Da Vinci Unsolicited Notifications
1.0.0 - STU1 Release

Da Vinci Unsolicited Notifications, published by HL7 International - Infrastructure and Messaging Work Group. This is not an authorized publication; it is the continuous build for version 1.0.0). This version is based on the current content of https://github.com/HL7/davinci-alerts/ and changes regularly. See the Directory of published versions

Security

Da Vinci Unsolicited Notifications involves the server sending a communication that could reveal information about the client and server relationship, as well as sensitive administrative or clinical information. Servers are responsible for ensuring appropriate security is employed and for following the FHIR security guidance. Sensitive data should only be exchanged over secured channels therefore a variety of communication protocols may be appropriate given the nature of the existing inter-party communication channels. This guide does not address these concerns directly; it is assumed that these are administered by other configuration processes.

FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems. For example, the de-facto security layer for FHIR RESTful transactions is SMART’s profile of OAuth 2.0:

There are several ongoing initiatives to address various security and privacy issues including:

Once a suitable approach has been agreed upon and published, it will be referenced in a future version of this guide.