CR Core transactions often make use of clinical trial participant-specific information which could be exploited by malicious actors, resulting in exposure of protected health information (PHI). For this reason, transactions must be secured appropriately with access to limited authorized individuals, data protected in transit, and appropriate audit measures taken.
Implementers should be aware of the security considerations associated with FHIR transactions, particularly those related to:
For the purposes of CR Core, security conformance requirements are as follows: