Da Vinci Unsolicited Notifications Implementation Guide CI Build

Da Vinci Unsolicited Notifications, published by HL7 International - Infrastructure and Messaging Work Group. This is not an authorized publication; it is the continuous build for version 0.1.0). This version is based on the current content of https://github.com/HL7/davinci-alerts/ and changes regularly. See the Directory of published versions

Security and Privacy

In order to be responsible stewards of data, we will need to follow the data governance laws around sensitive conditions. Sensitive conditions are defined to support masking of clinical data that protects consumer’s privacy and are subject to special disclosure rules which govern the distribution of data to external parties.

The FHIR Security and Privacy Module describes how to protect a patients privacy through de-Identification, pseudonymization, anonymization. FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems.

The DaVinci project is actively seeking input on security approaches and expectations for authentication and authorization between Senders and Receivers of sensitive patient data (e.g., will TLS, mutual-TLS, OAuth, etc. be required to interoperate?). There are several implementation guides and ongoing initiatives to address these issues including:

Once an approach has been agreed upon, it will be documented in the the Da Vinci Health Record Exchange (HRex) Implementation Guide.