Da Vinci Health Record Exchange (HRex)
1.2.0-snapshot - STU 1.2
Da Vinci Health Record Exchange (HRex)
1.2.0-snapshot - STU 1.2
Da Vinci Health Record Exchange (HRex), published by HL7 International / Clinical Interoperability Council. This guide is not an authorized publication; it is the continuous build for version 1.2.0-snapshot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/davinci-ehrx/ and changes regularly. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 3 |
{
"resourceType" : "Requirements",
"id" : "fromNarrative",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: Requirements fromNarrative</b></p><a name=\"fromNarrative\"> </a><a name=\"hcfromNarrative\"> </a><p>These requirements apply to the following actors: </p><ul><li><a href=\"ActorDefinition-consumer.html\">Data Consumer</a></li><li><a href=\"ActorDefinition-mmclient.html\">Member Match Client</a></li><li><a href=\"ActorDefinition-disc-server.html\">Discovery Server</a></li><li><a href=\"ActorDefinition-igauthor.html\">HRex IG Author</a></li><li><a href=\"ActorDefinition-implementer.html\">HRex Implementer</a></li><li><a href=\"ActorDefinition-subscribe-imp.html\">Subscription Implementer</a></li><li><a href=\"ActorDefinition-poll-imp.html\">Polling Implementer</a></li><li><a href=\"ActorDefinition-disc-client.html\">Discovery Client</a></li><li><a href=\"ActorDefinition-source.html\">Data Source</a></li><li><a href=\"ActorDefinition-mmserver.html\">Member Match Server</a></li></ul><table class=\"grid\"><tr><td><b><a name=\"conf-1\"> </a></b>conf-1</td><td>SHALL</td><td><div><p>Data Sources <strong>SHALL</strong> be capable of populating the data element when sharing resources compliant with the profile.</p>\n</div></td></tr><tr><td><b><a name=\"conf-2\"> </a></b>conf-2</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> be capable of processing resource instances containing the data elements without generating an error or causing the application to fail.</p>\n</div></td></tr><tr><td><b><a name=\"conf-3\"> </a></b>If the minimum cardinality of an element is greater than 0 – i.e. the element is ‘required’, then the element SHALL be present in the instance and SHALL have a value unless a listed exception applies.</td><td>SHALL</td><td><div><ul>\n<li>If the minimum cardinality of an element is greater than 0 – i.e. the element is 'required', then the element <strong>SHALL</strong> be present in the instance and <strong>SHALL</strong> have a value unless:</li>\n<li>The profile explicitly declares the dataAbsentReason extension or other extension for the element, in which case an extension can be present in place of the value.</li>\n<li>The profile is inherited from U.S. Core, in which case a dataAbsentReason extension can be sent in place of the value even where dataAbsentReason is not explicitly declared in the profile.</li>\n</ul>\n</div></td></tr><tr><td><b><a name=\"conf-4\"> </a></b>conf-4</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> interpret missing data elements within resource instances as data not being present in the Data Source's systems or was not deemed to be shareable with the Data Consumer for privacy or other business reasons.</p>\n</div></td></tr><tr><td><b><a name=\"conf-5\"> </a></b>conf-5</td><td>SHALL</td><td><div><p>Where the value set for an element includes concepts such as "unknown", "refused to answer", "not available" or where dataAbsentReason is explicitly referenced in a profile, then Data Sources <strong>SHALL</strong> use these values/that extension to communicate the reason for missing data.</p>\n</div></td></tr><tr><td><b><a name=\"conf-6\"> </a></b>conf-6</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> be able to process resource instances containing data elements that have extensions in place of a value where such extensions are declared as part of the profile.</p>\n</div></td></tr><tr><td><b><a name=\"conf-7\"> </a></b>conf-7</td><td>SHOULD-NOT</td><td><div><p>Systems are free to include additional data - and Data Consumers <strong>SHOULD NOT</strong> reject instances that contain unexpected data elements if those elements are not <a href=\"http://hl7.org/fhir/R4/conformance-rules.html#isModifier\">modifier elements</a>.</p>\n</div></td></tr><tr><td><b><a name=\"conf-8\"> </a></b>conf-8</td><td>SHOULD</td><td><div><p>For any other references not formally defined in a US Core profile, the referenced resource <strong>SHOULD</strong> be a US Core profile if a US Core profile exists for the resource type.</p>\n</div></td></tr><tr><td><b><a name=\"ep-1\"> </a></b>When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer SHALL include exactly one 2000A loop repetition meeting specified requirements.</td><td>SHALL</td><td><div><p>When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer <strong>SHALL</strong> include exactly one 2000A loop repetition such that:</p>\n<ul>\n<li>The NM1-01 is populated with PR.</li>\n<li>There is exactly one PER repetition that has a URL communication number that fits the pattern below. (i.e. in exactly one of the PER04, PER06, or PER08 where the preceding Communication Qualifier Number is set to 'UR'):</li>\n</ul>\n</div></td></tr><tr><td><b><a name=\"ep-2\"> </a></b>ep-2</td><td>SHALL</td><td><div><p>Regardless of how it is retrieved, the .well-known endpoint <strong>SHALL</strong> be accessible with a simple TLS (not mutual TLS) connection and resolve to a JSON document.</p>\n</div></td></tr><tr><td><b><a name=\"ep-3\"> </a></b>ep-3</td><td>SHALL</td><td><div><p>As well, codes for new 'final publication' versions of specifications that already have defined base codes (following the convention of appending '#' and then the first two nodes of the version number) <strong>SHALL</strong> be treated as valid, even if not yet listed in this specification.</p>\n</div></td></tr><tr><td><b><a name=\"ep-4\"> </a></b>ep-4</td><td>MAY</td><td><div><p>In situations where an endpoint turns out to not be functional, client systems <strong>MAY</strong> choose to re-query the .well-known endpoint and/or to re-run the eligibility check to see if the end point has changed.</p>\n</div></td></tr><tr><td><b><a name=\"ex-1\"> </a></b>ex-1</td><td>SHALL</td><td><div><p>All Da Vinci IGs that define <a href=\"http://hl7.org/fhir/R4/capabilitystatement.html\">CapababilityStatements</a> setting expectations for support for certain FHIR interactions, operations, or other exchange mechanisms <strong>SHALL</strong> include a 'design' section that explains the IG's choice of exchange architecture in terms of the decision tree found in the FHIR core specification.</p>\n</div></td></tr><tr><td><b><a name=\"mm-1\"> </a></b>mm-1</td><td>SHALL</td><td><div><p>The performer <strong>SHALL</strong> include the target payer for the <a href=\"OperationDefinition-member-match.html\">$member-match</a> and the recipient <strong>SHALL</strong> include the initiator of the $member-match.</p>\n</div></td></tr><tr><td><b><a name=\"mm-2\"> </a></b>mm-2</td><td>SHOULD</td><td><div><p>As a rule, all Coverage elements available <strong>SHOULD</strong> be populated, even if not all might be strictly necessary to identify the member because rules can vary from insurer to insurer about which pieces of information are necessary to uniquely identify a member.</p>\n</div></td></tr><tr><td><b><a name=\"mm-3\"> </a></b>mm-3</td><td>SHALL</td><td><div><p>After a successful $member-match the requesting system <strong>SHALL</strong> then use the UMB provided by the target payer in the <code>Patient.identifier</code> field in any subsequent transactions with the same system.</p>\n</div></td></tr><tr><td><b><a name=\"mm-4\"> </a></b>mm-4</td><td>SHOULD</td><td><div><p>If the requesting system was a payer with coverage for the member, the receiving system <strong>SHOULD</strong> create a linkage between their own member information and the Coverage provided by the requesting system.</p>\n</div></td></tr><tr><td><b><a name=\"mm-5\"> </a></b>mm-5</td><td>SHOULD-NOT</td><td><div><p>For privacy reasons, the 'CoverageToLink' <strong>SHOULD NOT</strong> include any data elements not marked as mustSupport in the Coverage profile.</p>\n</div></td></tr><tr><td><b><a name=\"mm-6\"> </a></b>mm-6</td><td>SHALL</td><td><div><p>The Coverage and Consent references <strong>SHALL</strong> be 'local' references (i.e. starting with "Patient/" rather than "http"), <strong>SHALL</strong> be resolved to the parameter with the name "MemberPatient", and <strong>SHALL</strong> refer to the same id.</p>\n</div></td></tr><tr><td><b><a name=\"mm-7\"> </a></b>mm-7</td><td>SHALL</td><td><div><p>Servers <strong>SHALL</strong> monitor for and take measures to prevent brute force attacks where the same or similar set of demographics are repeatedly searched with differing card information in an attempt to achieve a match when the card information is unknown.</p>\n</div></td></tr><tr><td><b><a name=\"mm-8\"> </a></b>mm-8</td><td>SHALL</td><td><div><p>A maximum of a SINGLE unique match <strong>SHALL</strong> be returned.</p>\n</div></td></tr><tr><td><b><a name=\"mm-9\"> </a></b>mm-9</td><td>SHALL</td><td><div><p>No match <strong>SHALL</strong> return a 422 status code.</p>\n</div></td></tr><tr><td><b><a name=\"mm-10\"> </a></b>mm-10</td><td>SHALL</td><td><div><p>Multiple matches <strong>SHALL</strong> return a 422 status code.</p>\n</div></td></tr><tr><td><b><a name=\"mm-11\"> </a></b>mm-11</td><td>SHALL</td><td><div><p>If consent is provided, inability to comply with consent requirements <strong>SHALL</strong> return a 422 status code</p>\n</div></td></tr><tr><td><b><a name=\"mm-12\"> </a></b>mm-12</td><td>SHOULD</td><td><div><p>Any 422 response codes <strong>SHOULD</strong> be accompanied by an <a href=\"http://hl7.org/fhir/R4/operationoutcome.html\">OperationOutcome</a> that indicates the specific nature of the failure.</p>\n</div></td></tr><tr><td><b><a name=\"mm-13\"> </a></b>mm-13</td><td>SHOULD</td><td><div><p>The recipient of a member match <strong>SHOULD</strong> store the parameters of the consent (Validity Period, Scope etc.) to enable the authorization server to evaluate the consent before issuing a token for data access during subsequent requests.</p>\n</div></td></tr><tr><td><b><a name=\"prov-1\"> </a></b>Implementations SHOULD follow the recommendations on which resources should be referenced from which data element.</td><td>SHOULD</td><td><div><p>The following table lists the various agent codes and what resource types are appropriate. These recommendations <strong>SHOULD</strong> be followed</p>\n<h2>| element | Allowed target resources |</h2>\n<p>| transmitter | This could be Patient, RelatedPerson, Practitioner or PractitionerRole or Organization. A second transmitter could capture the specific Device used | | enterer | Patient, RelatedPerson, Practitioner or PractitionerRole | | performer | could be anything | | author | could be anything | | verifier | generally only Practitioner or PractitionerRole | | legal | Only Practitioner or PractitionerRole | | attester | Patient, RelatedPerson, Practitioner or PractitionerRole | | informant | Patient, RelatedPerson, Practitioner or PractitionerRole | | custodian | usually Organization, could also be Device, Practitioner or PractitionerRole | | assembler | usually a Device, could be Practitioner or PractitionerRole | ——————————————</p>\n</div></td></tr><tr><td><b><a name=\"prov-2\"> </a></b>Provenance.agent.onBehalfOf SHOULD NOT be used in certain circumstances.</td><td>SHOULD-NOT</td><td><div><p><code>Provenance.agent.onBehalfOf</code> is only relevant in certain circumstances:</p>\n<ul>\n<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated if RelatedPerson is acting on behalf of the Patient. (Because that is the assumption and there is already a link to the Patient on that resource)</li>\n<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if the agent is Practitioner - use PractitionerRole instead (even if it is a contained PractitionerRole)</li>\n<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if the agent is PractitionerRole unless PractitionerRole is pointing to an organization and the <code>onBehalfOf</code> is different (i.e. Dr. Smith for Clinic A did something on behalf of clinic B)</li>\n<li>It is unusual for <code>onBehalfOf</code> to be populated if the agent is Patient or RelatedPerson</li>\n<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if it is the same as <code>Device.owner</code></li>\n</ul>\n</div></td></tr><tr><td><b><a name=\"sec-1\"> </a></b>sec-1</td><td>SHOULD</td><td><div><p>IGs derived from HRex <strong>SHOULD</strong> all reference this section, though they can qualify and supplement the content here as appropriate for the specific technologies they are using, and the threat environment and privacy considerations involved in their specific use case.</p>\n</div></td></tr><tr><td><b><a name=\"sec-2\"> </a></b>sec-2</td><td>SHALL</td><td><div><p>All implementations of any Da Vinci FHIR Implementation Guides (IG) <strong>SHALL</strong> meet all current relevant Federal and State statutes and regulations regarding security and privacy.</p>\n</div></td></tr><tr><td><b><a name=\"sec-3\"> </a></b>sec-3</td><td>SHALL</td><td><div><p>All IGs <strong>SHALL</strong> use applicable technical standards required by current regulations published by the Centers for Medicare and Medicaid Services (CMS) and the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC) (allowing for voluntary use through the <a href=\"https://www.healthit.gov/isa/standards-version-advancement-process#:~:text=ONC%20has%20established%20the%20voluntary,of%20Certification%20requirement%20(%C2%A7%20170.405)\">SVAP</a>) unless an exception has been granted.</p>\n</div></td></tr><tr><td><b><a name=\"sec-4\"> </a></b>sec-4</td><td>SHOULD</td><td><div><p>All IGs and implementations <strong>SHOULD</strong> follow the current <a href=\"davinci-guiding-principles.html\">Da Vinci Guiding Principles</a>.</p>\n</div></td></tr><tr><td><b><a name=\"sec-5\"> </a></b>sec-5</td><td>SHALL</td><td><div><p>All IGs and implementations <strong>SHALL</strong> support patient/member consent and/or treatment of sensitive information consistent with Federal and State statutes and regulations.</p>\n</div></td></tr><tr><td><b><a name=\"sec-6\"> </a></b>sec-6</td><td>SHOULD</td><td><div><p>All IGs and implementations <strong>SHOULD</strong> support the consent and data sharing policies of trading partners involved in the exchange that are more protective so long as policies are consistent with or more restrictive than Federal and State statutes and regulations.</p>\n</div></td></tr><tr><td><b><a name=\"sec-7\"> </a></b>sec-7</td><td>SHOULD</td><td><div><p>All FHIR Implementation Guides <strong>SHOULD</strong> follow the FHIR Security guidance and FHIR Implementer's Safety guidance as defined in the relevant FHIR specification (e.g. Release 4.1.0) where applicable and not superseded by this Section or specific IG requirements.</p>\n</div></td></tr><tr><td><b><a name=\"sec-8\"> </a></b>sec-8</td><td>MAY</td><td><div><p>to meet the statutes, regulations, and guiding principles above, consent directives and security labels <strong>MAY</strong> be considered and used.</p>\n</div></td></tr><tr><td><b><a name=\"sec-9\"> </a></b>sec-9</td><td>SHALL, SHOULD</td><td><div><p>When exchanging Protected Health Information (PHI) between entities, the exchange <strong>SHOULD</strong> use the current version and <strong>SHALL</strong> use either current or the immediately prior release of <a href=\"https://tools.ietf.org/html/rfc8446\">Transport Level Security (TLS)</a> as specified by the current release of <a href=\"https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final\">National Institute of Standards and Technology (NIST) guidelines (SP 800-52)</a>.</p>\n</div></td></tr><tr><td><b><a name=\"sec-10\"> </a></b>sec-10</td><td>SHALL</td><td><div><p>TLS <strong>SHALL</strong> be implemented as per <a href=\"https://datatracker.ietf.org/doc/html/rfc8705\">RFC8705</a>.</p>\n</div></td></tr><tr><td><b><a name=\"sec-11\"> </a></b>When the identity of the requesting or receiving party is important, implementations SHOULD use one or more of the preferred authorization mechanisms.</td><td>SHOULD</td><td><div><ul>\n<li>When the identity of the requesting or receiving party is important, implementations <strong>SHOULD</strong> use one or more of the following as defined in the specific Da Vinci IG:</li>\n</ul>\n<ol>\n<li>the<a href=\"https://hl7.org/fhir/smart-app-launch/index.html\">SMART App Launch Authorization</a>,</li>\n<li>mutually authenticated TLS,</li>\n<li>the<a href=\"https://hl7.org/fhir/us/udap-security\">FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization IG</a>, or</li>\n<li>the OAuth Server to Server Authentication as defined in<a href=\"https://hl7.org/fhir/smart-app-launch/backend-services.html\">SMART Back-end Services</a>.</li>\n</ol>\n</div></td></tr><tr><td><b><a name=\"sec-12\"> </a></b>sec-12</td><td>SHALL</td><td><div><p>When using OAuth (either through SMART or UDAP), OAuth tokens issued <strong>SHALL</strong> be tied to the client system's certificate.</p>\n</div></td></tr><tr><td><b><a name=\"sec-13\"> </a></b>sec-13</td><td>SHALL</td><td><div><p>When mutual TLS is used, it <strong>SHALL</strong> be done in accordance with <a href=\"https://datatracker.ietf.org/doc/html/rfc8705\">RFC8705</a></p>\n</div></td></tr><tr><td><b><a name=\"sec-14\"> </a></b>sec-14</td><td>SHALL</td><td><div><p>The TLS authorization mechanism <strong>SHALL</strong> be PKI-Mutual TLS (i.e. not self-signed certificates)</p>\n</div></td></tr><tr><td><b><a name=\"sec-15\"> </a></b>sec-15</td><td>SHALL</td><td><div><p>Signing options <strong>SHALL</strong> use URIs, not DNS, IP, email, etc.</p>\n</div></td></tr><tr><td><b><a name=\"sec-16\"> </a></b>sec-16</td><td>SHALL</td><td><div><p>If mutual TLS is used with OAuth, the OAuth tokens <strong>SHALL</strong> be bound to the client system's certificate (and are therefore not shareable)</p>\n</div></td></tr><tr><td><b><a name=\"sec-17\"> </a></b>sec-17</td><td>SHALL</td><td><div><p>Where permitted by law and in accordance with legal requirements, systems <strong>SHALL</strong> always support release of additionally protected information.</p>\n</div></td></tr><tr><td><b><a name=\"sec-18\"> </a></b>sec-18</td><td>SHALL</td><td><div><p>Implementations <strong>SHALL</strong> ensure that release of the information without explicit request of the patient/member is based on organization policy consistent with Federal and State regulations.</p>\n</div></td></tr><tr><td><b><a name=\"sec-19\"> </a></b>sec-19</td><td>SHALL</td><td><div><p>Information Source systems <strong>SHALL</strong> log all IDs, access rights, requests, and exchanges.</p>\n</div></td></tr><tr><td><b><a name=\"sec-20\"> </a></b>sec-20</td><td>SHALL</td><td><div><p>Information Source systems <strong>SHALL</strong> verify rights of the requestor to have access to the member's/patient's record.</p>\n</div></td></tr><tr><td><b><a name=\"task-1\"> </a></b>task-1</td><td>SHALL, SHOULD</td><td><div><p>For Da Vinci, systems that use polling <strong>SHALL</strong> check for new/updated information at least once per business day and <strong>SHOULD</strong> check for information at least once per hour during</p>\n</div></td></tr><tr><td><b><a name=\"task-2\"> </a></b>task-2</td><td>SHOULD-NOT</td><td><div><p>Polling systems <strong>SHOULD NOT</strong> query more often than every 15 minutes unless there is an urgent change they are monitoring for.</p>\n</div></td></tr><tr><td><b><a name=\"task-3\"> </a></b>task-3</td><td>SHALL</td><td><div><p>Implementers of this Da Vinci IG who choose to support Subscription <strong>SHALL</strong> comply with the Subscription Backport IG for the purpose of monitoring Tasks.</p>\n</div></td></tr><tr><td><b><a name=\"task-4\"> </a></b>task-4</td><td>SHALL</td><td><div><p>Systems supporting subscription <strong>SHALL</strong> support the rest-hook channel mechanism, though they might choose to support other channel approaches.</p>\n</div></td></tr><tr><td><b><a name=\"task-5\"> </a></b>task-5</td><td>SHALL</td><td><div><p>Systems using subcription <strong>SHALL</strong> support id-only, though they can also support other content approaches.</p>\n</div></td></tr><tr><td><b><a name=\"task-6\"> </a></b>task-6</td><td>MAY</td><td><div><p>If search is used, systems <strong>MAY</strong> use _include=Task:output to retrieve the referenced results as well.</p>\n</div></td></tr></table></div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "cic"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm",
"valueInteger" : 3,
"_valueInteger" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
}
]
}
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status",
"valueCode" : "trial-use",
"_valueCode" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"
}
]
}
}
],
"url" : "http://hl7.org/fhir/us/davinci-hrex/Requirements/fromNarrative",
"identifier" : [
{
"system" : "urn:ietf:rfc:3986",
"value" : "urn:oid:2.16.840.1.113883.4.642.40.19.36.1"
}
],
"version" : "1.2.0-snapshot",
"name" : "FromNarrative",
"title" : "Narrative Conformance Statements",
"status" : "active",
"experimental" : false,
"date" : "2026-01-28T23:06:20-07:00",
"publisher" : "HL7 International / Clinical Interoperability Council",
"contact" : [
{
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/cic"
}
]
}
],
"description" : "Conformance statements found throughout the narrative of the IG consolidated into this computable resource for traceability purposes",
"jurisdiction" : [
{
"coding" : [
{
"system" : "urn:iso:std:iso:3166",
"code" : "US"
}
]
}
],
"actor" : [
🔗 "http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/consumer"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/mmclient"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/disc-server"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/igauthor"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/implementer"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/subscribe-imp"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/poll-imp"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/disc-client"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/source"🔗 ,
"http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/mmserver"
],
"_actor" : [
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "consumer"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "mmclient"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "disc-server"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "igauthor"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "implementer"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "subscribe-imp"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "poll-imp"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "disc-client"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "source"
}
]
},
{
🔗 "extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey",
"valueString" : "mmserver"
}
]
}
],
"statement" : [
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "conf-1",
"conformance" : [
"SHALL"
],
"requirement" : "Data Sources **SHALL** be capable of populating the data element when sharing resources compliant with the profile."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "consumer"
}
],
"key" : "conf-2",
"conformance" : [
"SHALL"
],
"requirement" : "Data Consumers **SHALL** be capable of processing resource instances containing the data elements without generating an error or causing the application to fail."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "conf-3",
"label" : "If the minimum cardinality of an element is greater than 0 – i.e. the element is ‘required’, then the element SHALL be present in the instance and SHALL have a value unless a listed exception applies.",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "* If the minimum cardinality of an element is greater than 0 – i.e. the element is 'required', then the element **SHALL** be present in the instance and **SHALL** have a value unless: \r\n* The profile explicitly declares the dataAbsentReason extension or other extension for the element, in which case an extension can be present in place of the value.\r\n* The profile is inherited from U.S. Core, in which case a dataAbsentReason extension can be sent in place of the value even where dataAbsentReason is not explicitly declared in the profile."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "consumer"
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
}
],
"key" : "conf-4",
"conformance" : [
"SHALL"
],
"requirement" : "Data Consumers **SHALL** interpret missing data elements within resource instances as data not being present in the Data Source's systems or was not deemed to be shareable with the Data Consumer for privacy or other business reasons."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "conf-5",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "Where the value set for an element includes concepts such as \"unknown\", \"refused to answer\", \"not available\" or where dataAbsentReason is explicitly referenced in a profile, then Data Sources **SHALL** use these values/that extension to communicate the reason for missing data."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "consumer"
}
],
"key" : "conf-6",
"conformance" : [
"SHALL"
],
"requirement" : "Data Consumers **SHALL** be able to process resource instances containing data elements that have extensions in place of a value where such extensions are declared as part of the profile."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "consumer"
}
],
"key" : "conf-7",
"conformance" : [
"SHOULD-NOT"
],
"requirement" : "Systems are free to include additional data - and Data Consumers **SHOULD NOT** reject instances that contain unexpected data elements if those elements are not [modifier elements](http://hl7.org/fhir/R4/conformance-rules.html#isModifier)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "conf-8",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "For any other references not formally defined in a US Core profile, the referenced resource **SHOULD** be a US Core profile if a US Core profile exists for the resource type."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "disc-server"
}
],
"key" : "ep-1",
"label" : "When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer SHALL include exactly one 2000A loop repetition meeting specified requirements.",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer **SHALL** include exactly one 2000A loop repetition such that:\r\n\r\n* The NM1-01 is populated with PR.\r\n* There is exactly one PER repetition that has a URL communication number that fits the pattern below. (i.e. in exactly one of the PER04, PER06, or PER08 where the preceding Communication Qualifier Number is set to 'UR'):"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "disc-server"
}
],
"key" : "ep-2",
"conformance" : [
"SHALL"
],
"requirement" : "Regardless of how it is retrieved, the .well-known endpoint **SHALL** be accessible with a simple TLS (not mutual TLS) connection and resolve to a JSON document."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "disc-client"
}
],
"key" : "ep-3",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "As well, codes for new 'final publication' versions of specifications that already have defined base codes (following the convention of appending '#' and then the first two nodes of the version number) **SHALL** be treated as valid, even if not yet listed in this specification."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "disc-client"
}
],
"key" : "ep-4",
"conformance" : [
"MAY"
],
"conditionality" : true,
"requirement" : "In situations where an endpoint turns out to not be functional, client systems **MAY** choose to re-query the .well-known endpoint and/or to re-run the eligibility check to see if the end point has changed."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "business",
"display" : "business"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "igauthor"
}
],
"key" : "ex-1",
"conformance" : [
"SHALL"
],
"requirement" : "All Da Vinci IGs that define [CapababilityStatements](http://hl7.org/fhir/R4/capabilitystatement.html) setting expectations for support for certain FHIR interactions, operations, or other exchange mechanisms **SHALL** include a 'design' section that explains the IG's choice of exchange architecture in terms of the decision tree found in the FHIR core specification."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmclient"
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-1",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "The performer **SHALL** include the target payer for the [$member-match](OperationDefinition-member-match.html) and the recipient **SHALL** include the initiator of the $member-match."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmclient"
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-2",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "As a rule, all Coverage elements available **SHOULD** be populated, even if not all might be strictly necessary to identify the member because rules can vary from insurer to insurer about which pieces of information are necessary to uniquely identify a member."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmclient"
}
],
"key" : "mm-3",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "After a successful $member-match the requesting system **SHALL** then use the UMB provided by the target payer in the `Patient.identifier` field in any subsequent transactions with the same system."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-4",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "If the requesting system was a payer with coverage for the member, the receiving system **SHOULD** create a linkage between their own member information and the Coverage provided by the requesting system."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmclient"
}
],
"key" : "mm-5",
"conformance" : [
"SHOULD-NOT"
],
"conditionality" : false,
"requirement" : "For privacy reasons, the 'CoverageToLink' **SHOULD NOT** include any data elements not marked as mustSupport in the Coverage profile."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmclient"
}
],
"key" : "mm-6",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The Coverage and Consent references **SHALL** be 'local' references (i.e. starting with \"Patient/\" rather than \"http\"), **SHALL** be resolved to the parameter with the name \"MemberPatient\", and **SHALL** refer to the same id."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-7",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Servers **SHALL** monitor for and take measures to prevent brute force attacks where the same or similar set of demographics are repeatedly searched with differing card information in an attempt to achieve a match when the card information is unknown."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-8",
"conformance" : [
"SHALL"
],
"requirement" : "A maximum of a SINGLE unique match **SHALL** be returned."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-9",
"conformance" : [
"SHALL"
],
"requirement" : "No match **SHALL** return a 422 status code."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-10",
"conformance" : [
"SHALL"
],
"requirement" : "Multiple matches **SHALL** return a 422 status code."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-11",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "If consent is provided, inability to comply with consent requirements **SHALL** return a 422 status code"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-12",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "Any 422 response codes **SHOULD** be accompanied by an [OperationOutcome](http://hl7.org/fhir/R4/operationoutcome.html) that indicates the specific nature of the failure."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "mmserver"
}
],
"key" : "mm-13",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "The recipient of a member match **SHOULD** store the parameters of the consent (Validity Period, Scope etc.) to enable the authorization server to evaluate the consent before issuing a token for data access during subsequent requests."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "prov-1",
"label" : "Implementations SHOULD follow the recommendations on which resources should be referenced from which data element.",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "The following table lists the various agent codes and what resource types are appropriate. These recommendations **SHOULD** be followed\r\n\r\n## | element | Allowed target resources |\r\n\r\n| transmitter | This could be Patient, RelatedPerson, Practitioner or PractitionerRole or Organization. A second transmitter could capture the specific Device used | | enterer | Patient, RelatedPerson, Practitioner or PractitionerRole | | performer | could be anything | | author | could be anything | | verifier | generally only Practitioner or PractitionerRole | | legal | Only Practitioner or PractitionerRole | | attester | Patient, RelatedPerson, Practitioner or PractitionerRole | | informant | Patient, RelatedPerson, Practitioner or PractitionerRole | | custodian | usually Organization, could also be Device, Practitioner or PractitionerRole | | assembler | usually a Device, could be Practitioner or PractitionerRole | ——————————————"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "prov-2",
"label" : "Provenance.agent.onBehalfOf SHOULD NOT be used in certain circumstances.",
"conformance" : [
"SHOULD-NOT"
],
"conditionality" : true,
"requirement" : "`Provenance.agent.onBehalfOf` is only relevant in certain circumstances:\r\n\r\n* `onBehalfOf` **SHOULD NOT** be populated if RelatedPerson is acting on behalf of the Patient. (Because that is the assumption and there is already a link to the Patient on that resource)\r\n* `onBehalfOf` **SHOULD NOT** be populated with an Organization if the agent is Practitioner - use PractitionerRole instead (even if it is a contained PractitionerRole)\r\n* `onBehalfOf` **SHOULD NOT** be populated with an Organization if the agent is PractitionerRole unless PractitionerRole is pointing to an organization and the `onBehalfOf` is different (i.e. Dr. Smith for Clinic A did something on behalf of clinic B)\r\n* It is unusual for `onBehalfOf` to be populated if the agent is Patient or RelatedPerson\r\n* `onBehalfOf` **SHOULD NOT** be populated with an Organization if it is the same as `Device.owner`"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "business",
"display" : "business"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "igauthor"
}
],
"key" : "sec-1",
"conformance" : [
"SHOULD"
],
"requirement" : "IGs derived from HRex **SHOULD** all reference this section, though they can qualify and supplement the content here as appropriate for the specific technologies they are using, and the threat environment and privacy considerations involved in their specific use case."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-2",
"conformance" : [
"SHALL"
],
"requirement" : "All implementations of any Da Vinci FHIR Implementation Guides (IG) **SHALL** meet all current relevant Federal and State statutes and regulations regarding security and privacy."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "business",
"display" : "business"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "igauthor"
}
],
"key" : "sec-3",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "All IGs **SHALL** use applicable technical standards required by current regulations published by the Centers for Medicare and Medicaid Services (CMS) and the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC) (allowing for voluntary use through the [SVAP](https://www.healthit.gov/isa/standards-version-advancement-process#:~:text=ONC%20has%20established%20the%20voluntary,of%20Certification%20requirement%20(%C2%A7%20170.405))) unless an exception has been granted."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "business",
"display" : "business"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "igauthor"
}
],
"key" : "sec-4",
"conformance" : [
"SHOULD"
],
"requirement" : "All IGs and implementations **SHOULD** follow the current [Da Vinci Guiding Principles](davinci-guiding-principles.html)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-5",
"conformance" : [
"SHALL"
],
"requirement" : "All IGs and implementations **SHALL** support patient/member consent and/or treatment of sensitive information consistent with Federal and State statutes and regulations."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-6",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "All IGs and implementations **SHOULD** support the consent and data sharing policies of trading partners involved in the exchange that are more protective so long as policies are consistent with or more restrictive than Federal and State statutes and regulations."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-7",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "All FHIR Implementation Guides **SHOULD** follow the FHIR Security guidance and FHIR Implementer's Safety guidance as defined in the relevant FHIR specification (e.g. Release 4.1.0) where applicable and not superseded by this Section or specific IG requirements."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-8",
"conformance" : [
"MAY"
],
"requirement" : "to meet the statutes, regulations, and guiding principles above, consent directives and security labels **MAY** be considered and used."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-9",
"conformance" : [
"SHALL",
"SHOULD"
],
"requirement" : "When exchanging Protected Health Information (PHI) between entities, the exchange **SHOULD** use the current version and **SHALL** use either current or the immediately prior release of [Transport Level Security (TLS)](https://tools.ietf.org/html/rfc8446) as specified by the current release of [National Institute of Standards and Technology (NIST) guidelines (SP 800-52)](https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-10",
"conformance" : [
"SHALL"
],
"requirement" : "TLS **SHALL** be implemented as per [RFC8705](https://datatracker.ietf.org/doc/html/rfc8705)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-11",
"label" : "When the identity of the requesting or receiving party is important, implementations SHOULD use one or more of the preferred authorization mechanisms.",
"conformance" : [
"SHOULD"
],
"conditionality" : true,
"requirement" : "* When the identity of the requesting or receiving party is important, implementations **SHOULD** use one or more of the following as defined in the specific Da Vinci IG: \r\n1. the[SMART App Launch Authorization](https://hl7.org/fhir/smart-app-launch/index.html),\r\n1. mutually authenticated TLS,\r\n1. the[FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization IG](https://hl7.org/fhir/us/udap-security), or\r\n1. the OAuth Server to Server Authentication as defined in[SMART Back-end Services](https://hl7.org/fhir/smart-app-launch/backend-services.html)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-12",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "When using OAuth (either through SMART or UDAP), OAuth tokens issued **SHALL** be tied to the client system's certificate."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-13",
"conformance" : [
"SHALL"
],
"requirement" : "When mutual TLS is used, it **SHALL** be done in accordance with [RFC8705](https://datatracker.ietf.org/doc/html/rfc8705)"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-14",
"conformance" : [
"SHALL"
],
"requirement" : "The TLS authorization mechanism **SHALL** be PKI-Mutual TLS (i.e. not self-signed certificates)"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-15",
"conformance" : [
"SHALL"
],
"requirement" : "Signing options **SHALL** use URIs, not DNS, IP, email, etc."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "implementer"
}
],
"key" : "sec-16",
"conformance" : [
"SHALL"
],
"requirement" : "If mutual TLS is used with OAuth, the OAuth tokens **SHALL** be bound to the client system's certificate (and are therefore not shareable)"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "sec-17",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "Where permitted by law and in accordance with legal requirements, systems **SHALL** always support release of additionally protected information."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "sec-18",
"conformance" : [
"SHALL"
],
"requirement" : "Implementations **SHALL** ensure that release of the information without explicit request of the patient/member is based on organization policy consistent with Federal and State regulations."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "storage",
"display" : "storage"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "sec-19",
"conformance" : [
"SHALL"
],
"requirement" : "Information Source systems **SHALL** log all IDs, access rights, requests, and exchanges."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "processing",
"display" : "processing"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "source"
}
],
"key" : "sec-20",
"conformance" : [
"SHALL"
],
"requirement" : "Information Source systems **SHALL** verify rights of the requestor to have access to the member's/patient's record."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "poll-imp"
}
],
"key" : "task-1",
"conformance" : [
"SHALL",
"SHOULD"
],
"conditionality" : true,
"requirement" : "For Da Vinci, systems that use polling **SHALL** check for new/updated information at least once per business day and **SHOULD** check for information at least once per hour during"
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "poll-imp"
}
],
"key" : "task-2",
"conformance" : [
"SHOULD-NOT"
],
"conditionality" : true,
"requirement" : "Polling systems **SHOULD NOT** query more often than every 15 minutes unless there is an urgent change they are monitoring for."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "subscribe-imp"
}
],
"key" : "task-3",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "Implementers of this Da Vinci IG who choose to support Subscription **SHALL** comply with the Subscription Backport IG for the purpose of monitoring Tasks."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "subscribe-imp"
}
],
"key" : "task-4",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "Systems supporting subscription **SHALL** support the rest-hook channel mechanism, though they might choose to support other channel approaches."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "subscribe-imp"
}
],
"key" : "task-5",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "Systems using subcription **SHALL** support id-only, though they can also support other content approaches."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory",
"valueCoding" : {
"system" : "http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp",
"code" : "exchange",
"display" : "exchange"
}
},
{
"url" : "http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor",
"valueString" : "subscribe-imp"
}
],
"key" : "task-6",
"conformance" : [
"MAY"
],
"conditionality" : true,
"requirement" : "If search is used, systems **MAY** use _include=Task:output to retrieve the referenced results as well."
}
]
}
IG © 2019+ HL7 International / Clinical Interoperability Council.
Package hl7.fhir.us.davinci-hrex#1.2.0-snapshot based on FHIR 4.0.1.
Generated
2026-01-30
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change