The medical communication standard HL7 FHIR is said to have increased the interoperability between different medical contexts to enable data exchange of various systems. FHIR does not define mandatory security controls or requirements to address risks associated with communication from a large number of systems.
In this paper, we analyze the present controls with respect to non-repudiation and accountability of resource modifications and the integrity of exchanged resources.