Security Architecture for FHIR-Integrated Generative AI Systems in Pharmacy API Ecosystems

Abstract

The integration of Fast Healthcare Interoperability Resources (FHIR) with generative artificial intelligence (GenAI) systems is accelerating across the healthcare landscape, particularly within pharmacy ecosystems responsible for medication dispensing, formulary management, prior authorization, and real-time benefit determination. While FHIR provides a standardized framework for interoperable data exchange, GenAI introduces new risks such as prompt injection, hallucinated clinical assertions, privacy violations, model inversion, and inadvertent leakage of protected health information (PHI). These risks become more pronounced when GenAI models are connected to high-sensitivity medication APIs used by payers, pharmacies, and clinical systems. This paper presents a comprehensive security architecture for FHIR-GenAI integration within pharmacy workflows. It proposes a multilayer strategy incorporating Zero Trust, privacy-preserving computation, API governance, model guardrails, and secure machine-learning pipelines. Code examples are provided to illustrate key enforcement mechanisms. The analysis demonstrates that secure implementation of GenAI in pharmacy systems must harmonize conventional enterprise security controls with new GenAI-specific risks while honoring regulatory requirements such as HIPAA, HITECH, and HITRUST CSF.

Ähnliche Arbeiten