Use this page to identify initiatives and/or HL7 implementation guides that are referencing the FAST Security implementation guide. 

Initiative/Implementation Guide (including URLs/References)Point of Contact (name/email) Dependencies on FAST Security IG (including URLs/References)
FAST Interoperable Digital Identity and Patient Matching STU 1

CARIN Consumer Directed Payer Data Exchange (CARIN IG for Blue Button) STU2

Primary Authors

6. MAY support the Security for Scalable Registration, Authentication, and Authorization 0.1.0 or later for registration of client applications and (authentication and authorization of client applications or users)

      1. If UDAP is supported, then all server systems and client applications that can protect private cryptographic keys and all systems of record SHOULD support UDAP JWT-Based Client Authentication for the authentication of client applications using asymmetric cryptography.
TEFCA Facilitated FHIR Implementation Guide V2


Da Vinci HRex

6.4 Exchange Security

  1. When the identity of the requesting or receiving party is important, implementations SHOULD use one or more of the following as defined in the specific Da Vinci IG:
    1. the SMART on FHIR Framework ,
    2. mutually authenticated TLS ,
    3. the ONC FHIR At Scale Taskforce (FAST) security tiger team recommended solutions, once approved by an accredited standards development organization, or
    4. the OAuth Server to Server Authentication as defined in the Bulk Data exchange IG.

Draft Carequality FHIR-Based Exchange Implementation Guide (under development)

David Pyke

eHealth Exchange Authorization Framework V4.0 (published for public comment)

Joe Lamy

CommonWell IG (draft)

Jason Vogt
  • No labels