• CDex Data Source servers SHALL support resolving logical identifiers for the Patient resource.

use a [FHIR RESTful search] instead of [FHIR RESTful read]. There is no CDex support for signatures on a FHIR RESTful read because it fetches a single instance of a resource instead of a Bundle. If the Data Consumer attempts to fetch a resource with a read and a signature is required, the Data Source/Responder SHALL return an HTTP 400 Bad Request and an OperationOutcome describing the business rule error. The following HTTP response and OperationOutcome illustrate this

The [Da Vinci] initiative supports this implementation guide. Da Vinci is a private effort to accelerate the adoption of Health Level Seven International Fast Healthcare Interoperability Resources (HL7® FHIR®) as the standard to support and integrate value-based care (VBC) data exchange across communities. This guide and implementers of it SHALL adhere to the [HL7 Da Vinci Guiding Principles] for exchanging patient health information.

This implementation guide inherits all of the mandatory requirements and recommendations defined in the [HRex Security and Privacy] specification. Implementers SHALL read and adhere to the guidance for the following topics:

1. User scopes SHALL be used as defined in [SMART App Launch] to restrict access to the relevant patients for a given Data Consumer. Organizational user access scopes are typically pre-negotiated and documented via business agreements. Data Sources shall translate these agreements into the appropriate SMART App Launch scopes.

1. Audit mechanisms SHALL be in place so that exchange mechanisms with or without human intervention can be subject to review/oversight.

communicate the POU for the requested data for each Task using codes from the [CDex Purpose of Use Value Set] in the POU Task.input element. The Data Consumer and Data Source SHALL use it to communicate the POU for the requested data when trading partner agreements require the POU to be exchanged.</span><!-- new-content -->

Figure 8 below illustrates a "typical" state machine for CDex Task. The Data Consumer creates the Task with a status of "requested". The Data Source updates the status of the Task as appropriate. The Data Source SHALL support all the statuses in the [HRex Task Status ValueSet]. The Data Source

Da Vinci CDex Data Sources who choose to support Subscription SHALL comply with the [Subscription R5 Backport Implementation Guide] and the Da Vinci Health Record Exchange (HRex) Subscription requirements for subscribing to Task updates. These implementation guides "pre-adopt" the FHIR R5 topic-based subscription approach in R4 implementations since most U.S. EHR vendors have agreed to support it.

• The Data Source SHALL support the HRex Task Subscription Topic and

• The Data Source SHALL support discovery of the CDex Task Update Subscription Topic canonical URL

*The Task.reasonReference DocumentReference.author is a Must Support element with four target profile and three Coverage profiles. Servers SHALL support at least one of them, and when supporting a Coverage profile

support at least one of them, and when supporting a Coverage profile, SHALL support the Coverage Profile based on the US Core version as follows:

do not define the detailed POU, and the implementer SHALL supply an additional, alternate code. The resource fragment below shows their use:

The CDex Profile elements consist of Mandatory, Must Support, and Optional elements. Elements that are neither Mandatory or Must Support are Optional. Mandatory elements are elements with a minimum cardinality greater than 0. [Must Support] elements are marked with the mustSupport flag and SHALL be interpreted as follows:

The CDex Profile elements consist of Mandatory, Must Support, and Optional elements. Elements that are neither Mandatory or Must Support are Optional. Mandatory elements are elements with a minimum cardinality greater than 0. [Must Support] elements are marked with the mustSupport flag and SHALL be interpreted as follows:

element is required and the Task Source SHALL populating the data element with value unless:

element is required and the Task Source SHALL populating the data element with value unless:

Source SHALL use that extension to communicate the reason for missing data.

Source SHALL use that extension to communicate the reason for missing data.

• If the minimum cardinality of an element is equal to 0, the Task Source SHALL be capable of populating the data element when sharing Task compliant with a CDex profile. Although the system needs to demonstrate it is capable of populating and sharing of the element, it is acceptable to omit the element if the system doesn't have values in a particular instance. A system that is incapable of ever sharing the

• If the minimum cardinality of an element is equal to 0, the Task Source SHALL be capable of populating the data element when sharing Task compliant with a CDex profile. Although the system needs to demonstrate it is capable of populating and sharing of the element, it is acceptable to omit the element if the system doesn't have values in a particular instance. A system that is incapable of ever sharing the

• The Task Consumer SHALL be capable of processing Task instances

• The Task Consumer SHALL be capable of processing Task instances

The use of CDex SHALL NOT be considered compliant with any use case specific IG where CDex is not explicitly required as part of the supported exchanges.

Systems may choose some or all of these capabilities and implement any combination of unsolicited or solicited attachments for prior authorization, claims, or both. Therefore, in contrast to the expectations in the CDex CapabilityStatements, they SHOULD define what they support in their local capability statement in one or more of the following ways:

|Attachment.Code||{{OK}}(It SHOULD be present when submitting unsolicited attachments)|

• CDex Data Source servers SHOULD support the patient match operation and declare it in their CapabilityStatement.

To the extent that the Data Source keeps a record of the provenance of the data, the FHIR Provenance Resource can be requested as documented on US Core's [Basic Provenance] page. When returning provenance, they SHOULD use the [HRex Provenance Profile]. The following example illustrates this transaction.

The Da Vinci Burden Reduction Implementation Guides (IGs), [Da Vinci Coverage Requirements Discovery (CRD)], [Da Vinci Documentation Templates and Rules (DTR)], and [Da Vinci Prior Authorization Support (PAS)], support an integrated workflow to enable automated submission of required documentation and prior authorization from EHR and payer systems respectively. Although the PAS guide leverages CDex, implementers SHOULD follow the Burden Reduction IGs to request additional information for prior authorization. See [Using CDex Attachments with DaVinci PAS] page for more details.

• The Data Source SHOULD support discovery using the CapabilityStatement SubscriptionTopic Canonical extension and

CDex Task-based transactions have many optional capabilities. Systems may choose some or all of these capabilities and implement any combination. Refer to the CDex [CapabilityStatements] resources for conformance expectations for the various actors and roles. In contrast to the expectations in the CDex CapabilityStatements, Systems SHOULD define what they support in their local capability statement in one or more of the following ways:

• if multiple documents need to be signed, systems SHOULD minimize the number of interactions required by the user

• if multiple documents need to be signed, systems SHOULD minimize the number of interactions required by the user

• An alternative is needed to cover some aspects of an exchange. For example, suppose the provider's data release process does not allow the automatic request for information specified in a use case specific IG. In that case, CDex provides an asynchronous process that allows manual review before releasing the information. However, implementers SHOULD NOT use this transaction when there is a requirement for real-time response to facilitate patient care.

data - and receivers SHOULD NOT reject instances that contain unexpected data elements if those elements are not [modifier elements]. However, Task Sources cannot rely on Task Consumers to store, process, or do anything other than ignore data that is not marked as mustSupport.

data - and receivers SHOULD NOT reject instances that contain unexpected data elements if those elements are not [modifier elements]. However, Task Sources cannot rely on Task Consumers to store, process, or do anything other than ignore data that is not marked as mustSupport.

<span class="bg-success" markdown="1">CDex Task-based queries enable Data Consumers to dynamically define POUs when requesting data. Data Consumer and Data Source MAY communicate the POU for the requested data for each Task using codes from the [CDex Purpose of Use Value Set] in the POU Task.input element. The Data Consumer and Data Source

support all the statuses in the [HRex Task Status ValueSet]. The Data Source MAY support additional transitions, including transitions from terminal states (e.g., back to "in-progress" from "failed" or "completed"). The Data Source

support additional transitions, including transitions from terminal states (e.g., back to "in-progress" from "failed" or "completed"). The Data Source MAY use [Task.businessStatus] to track intermediate business statuses for their specific implementation

support the HRex Task Subscription Topic and MAY support other subscription topics

support discovery using the CapabilityStatement SubscriptionTopic Canonical extension and MAY support discovery by some other method