Da Vinci Health Record Exchange (HRex)
1.2.0-snapshot - STU 1.2
Da Vinci Health Record Exchange (HRex)
1.2.0-snapshot - STU 1.2
Da Vinci Health Record Exchange (HRex), published by HL7 International / Clinical Interoperability Council. This guide is not an authorized publication; it is the continuous build for version 1.2.0-snapshot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/davinci-ehrx/ and changes regularly. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 3 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="fromNarrative"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: Requirements fromNarrative</b></p><a name="fromNarrative"> </a><a name="hcfromNarrative"> </a><p>These requirements apply to the following actors: </p><ul><li><a href="ActorDefinition-consumer.html">Data Consumer</a></li><li><a href="ActorDefinition-mmclient.html">Member Match Client</a></li><li><a href="ActorDefinition-disc-server.html">Discovery Server</a></li><li><a href="ActorDefinition-igauthor.html">HRex IG Author</a></li><li><a href="ActorDefinition-implementer.html">HRex Implementer</a></li><li><a href="ActorDefinition-subscribe-imp.html">Subscription Implementer</a></li><li><a href="ActorDefinition-poll-imp.html">Polling Implementer</a></li><li><a href="ActorDefinition-disc-client.html">Discovery Client</a></li><li><a href="ActorDefinition-source.html">Data Source</a></li><li><a href="ActorDefinition-mmserver.html">Member Match Server</a></li></ul><table class="grid"><tr><td><b><a name="conf-1"> </a></b>conf-1</td><td>SHALL</td><td><div><p>Data Sources <strong>SHALL</strong> be capable of populating the data element when sharing resources compliant with the profile.</p>
</div></td></tr><tr><td><b><a name="conf-2"> </a></b>conf-2</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> be capable of processing resource instances containing the data elements without generating an error or causing the application to fail.</p>
</div></td></tr><tr><td><b><a name="conf-3"> </a></b>If the minimum cardinality of an element is greater than 0 – i.e. the element is ‘required’, then the element SHALL be present in the instance and SHALL have a value unless a listed exception applies.</td><td>SHALL</td><td><div><ul>
<li>If the minimum cardinality of an element is greater than 0 – i.e. the element is 'required', then the element <strong>SHALL</strong> be present in the instance and <strong>SHALL</strong> have a value unless:</li>
<li>The profile explicitly declares the dataAbsentReason extension or other extension for the element, in which case an extension can be present in place of the value.</li>
<li>The profile is inherited from U.S. Core, in which case a dataAbsentReason extension can be sent in place of the value even where dataAbsentReason is not explicitly declared in the profile.</li>
</ul>
</div></td></tr><tr><td><b><a name="conf-4"> </a></b>conf-4</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> interpret missing data elements within resource instances as data not being present in the Data Source's systems or was not deemed to be shareable with the Data Consumer for privacy or other business reasons.</p>
</div></td></tr><tr><td><b><a name="conf-5"> </a></b>conf-5</td><td>SHALL</td><td><div><p>Where the value set for an element includes concepts such as "unknown", "refused to answer", "not available" or where dataAbsentReason is explicitly referenced in a profile, then Data Sources <strong>SHALL</strong> use these values/that extension to communicate the reason for missing data.</p>
</div></td></tr><tr><td><b><a name="conf-6"> </a></b>conf-6</td><td>SHALL</td><td><div><p>Data Consumers <strong>SHALL</strong> be able to process resource instances containing data elements that have extensions in place of a value where such extensions are declared as part of the profile.</p>
</div></td></tr><tr><td><b><a name="conf-7"> </a></b>conf-7</td><td>SHOULD-NOT</td><td><div><p>Systems are free to include additional data - and Data Consumers <strong>SHOULD NOT</strong> reject instances that contain unexpected data elements if those elements are not <a href="http://hl7.org/fhir/R4/conformance-rules.html#isModifier">modifier elements</a>.</p>
</div></td></tr><tr><td><b><a name="conf-8"> </a></b>conf-8</td><td>SHOULD</td><td><div><p>For any other references not formally defined in a US Core profile, the referenced resource <strong>SHOULD</strong> be a US Core profile if a US Core profile exists for the resource type.</p>
</div></td></tr><tr><td><b><a name="ep-1"> </a></b>When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer SHALL include exactly one 2000A loop repetition meeting specified requirements.</td><td>SHALL</td><td><div><p>When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer <strong>SHALL</strong> include exactly one 2000A loop repetition such that:</p>
<ul>
<li>The NM1-01 is populated with PR.</li>
<li>There is exactly one PER repetition that has a URL communication number that fits the pattern below. (i.e. in exactly one of the PER04, PER06, or PER08 where the preceding Communication Qualifier Number is set to 'UR'):</li>
</ul>
</div></td></tr><tr><td><b><a name="ep-2"> </a></b>ep-2</td><td>SHALL</td><td><div><p>Regardless of how it is retrieved, the .well-known endpoint <strong>SHALL</strong> be accessible with a simple TLS (not mutual TLS) connection and resolve to a JSON document.</p>
</div></td></tr><tr><td><b><a name="ep-3"> </a></b>ep-3</td><td>SHALL</td><td><div><p>As well, codes for new 'final publication' versions of specifications that already have defined base codes (following the convention of appending '#' and then the first two nodes of the version number) <strong>SHALL</strong> be treated as valid, even if not yet listed in this specification.</p>
</div></td></tr><tr><td><b><a name="ep-4"> </a></b>ep-4</td><td>MAY</td><td><div><p>In situations where an endpoint turns out to not be functional, client systems <strong>MAY</strong> choose to re-query the .well-known endpoint and/or to re-run the eligibility check to see if the end point has changed.</p>
</div></td></tr><tr><td><b><a name="ex-1"> </a></b>ex-1</td><td>SHALL</td><td><div><p>All Da Vinci IGs that define <a href="http://hl7.org/fhir/R4/capabilitystatement.html">CapababilityStatements</a> setting expectations for support for certain FHIR interactions, operations, or other exchange mechanisms <strong>SHALL</strong> include a 'design' section that explains the IG's choice of exchange architecture in terms of the decision tree found in the FHIR core specification.</p>
</div></td></tr><tr><td><b><a name="mm-1"> </a></b>mm-1</td><td>SHALL</td><td><div><p>The performer <strong>SHALL</strong> include the target payer for the <a href="OperationDefinition-member-match.html">$member-match</a> and the recipient <strong>SHALL</strong> include the initiator of the $member-match.</p>
</div></td></tr><tr><td><b><a name="mm-2"> </a></b>mm-2</td><td>SHOULD</td><td><div><p>As a rule, all Coverage elements available <strong>SHOULD</strong> be populated, even if not all might be strictly necessary to identify the member because rules can vary from insurer to insurer about which pieces of information are necessary to uniquely identify a member.</p>
</div></td></tr><tr><td><b><a name="mm-3"> </a></b>mm-3</td><td>SHALL</td><td><div><p>After a successful $member-match the requesting system <strong>SHALL</strong> then use the UMB provided by the target payer in the <code>Patient.identifier</code> field in any subsequent transactions with the same system.</p>
</div></td></tr><tr><td><b><a name="mm-4"> </a></b>mm-4</td><td>SHOULD</td><td><div><p>If the requesting system was a payer with coverage for the member, the receiving system <strong>SHOULD</strong> create a linkage between their own member information and the Coverage provided by the requesting system.</p>
</div></td></tr><tr><td><b><a name="mm-5"> </a></b>mm-5</td><td>SHOULD-NOT</td><td><div><p>For privacy reasons, the 'CoverageToLink' <strong>SHOULD NOT</strong> include any data elements not marked as mustSupport in the Coverage profile.</p>
</div></td></tr><tr><td><b><a name="mm-6"> </a></b>mm-6</td><td>SHALL</td><td><div><p>The Coverage and Consent references <strong>SHALL</strong> be 'local' references (i.e. starting with "Patient/" rather than "http"), <strong>SHALL</strong> be resolved to the parameter with the name "MemberPatient", and <strong>SHALL</strong> refer to the same id.</p>
</div></td></tr><tr><td><b><a name="mm-7"> </a></b>mm-7</td><td>SHALL</td><td><div><p>Servers <strong>SHALL</strong> monitor for and take measures to prevent brute force attacks where the same or similar set of demographics are repeatedly searched with differing card information in an attempt to achieve a match when the card information is unknown.</p>
</div></td></tr><tr><td><b><a name="mm-8"> </a></b>mm-8</td><td>SHALL</td><td><div><p>A maximum of a SINGLE unique match <strong>SHALL</strong> be returned.</p>
</div></td></tr><tr><td><b><a name="mm-9"> </a></b>mm-9</td><td>SHALL</td><td><div><p>No match <strong>SHALL</strong> return a 422 status code.</p>
</div></td></tr><tr><td><b><a name="mm-10"> </a></b>mm-10</td><td>SHALL</td><td><div><p>Multiple matches <strong>SHALL</strong> return a 422 status code.</p>
</div></td></tr><tr><td><b><a name="mm-11"> </a></b>mm-11</td><td>SHALL</td><td><div><p>If consent is provided, inability to comply with consent requirements <strong>SHALL</strong> return a 422 status code</p>
</div></td></tr><tr><td><b><a name="mm-12"> </a></b>mm-12</td><td>SHOULD</td><td><div><p>Any 422 response codes <strong>SHOULD</strong> be accompanied by an <a href="http://hl7.org/fhir/R4/operationoutcome.html">OperationOutcome</a> that indicates the specific nature of the failure.</p>
</div></td></tr><tr><td><b><a name="mm-13"> </a></b>mm-13</td><td>SHOULD</td><td><div><p>The recipient of a member match <strong>SHOULD</strong> store the parameters of the consent (Validity Period, Scope etc.) to enable the authorization server to evaluate the consent before issuing a token for data access during subsequent requests.</p>
</div></td></tr><tr><td><b><a name="prov-1"> </a></b>Implementations SHOULD follow the recommendations on which resources should be referenced from which data element.</td><td>SHOULD</td><td><div><p>The following table lists the various agent codes and what resource types are appropriate. These recommendations <strong>SHOULD</strong> be followed</p>
<h2>| element | Allowed target resources |</h2>
<p>| transmitter | This could be Patient, RelatedPerson, Practitioner or PractitionerRole or Organization. A second transmitter could capture the specific Device used | | enterer | Patient, RelatedPerson, Practitioner or PractitionerRole | | performer | could be anything | | author | could be anything | | verifier | generally only Practitioner or PractitionerRole | | legal | Only Practitioner or PractitionerRole | | attester | Patient, RelatedPerson, Practitioner or PractitionerRole | | informant | Patient, RelatedPerson, Practitioner or PractitionerRole | | custodian | usually Organization, could also be Device, Practitioner or PractitionerRole | | assembler | usually a Device, could be Practitioner or PractitionerRole | ——————————————</p>
</div></td></tr><tr><td><b><a name="prov-2"> </a></b>Provenance.agent.onBehalfOf SHOULD NOT be used in certain circumstances.</td><td>SHOULD-NOT</td><td><div><p><code>Provenance.agent.onBehalfOf</code> is only relevant in certain circumstances:</p>
<ul>
<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated if RelatedPerson is acting on behalf of the Patient. (Because that is the assumption and there is already a link to the Patient on that resource)</li>
<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if the agent is Practitioner - use PractitionerRole instead (even if it is a contained PractitionerRole)</li>
<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if the agent is PractitionerRole unless PractitionerRole is pointing to an organization and the <code>onBehalfOf</code> is different (i.e. Dr. Smith for Clinic A did something on behalf of clinic B)</li>
<li>It is unusual for <code>onBehalfOf</code> to be populated if the agent is Patient or RelatedPerson</li>
<li><code>onBehalfOf</code> <strong>SHOULD NOT</strong> be populated with an Organization if it is the same as <code>Device.owner</code></li>
</ul>
</div></td></tr><tr><td><b><a name="sec-1"> </a></b>sec-1</td><td>SHOULD</td><td><div><p>IGs derived from HRex <strong>SHOULD</strong> all reference this section, though they can qualify and supplement the content here as appropriate for the specific technologies they are using, and the threat environment and privacy considerations involved in their specific use case.</p>
</div></td></tr><tr><td><b><a name="sec-2"> </a></b>sec-2</td><td>SHALL</td><td><div><p>All implementations of any Da Vinci FHIR Implementation Guides (IG) <strong>SHALL</strong> meet all current relevant Federal and State statutes and regulations regarding security and privacy.</p>
</div></td></tr><tr><td><b><a name="sec-3"> </a></b>sec-3</td><td>SHALL</td><td><div><p>All IGs <strong>SHALL</strong> use applicable technical standards required by current regulations published by the Centers for Medicare and Medicaid Services (CMS) and the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC) (allowing for voluntary use through the <a href="https://www.healthit.gov/isa/standards-version-advancement-process#:~:text=ONC%20has%20established%20the%20voluntary,of%20Certification%20requirement%20(%C2%A7%20170.405)">SVAP</a>) unless an exception has been granted.</p>
</div></td></tr><tr><td><b><a name="sec-4"> </a></b>sec-4</td><td>SHOULD</td><td><div><p>All IGs and implementations <strong>SHOULD</strong> follow the current <a href="davinci-guiding-principles.html">Da Vinci Guiding Principles</a>.</p>
</div></td></tr><tr><td><b><a name="sec-5"> </a></b>sec-5</td><td>SHALL</td><td><div><p>All IGs and implementations <strong>SHALL</strong> support patient/member consent and/or treatment of sensitive information consistent with Federal and State statutes and regulations.</p>
</div></td></tr><tr><td><b><a name="sec-6"> </a></b>sec-6</td><td>SHOULD</td><td><div><p>All IGs and implementations <strong>SHOULD</strong> support the consent and data sharing policies of trading partners involved in the exchange that are more protective so long as policies are consistent with or more restrictive than Federal and State statutes and regulations.</p>
</div></td></tr><tr><td><b><a name="sec-7"> </a></b>sec-7</td><td>SHOULD</td><td><div><p>All FHIR Implementation Guides <strong>SHOULD</strong> follow the FHIR Security guidance and FHIR Implementer's Safety guidance as defined in the relevant FHIR specification (e.g. Release 4.1.0) where applicable and not superseded by this Section or specific IG requirements.</p>
</div></td></tr><tr><td><b><a name="sec-8"> </a></b>sec-8</td><td>MAY</td><td><div><p>to meet the statutes, regulations, and guiding principles above, consent directives and security labels <strong>MAY</strong> be considered and used.</p>
</div></td></tr><tr><td><b><a name="sec-9"> </a></b>sec-9</td><td>SHALL, SHOULD</td><td><div><p>When exchanging Protected Health Information (PHI) between entities, the exchange <strong>SHOULD</strong> use the current version and <strong>SHALL</strong> use either current or the immediately prior release of <a href="https://tools.ietf.org/html/rfc8446">Transport Level Security (TLS)</a> as specified by the current release of <a href="https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final">National Institute of Standards and Technology (NIST) guidelines (SP 800-52)</a>.</p>
</div></td></tr><tr><td><b><a name="sec-10"> </a></b>sec-10</td><td>SHALL</td><td><div><p>TLS <strong>SHALL</strong> be implemented as per <a href="https://datatracker.ietf.org/doc/html/rfc8705">RFC8705</a>.</p>
</div></td></tr><tr><td><b><a name="sec-11"> </a></b>When the identity of the requesting or receiving party is important, implementations SHOULD use one or more of the preferred authorization mechanisms.</td><td>SHOULD</td><td><div><ul>
<li>When the identity of the requesting or receiving party is important, implementations <strong>SHOULD</strong> use one or more of the following as defined in the specific Da Vinci IG:</li>
</ul>
<ol>
<li>the<a href="https://hl7.org/fhir/smart-app-launch/index.html">SMART App Launch Authorization</a>,</li>
<li>mutually authenticated TLS,</li>
<li>the<a href="https://hl7.org/fhir/us/udap-security">FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization IG</a>, or</li>
<li>the OAuth Server to Server Authentication as defined in<a href="https://hl7.org/fhir/smart-app-launch/backend-services.html">SMART Back-end Services</a>.</li>
</ol>
</div></td></tr><tr><td><b><a name="sec-12"> </a></b>sec-12</td><td>SHALL</td><td><div><p>When using OAuth (either through SMART or UDAP), OAuth tokens issued <strong>SHALL</strong> be tied to the client system's certificate.</p>
</div></td></tr><tr><td><b><a name="sec-13"> </a></b>sec-13</td><td>SHALL</td><td><div><p>When mutual TLS is used, it <strong>SHALL</strong> be done in accordance with <a href="https://datatracker.ietf.org/doc/html/rfc8705">RFC8705</a></p>
</div></td></tr><tr><td><b><a name="sec-14"> </a></b>sec-14</td><td>SHALL</td><td><div><p>The TLS authorization mechanism <strong>SHALL</strong> be PKI-Mutual TLS (i.e. not self-signed certificates)</p>
</div></td></tr><tr><td><b><a name="sec-15"> </a></b>sec-15</td><td>SHALL</td><td><div><p>Signing options <strong>SHALL</strong> use URIs, not DNS, IP, email, etc.</p>
</div></td></tr><tr><td><b><a name="sec-16"> </a></b>sec-16</td><td>SHALL</td><td><div><p>If mutual TLS is used with OAuth, the OAuth tokens <strong>SHALL</strong> be bound to the client system's certificate (and are therefore not shareable)</p>
</div></td></tr><tr><td><b><a name="sec-17"> </a></b>sec-17</td><td>SHALL</td><td><div><p>Where permitted by law and in accordance with legal requirements, systems <strong>SHALL</strong> always support release of additionally protected information.</p>
</div></td></tr><tr><td><b><a name="sec-18"> </a></b>sec-18</td><td>SHALL</td><td><div><p>Implementations <strong>SHALL</strong> ensure that release of the information without explicit request of the patient/member is based on organization policy consistent with Federal and State regulations.</p>
</div></td></tr><tr><td><b><a name="sec-19"> </a></b>sec-19</td><td>SHALL</td><td><div><p>Information Source systems <strong>SHALL</strong> log all IDs, access rights, requests, and exchanges.</p>
</div></td></tr><tr><td><b><a name="sec-20"> </a></b>sec-20</td><td>SHALL</td><td><div><p>Information Source systems <strong>SHALL</strong> verify rights of the requestor to have access to the member's/patient's record.</p>
</div></td></tr><tr><td><b><a name="task-1"> </a></b>task-1</td><td>SHALL, SHOULD</td><td><div><p>For Da Vinci, systems that use polling <strong>SHALL</strong> check for new/updated information at least once per business day and <strong>SHOULD</strong> check for information at least once per hour during</p>
</div></td></tr><tr><td><b><a name="task-2"> </a></b>task-2</td><td>SHOULD-NOT</td><td><div><p>Polling systems <strong>SHOULD NOT</strong> query more often than every 15 minutes unless there is an urgent change they are monitoring for.</p>
</div></td></tr><tr><td><b><a name="task-3"> </a></b>task-3</td><td>SHALL</td><td><div><p>Implementers of this Da Vinci IG who choose to support Subscription <strong>SHALL</strong> comply with the Subscription Backport IG for the purpose of monitoring Tasks.</p>
</div></td></tr><tr><td><b><a name="task-4"> </a></b>task-4</td><td>SHALL</td><td><div><p>Systems supporting subscription <strong>SHALL</strong> support the rest-hook channel mechanism, though they might choose to support other channel approaches.</p>
</div></td></tr><tr><td><b><a name="task-5"> </a></b>task-5</td><td>SHALL</td><td><div><p>Systems using subcription <strong>SHALL</strong> support id-only, though they can also support other content approaches.</p>
</div></td></tr><tr><td><b><a name="task-6"> </a></b>task-6</td><td>MAY</td><td><div><p>If search is used, systems <strong>MAY</strong> use _include=Task:output to retrieve the referenced results as well.</p>
</div></td></tr></table></div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="cic"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">
<valueInteger value="3">
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
</valueInteger>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
<valueCode value="trial-use">
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-hrex/ImplementationGuide/davinci-hrex"/>
</extension>
</valueCode>
</extension>
<url
value="http://hl7.org/fhir/us/davinci-hrex/Requirements/fromNarrative"/>
<identifier>
<system value="urn:ietf:rfc:3986"/>
<value value="urn:oid:2.16.840.1.113883.4.642.40.19.36.1"/>
</identifier>
<version value="1.2.0-snapshot"/>
<name value="FromNarrative"/>
<title value="Narrative Conformance Statements"/>
<status value="active"/>
<experimental value="false"/>
<date value="2026-01-28T23:06:20-07:00"/>
<publisher value="HL7 International / Clinical Interoperability Council"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/cic"/>
</telecom>
</contact>
<description
value="Conformance statements found throughout the narrative of the IG consolidated into this computable resource for traceability purposes"/>
<jurisdiction>
<coding>
<system value="urn:iso:std:iso:3166"/>
<code value="US"/>
</coding>
</jurisdiction>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/consumer">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="consumer"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/mmclient">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="mmclient"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/disc-server">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="disc-server"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/igauthor">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="igauthor"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/implementer">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="implementer"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/subscribe-imp">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="subscribe-imp"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/poll-imp">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="poll-imp"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/disc-client">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="disc-client"/>
</extension>
</actor>
<actor value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/source">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="source"/>
</extension>
</actor>
<actor
value="http://hl7.org/fhir/us/davinci-hrex/ActorDefinition/mmserver">🔗
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-actorkey">
<valueString value="mmserver"/>
</extension>
</actor>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="conf-1"/>
<conformance value="SHALL"/>
<requirement
value="Data Sources **SHALL** be capable of populating the data element when sharing resources compliant with the profile."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="consumer"/>
</extension>
<key value="conf-2"/>
<conformance value="SHALL"/>
<requirement
value="Data Consumers **SHALL** be capable of processing resource instances containing the data elements without generating an error or causing the application to fail."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="conf-3"/>
<label
value="If the minimum cardinality of an element is greater than 0 – i.e. the element is ‘required’, then the element SHALL be present in the instance and SHALL have a value unless a listed exception applies."/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="* If the minimum cardinality of an element is greater than 0 – i.e. the element is 'required', then the element **SHALL** be present in the instance and **SHALL** have a value unless:
* The profile explicitly declares the dataAbsentReason extension or other extension for the element, in which case an extension can be present in place of the value.
* The profile is inherited from U.S. Core, in which case a dataAbsentReason extension can be sent in place of the value even where dataAbsentReason is not explicitly declared in the profile."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="consumer"/>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<key value="conf-4"/>
<conformance value="SHALL"/>
<requirement
value="Data Consumers **SHALL** interpret missing data elements within resource instances as data not being present in the Data Source's systems or was not deemed to be shareable with the Data Consumer for privacy or other business reasons."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="conf-5"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="Where the value set for an element includes concepts such as "unknown", "refused to answer", "not available" or where dataAbsentReason is explicitly referenced in a profile, then Data Sources **SHALL** use these values/that extension to communicate the reason for missing data."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="consumer"/>
</extension>
<key value="conf-6"/>
<conformance value="SHALL"/>
<requirement
value="Data Consumers **SHALL** be able to process resource instances containing data elements that have extensions in place of a value where such extensions are declared as part of the profile."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="consumer"/>
</extension>
<key value="conf-7"/>
<conformance value="SHOULD-NOT"/>
<requirement
value="Systems are free to include additional data - and Data Consumers **SHOULD NOT** reject instances that contain unexpected data elements if those elements are not [modifier elements](http://hl7.org/fhir/R4/conformance-rules.html#isModifier)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="conf-8"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="For any other references not formally defined in a US Core profile, the referenced resource **SHOULD** be a US Core profile if a US Core profile exists for the resource type."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="disc-server"/>
</extension>
<key value="ep-1"/>
<label
value="When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer SHALL include exactly one 2000A loop repetition meeting specified requirements."/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="When the payer responds to an Eligibility Inquiry indicating that the patient has coverage, the payer **SHALL** include exactly one 2000A loop repetition such that:
* The NM1-01 is populated with PR.
* There is exactly one PER repetition that has a URL communication number that fits the pattern below. (i.e. in exactly one of the PER04, PER06, or PER08 where the preceding Communication Qualifier Number is set to 'UR'):"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="disc-server"/>
</extension>
<key value="ep-2"/>
<conformance value="SHALL"/>
<requirement
value="Regardless of how it is retrieved, the .well-known endpoint **SHALL** be accessible with a simple TLS (not mutual TLS) connection and resolve to a JSON document."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="disc-client"/>
</extension>
<key value="ep-3"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="As well, codes for new 'final publication' versions of specifications that already have defined base codes (following the convention of appending '#' and then the first two nodes of the version number) **SHALL** be treated as valid, even if not yet listed in this specification."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="disc-client"/>
</extension>
<key value="ep-4"/>
<conformance value="MAY"/>
<conditionality value="true"/>
<requirement
value="In situations where an endpoint turns out to not be functional, client systems **MAY** choose to re-query the .well-known endpoint and/or to re-run the eligibility check to see if the end point has changed."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="business"/>
<display value="business"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="igauthor"/>
</extension>
<key value="ex-1"/>
<conformance value="SHALL"/>
<requirement
value="All Da Vinci IGs that define [CapababilityStatements](http://hl7.org/fhir/R4/capabilitystatement.html) setting expectations for support for certain FHIR interactions, operations, or other exchange mechanisms **SHALL** include a 'design' section that explains the IG's choice of exchange architecture in terms of the decision tree found in the FHIR core specification."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmclient"/>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-1"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="The performer **SHALL** include the target payer for the [$member-match](OperationDefinition-member-match.html) and the recipient **SHALL** include the initiator of the $member-match."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmclient"/>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-2"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="As a rule, all Coverage elements available **SHOULD** be populated, even if not all might be strictly necessary to identify the member because rules can vary from insurer to insurer about which pieces of information are necessary to uniquely identify a member."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmclient"/>
</extension>
<key value="mm-3"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="After a successful $member-match the requesting system **SHALL** then use the UMB provided by the target payer in the `Patient.identifier` field in any subsequent transactions with the same system."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-4"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="If the requesting system was a payer with coverage for the member, the receiving system **SHOULD** create a linkage between their own member information and the Coverage provided by the requesting system."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmclient"/>
</extension>
<key value="mm-5"/>
<conformance value="SHOULD-NOT"/>
<conditionality value="false"/>
<requirement
value="For privacy reasons, the 'CoverageToLink' **SHOULD NOT** include any data elements not marked as mustSupport in the Coverage profile."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmclient"/>
</extension>
<key value="mm-6"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The Coverage and Consent references **SHALL** be 'local' references (i.e. starting with "Patient/" rather than "http"), **SHALL** be resolved to the parameter with the name "MemberPatient", and **SHALL** refer to the same id."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-7"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="Servers **SHALL** monitor for and take measures to prevent brute force attacks where the same or similar set of demographics are repeatedly searched with differing card information in an attempt to achieve a match when the card information is unknown."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-8"/>
<conformance value="SHALL"/>
<requirement
value="A maximum of a SINGLE unique match **SHALL** be returned."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-9"/>
<conformance value="SHALL"/>
<requirement value="No match **SHALL** return a 422 status code."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-10"/>
<conformance value="SHALL"/>
<requirement
value="Multiple matches **SHALL** return a 422 status code."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-11"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="If consent is provided, inability to comply with consent requirements **SHALL** return a 422 status code"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-12"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="Any 422 response codes **SHOULD** be accompanied by an [OperationOutcome](http://hl7.org/fhir/R4/operationoutcome.html) that indicates the specific nature of the failure."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="mmserver"/>
</extension>
<key value="mm-13"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The recipient of a member match **SHOULD** store the parameters of the consent (Validity Period, Scope etc.) to enable the authorization server to evaluate the consent before issuing a token for data access during subsequent requests."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="prov-1"/>
<label
value="Implementations SHOULD follow the recommendations on which resources should be referenced from which data element."/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The following table lists the various agent codes and what resource types are appropriate. These recommendations **SHOULD** be followed
## | element | Allowed target resources |
| transmitter | This could be Patient, RelatedPerson, Practitioner or PractitionerRole or Organization. A second transmitter could capture the specific Device used | | enterer | Patient, RelatedPerson, Practitioner or PractitionerRole | | performer | could be anything | | author | could be anything | | verifier | generally only Practitioner or PractitionerRole | | legal | Only Practitioner or PractitionerRole | | attester | Patient, RelatedPerson, Practitioner or PractitionerRole | | informant | Patient, RelatedPerson, Practitioner or PractitionerRole | | custodian | usually Organization, could also be Device, Practitioner or PractitionerRole | | assembler | usually a Device, could be Practitioner or PractitionerRole | ——————————————"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="prov-2"/>
<label
value="Provenance.agent.onBehalfOf SHOULD NOT be used in certain circumstances."/>
<conformance value="SHOULD-NOT"/>
<conditionality value="true"/>
<requirement
value="`Provenance.agent.onBehalfOf` is only relevant in certain circumstances:
* `onBehalfOf` **SHOULD NOT** be populated if RelatedPerson is acting on behalf of the Patient. (Because that is the assumption and there is already a link to the Patient on that resource)
* `onBehalfOf` **SHOULD NOT** be populated with an Organization if the agent is Practitioner - use PractitionerRole instead (even if it is a contained PractitionerRole)
* `onBehalfOf` **SHOULD NOT** be populated with an Organization if the agent is PractitionerRole unless PractitionerRole is pointing to an organization and the `onBehalfOf` is different (i.e. Dr. Smith for Clinic A did something on behalf of clinic B)
* It is unusual for `onBehalfOf` to be populated if the agent is Patient or RelatedPerson
* `onBehalfOf` **SHOULD NOT** be populated with an Organization if it is the same as `Device.owner`"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="business"/>
<display value="business"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="igauthor"/>
</extension>
<key value="sec-1"/>
<conformance value="SHOULD"/>
<requirement
value="IGs derived from HRex **SHOULD** all reference this section, though they can qualify and supplement the content here as appropriate for the specific technologies they are using, and the threat environment and privacy considerations involved in their specific use case."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-2"/>
<conformance value="SHALL"/>
<requirement
value="All implementations of any Da Vinci FHIR Implementation Guides (IG) **SHALL** meet all current relevant Federal and State statutes and regulations regarding security and privacy."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="business"/>
<display value="business"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="igauthor"/>
</extension>
<key value="sec-3"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="All IGs **SHALL** use applicable technical standards required by current regulations published by the Centers for Medicare and Medicaid Services (CMS) and the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC) (allowing for voluntary use through the [SVAP](https://www.healthit.gov/isa/standards-version-advancement-process#:~:text=ONC%20has%20established%20the%20voluntary,of%20Certification%20requirement%20(%C2%A7%20170.405))) unless an exception has been granted."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="business"/>
<display value="business"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="igauthor"/>
</extension>
<key value="sec-4"/>
<conformance value="SHOULD"/>
<requirement
value="All IGs and implementations **SHOULD** follow the current [Da Vinci Guiding Principles](davinci-guiding-principles.html)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-5"/>
<conformance value="SHALL"/>
<requirement
value="All IGs and implementations **SHALL** support patient/member consent and/or treatment of sensitive information consistent with Federal and State statutes and regulations."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-6"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="All IGs and implementations **SHOULD** support the consent and data sharing policies of trading partners involved in the exchange that are more protective so long as policies are consistent with or more restrictive than Federal and State statutes and regulations."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-7"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="All FHIR Implementation Guides **SHOULD** follow the FHIR Security guidance and FHIR Implementer's Safety guidance as defined in the relevant FHIR specification (e.g. Release 4.1.0) where applicable and not superseded by this Section or specific IG requirements."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-8"/>
<conformance value="MAY"/>
<requirement
value="to meet the statutes, regulations, and guiding principles above, consent directives and security labels **MAY** be considered and used."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-9"/>
<conformance value="SHALL"/>
<conformance value="SHOULD"/>
<requirement
value="When exchanging Protected Health Information (PHI) between entities, the exchange **SHOULD** use the current version and **SHALL** use either current or the immediately prior release of [Transport Level Security (TLS)](https://tools.ietf.org/html/rfc8446) as specified by the current release of [National Institute of Standards and Technology (NIST) guidelines (SP 800-52)](https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-10"/>
<conformance value="SHALL"/>
<requirement
value="TLS **SHALL** be implemented as per [RFC8705](https://datatracker.ietf.org/doc/html/rfc8705)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-11"/>
<label
value="When the identity of the requesting or receiving party is important, implementations SHOULD use one or more of the preferred authorization mechanisms."/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="* When the identity of the requesting or receiving party is important, implementations **SHOULD** use one or more of the following as defined in the specific Da Vinci IG:
1. the[SMART App Launch Authorization](https://hl7.org/fhir/smart-app-launch/index.html),
1. mutually authenticated TLS,
1. the[FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization IG](https://hl7.org/fhir/us/udap-security), or
1. the OAuth Server to Server Authentication as defined in[SMART Back-end Services](https://hl7.org/fhir/smart-app-launch/backend-services.html)."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-12"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="When using OAuth (either through SMART or UDAP), OAuth tokens issued **SHALL** be tied to the client system's certificate."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-13"/>
<conformance value="SHALL"/>
<requirement
value="When mutual TLS is used, it **SHALL** be done in accordance with [RFC8705](https://datatracker.ietf.org/doc/html/rfc8705)"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-14"/>
<conformance value="SHALL"/>
<requirement
value="The TLS authorization mechanism **SHALL** be PKI-Mutual TLS (i.e. not self-signed certificates)"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-15"/>
<conformance value="SHALL"/>
<requirement
value="Signing options **SHALL** use URIs, not DNS, IP, email, etc."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="implementer"/>
</extension>
<key value="sec-16"/>
<conformance value="SHALL"/>
<requirement
value="If mutual TLS is used with OAuth, the OAuth tokens **SHALL** be bound to the client system's certificate (and are therefore not shareable)"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="sec-17"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="Where permitted by law and in accordance with legal requirements, systems **SHALL** always support release of additionally protected information."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="sec-18"/>
<conformance value="SHALL"/>
<requirement
value="Implementations **SHALL** ensure that release of the information without explicit request of the patient/member is based on organization policy consistent with Federal and State regulations."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="storage"/>
<display value="storage"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="sec-19"/>
<conformance value="SHALL"/>
<requirement
value="Information Source systems **SHALL** log all IDs, access rights, requests, and exchanges."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="processing"/>
<display value="processing"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="source"/>
</extension>
<key value="sec-20"/>
<conformance value="SHALL"/>
<requirement
value="Information Source systems **SHALL** verify rights of the requestor to have access to the member's/patient's record."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="poll-imp"/>
</extension>
<key value="task-1"/>
<conformance value="SHALL"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="For Da Vinci, systems that use polling **SHALL** check for new/updated information at least once per business day and **SHOULD** check for information at least once per hour during"/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="poll-imp"/>
</extension>
<key value="task-2"/>
<conformance value="SHOULD-NOT"/>
<conditionality value="true"/>
<requirement
value="Polling systems **SHOULD NOT** query more often than every 15 minutes unless there is an urgent change they are monitoring for."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="subscribe-imp"/>
</extension>
<key value="task-3"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="Implementers of this Da Vinci IG who choose to support Subscription **SHALL** comply with the Subscription Backport IG for the purpose of monitoring Tasks."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="subscribe-imp"/>
</extension>
<key value="task-4"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="Systems supporting subscription **SHALL** support the rest-hook channel mechanism, though they might choose to support other channel approaches."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="subscribe-imp"/>
</extension>
<key value="task-5"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="Systems using subcription **SHALL** support id-only, though they can also support other content approaches."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementcategory">
<valueCoding>
<system
value="http://hl7.org/fhir/us/davinci-hrex/CodeSystem/hrex-temp"/>
<code value="exchange"/>
<display value="exchange"/>
</valueCoding>
</extension>
<extension
url="http://hl7.org/fhir/tools/StructureDefinition/requirements-statementactor">
<valueString value="subscribe-imp"/>
</extension>
<key value="task-6"/>
<conformance value="MAY"/>
<conditionality value="true"/>
<requirement
value="If search is used, systems **MAY** use _include=Task:output to retrieve the referenced results as well."/>
</statement>
</Requirements>
IG © 2019+ HL7 International / Clinical Interoperability Council.
Package hl7.fhir.us.davinci-hrex#1.2.0-snapshot based on FHIR 4.0.1.
Generated
2026-01-30
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change