
Principal Architect specializing in Health Informatics Standards Architecture in Interoperability, Security, and Privacy. Primarily involved in the development and promulgation of international standards efforts since 1999. Co-chair of the HL7 Security Workgroup, appointed member of the FHIR Management Group, and part of the core FHIR editors and facilitators. Co-chair of the IHE ITI Planning Committee. Active member in the USA National initiatives to create a Nationwide Healthcare Information Network for both the Exchange architecture and the Direct Project, at the regional level with Wisconsin HIE (WISHIN), and various other country, state, and region HIE. Participates in standards development in FHIR, HL7, DICOM, ISO, ASTM, IHE, OASIS, W3C, and IETF.
Authorization: Granular Scopes and Beyond
  •  Category-based scopes as adopted in the US Core
  •  WIP: Rich Authorization Requests and Responses
  • Gaps in SMART's scope language: FHIR Operations 
  • FHIR-based authorization in TEFCA: a review of the technical framework
Josh Mandel

Josh Mandel

Chief Architect for Microsoft Healthcare, Chief Architect for SMART Health IT
// Bio
Josh C. Mandel, MD is a physician and software developer working to fuel an ecosystem of health apps with access to clinical and research data. As Chief Architect for Microsoft Healthcare, Chief Architect for SMART Health IT, and Lecturer at the Harvard Medical School Department of Biomedical Informatics, Josh works closely with the standards development community to lay groundwork for frictionless data access, authorization, analytics, and app integration. Josh leads development of the SMART on FHIR specification (the basis for US Patient Access API capabilities that certified EHRs must support) and the SMART Health Cards specification (used by pharmacies, public health departments, and healthcare providers to issue verifiable records of vaccination status).
Data Segmentation for Privacy and Consent
  • How to record security labels and labeling metadata on FHIR resources using the mechanisms defined in FHIR core and FHIR DS4P IG
  • High-level ideas on how to implement a security labeling service
  • How to incorporate a security labeling service into the broader authorization management and access control including Consent enforcement
Mohammad Jafari

Mohammad Jafari

Senior Privacy Consultant and Integration Specialist E-Health and E-Commerce
// Bio
Mohammad Jafari (PhD, MBA) is an independent consultant and subject matter expert in privacy, interoperability, and integration and an adjunct faculty at Arizona State University. He has been active in the health informatics industry and standards development community for over a decade in various roles and projects, including as the Principal Investigator and Project Director of the Office of National Coordinator’s LEAP FHIR Consent project and the co-author and technical facilitator of the FHIR Data Segmentation for Privacy (DS4P) Implementation Guide. He is the co-chair of HL7 Community-Based Care and Privacy (CBCP) and Human and Social Services (HSS) working groups.
Label-based Access Control in FHIR
  • Introduction to Label-Based Access Control (LBAC)
  • Aidbox LBAC engine demo
  • Privacy vs. FHIR conformance

Mike Kulakov

Product Manager at Health Samurai
// Bio
Mikhail Kulakov is a Product Manager at Health Samurai, focusing on the Aidbox FHIR Platform. With a strong background in product management and marketing, Mike contributes to developing solutions that enhance healthcare IT through FHIR technology.
Q&A Session
Nikolai will host the event and generally create a welcoming environment for invited guests and speakers.
Nikolai Ryzhikov

Nikolai Ryzhikov

CTO at Health Samurai
// Bio
Nikolai is a CTO at Health Samurai and technical leader of the Aidbox FHIR Platform with more than 15 years of experience in healthcare IT. Since 2012 has been actively contributing to the FHIR standard, and popular open-source projects like Fhirbase, FHIR.js. Author of the FHIR-first development approach and regular speaker of FHIR events.

Register here

Please fill out the registration form to join the meetup. We will send you a reminder with the Zoom link one day before the event.

Any questions? Feel free to reach out at:

Full name
JoB title
business email
By submitting the form you agree to Privacy Policy and Cookie Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Want to get our meetups updates?

Join our subscribers list to get educational materials, updates and interesting articles about Aidbox & HL7 FHIR.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FHIR® is the registered trademark of HL7 and is used with the permission of HL7. This event is not sponsored by HL7. The FHIR trademark does not constitute endorsement of the content of the products and/or presentations presented by HL7.