Health NZ | Te Whatu Ora FHIR Screening Implementation Guide
0.9.2 - draft
Health NZ | Te Whatu Ora FHIR Screening Implementation Guide
0.9.2 - draft
Health NZ | Te Whatu Ora FHIR Screening Implementation Guide, published by Health New Zealand | Te Whatu Ora. This guide is not an authorized publication; it is the continuous build for version 0.9.2 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/tewhatuora/fhir-screening/ and changes regularly. See the Directory of published versions
| Draft as of 2024-05-03 |
<CapabilityStatement xmlns="http://hl7.org/fhir">
<id value="FHIRScreeningCapabilityStatement"/>
<meta>
<profile
value="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/hnz-capability-statement"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: CapabilityStatement FHIRScreeningCapabilityStatement</b></p><a name="FHIRScreeningCapabilityStatement"> </a><a name="hcFHIRScreeningCapabilityStatement"> </a><a name="FHIRScreeningCapabilityStatement-en-NZ"> </a><h2 id="title">National Screening FHIR API Capability Statement</h2><ul><li>Implementation Guide Version: 0.9.2 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>json</code></li><li>Supported Patch Formats: </li><li>Published on: 2024-05-03 </li><li>Published by: Health New Zealand | Te Whatu Ora </li></ul><blockquote class="impl-note"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id="rest">FHIR RESTful Capabilities</h2><div class="panel panel-default"><div class="panel-heading"><h3 id="mode1" class="panel-title">Mode: <code>server</code></h3></div><div class="panel-body"><div class="lead"><em>Security</em></div><div class="row"><div class="col-lg-6">Enable CORS: yes</div><div class="col-lg-6">Security services supported: <code>SMART-on-FHIR</code></div></div><div class="lead"><em>Summary of System-wide Interactions</em></div><ul><li>Supports the <code>search-system</code>interaction described as follows:<div><h3>Read (GET) Operation Statuses</h3>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">200</td>
<td align="left">OK</td>
<td align="left">The request was successful, and the response body contains the representation requested</td>
</tr>
<tr>
<td align="center">302</td>
<td align="left">FOUND</td>
<td align="left">A common redirect response; you can GET the representation at the URI in the Location response header</td>
</tr>
<tr>
<td align="center">304</td>
<td align="left">NOT MODIFIED</td>
<td align="left">Your client's cached version of the representation is still up to date</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">The supplied credentials, if any, are not sufficient to access the resource</td>
</tr>
<tr>
<td align="center">404</td>
<td align="left">NOT FOUND</td>
<td align="left">The requested representation was not found. Retrying this request is unlikely to be successful</td>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">An internal server error prevented return of the representation response</td>
</tr>
<tr>
<td align="center">503</td>
<td align="left">SERVICE UNAVAILABLE</td>
<td align="left">We are temporarily unable to return the representation. Please wait and try again later</td>
</tr>
</tbody>
</table>
<h3>Search (GET) Operation Statuses</h3>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>OperationOutcome</strong> in response?</th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">200</td>
<td align="left">OK</td>
<td align="left">Yes, when there are additional messages about a match result</td>
<td align="left">The request was successful, and the response body contains the representation requested</td>
</tr>
<tr>
<td align="center">302</td>
<td align="left">FOUND</td>
<td align="left">No</td>
<td align="left">A common redirect response; you can GET the representation at the URI in the Location response header</td>
</tr>
<tr>
<td align="center">400</td>
<td align="left">BAD REQUEST</td>
<td align="left">Yes</td>
<td align="left">Incorrect search parameters or malformed request - see diagnostics in OperationOutcome</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">The supplied credentials, if any, are not sufficient to access the resource</td>
<td align="left"/>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">No</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">No</td>
<td align="left">An internal server error prevented return of the representation response</td>
</tr>
<tr>
<td align="center">503</td>
<td align="left">SERVICE UNAVAILABLE</td>
<td align="left">No</td>
<td align="left">The server is temporarily unable to return the representation. Please wait and try again later</td>
</tr>
</tbody>
</table>
<h3>Create (POST or PUT) Operation Statuses</h3>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">200</td>
<td align="left">OK</td>
<td align="left">The request was successful, and the resource was updated. The response body contains the updated representation</td>
</tr>
<tr>
<td align="center">201</td>
<td align="left">CREATED</td>
<td align="left">The request was successful, a new resource was created, and the response body contains the representation</td>
</tr>
<tr>
<td align="center">204</td>
<td align="left">OK - NO CONTENT</td>
<td align="left">The request was successful, but no content is returned in the response. In reality this is seldom used for REST APIs and more typically for process APIs. Should include a <code>Location</code> header indicating the location of an associated relevant resource</td>
</tr>
<tr>
<td align="center">207</td>
<td align="left">MULTI STATUS</td>
<td align="left">The HTTP 207 Multi-Status response code indicates that there might be a mixture of responses.</td>
</tr>
<tr>
<td align="center">400</td>
<td align="left">BAD REQUEST</td>
<td align="left">The data given in the POST or PUT failed validation. Inspect the response body for details</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">The supplied credentials, if any, are not sufficient to create or update the resource</td>
</tr>
<tr>
<td align="center">404</td>
<td align="left">NOT FOUND</td>
<td align="left">The endpoint that the API Consumer is attempting to create or update does not exist. Retrying this request is unlikely to be successful</td>
</tr>
<tr>
<td align="center">405</td>
<td align="left">METHOD NOT ALLOWED</td>
<td align="left">You can't POST or PUT to the resource</td>
</tr>
<tr>
<td align="center">422</td>
<td align="left">UNPROCESSABLE CONTENT</td>
<td align="left">The server understands the requests content and syntax however it is unable to process the instruction. Retrying this request will not succeed - the request must be modified</td>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">We couldn't create or update the resource. Please try again later</td>
</tr>
</tbody>
</table>
<h3>Delete (DELETE) Operation Statuses</h3>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">204</td>
<td align="left">OK</td>
<td align="left">The request was successful; the resource was deleted</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">The supplied credentials, if any, are not sufficient to delete the resource</td>
</tr>
<tr>
<td align="center">404</td>
<td align="left">NOT FOUND</td>
<td align="left"/>
</tr>
<tr>
<td align="center">405</td>
<td align="left">METHOD NOT ALLOWED</td>
<td align="left">You can't DELETE the resource</td>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">We couldn't delete the resource. Please try again later</td>
</tr>
</tbody>
</table>
<h3>Non existent API endpoints</h3>
<p>When a consumer attempts to call a non-existent API end point, respond
with a <strong>501 Not Implemented</strong> status code.</p>
</div></li></ul></div></div><h3 id="resourcesCap1">Capabilities by Resource/Profile</h3><h4 id="resourcesSummary1">Summary</h4><p>The summary table lists the resources that are part of this configuration, and for each resource it lists:</p><ul><li>The relevant profiles (if any)</li><li>The interactions supported by each resource (<b><span class="bg-info">R</span></b>ead, <b><span class="bg-info">S</span></b>earch, <b><span class="bg-info">U</span></b>pdate, and <b><span class="bg-info">C</span></b>reate, are always shown, while <b><span class="bg-info">VR</span></b>ead, <b><span class="bg-info">P</span></b>atch, <b><span class="bg-info">D</span></b>elete, <b><span class="bg-info">H</span></b>istory on <b><span class="bg-info">I</span></b>nstance, or <b><span class="bg-info">H</span></b>istory on <b><span class="bg-info">T</span></b>ype are only present if at least one of the resources has support for them.</li><li><span>The required, recommended, and some optional search parameters (if any). </span></li><li>The linked resources enabled for <code>_include</code></li><li>The other resources enabled for <code>_revinclude</code></li><li>The operations on the resource (if any)</li></ul><div class="table-responsive"><table class="table table-condensed table-hover"><thead><tr><th><b>Resource Type</b></th><th><b>Profile</b></th><th class="text-center"><b title="GET a resource (read interaction)">R</b></th><th class="text-center"><b title="GET all set of resources of the type (search interaction)">S</b></th><th class="text-center"><b title="PUT a new resource version (update interaction)">U</b></th><th class="text-center"><b title="POST a new resource (create interaction)">C</b></th><th><b title="Required and recommended search parameters">Searches</b></th><th><code><b>_include</b></code></th><th><code><b>_revinclude</b></code></th><th><b>Operations</b></th></tr></thead><tbody><tr><td><a href="#DocumentReference1-1">DocumentReference</a></td><td><a href="StructureDefinition-nz-screening-summary.html">https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary</a></td><td></td><td class="text-center">y</td><td class="text-center"></td><td class="text-center"></td><td>subject, category, contenttype</td><td><code>DocumentReference:subject</code></td><td><code/></td><td/></tr></tbody></table></div><hr/><div class="panel panel-default"><div class="panel-heading"><h4 id="DocumentReference1-1" class="panel-title"><span style="float: right;">Resource Conformance: supported </span>DocumentReference</h4></div><div class="panel-body"><div class="container"><div class="row"><div class="col-lg-6"><span class="lead">Base System Profile</span><br/><a href="StructureDefinition-nz-screening-summary.html">https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary</a></div><div class="col-lg-3"><span class="lead">Profile Conformance</span><br/><b>SHALL</b></div><div class="col-lg-3"><span class="lead">Reference Policy</span><br/></div></div><p/><div class="row"><div class="col-lg-6"><span class="lead">Interaction summary</span><br/><ul><li>Supports <code>search-type</code>.</li></ul></div></div><p/><div class="row"><div class="col-12"><span class="lead">Documentation</span><blockquote><div><p>Provides a document rendition of screening summary information</p>
</div></blockquote></div></div><div class="row"><div class="col-lg-7"><span class="lead">Search Parameters</span><table class="table table-condensed table-hover"><thead><tr><th>Conformance</th><th>Parameter</th><th>Type</th><th>Documentation</th></tr></thead><tbody><tr><td><b>SHALL</b></td><td>subject</td><td><code>reference</code></td><td><div><p>NHI of the person who is the subject of the screening summary document.</p>
<ul>
<li>If no screening information exists in the Register for a given subject NHI, the API returns <code>200 OK</code> and an empty FHIR Bundle.</li>
</ul>
</div></td></tr><tr><td><b>SHALL</b></td><td>category</td><td><code>token</code></td><td><div><p>Filters screening summaries by selecting the type of screening programme</p>
</div></td></tr><tr><td><b>SHALL</b></td><td>contenttype</td><td><code>token</code></td><td><div><p>Optional parameter that allows a PDF rendition (#application/pdf) of the screening summary content to be requested instead of the default HTML.</p>
</div></td></tr></tbody></table></div><div class="col-lg-5"> </div></div></div></div></div></div>
</text>
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/resource-metadata-extension">
<extension url="licenseURL">
<valueUri
value="https://www.tewhatuora.govt.nz/assets/Our-health-system/Digital-health/Digital-Service-Hub/API-Access-and-Use-Agreement.docx"/>
</extension>
<extension url="externalDocs">
<valueUri value="https://fhir-ig.digital.health.nz/screening"/>
</extension>
<extension url="licenseName">
<valueString
value="Health New Zealand Digital Services Hub API Access and Use Agreement"/>
</extension>
<extension url="globalHeaders">
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension">
<extension url="key">
<valueString value="Correlation-Id"/>
</extension>
<extension url="value">
<valueUri
value="https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Correlation-Id.json"/>
</extension>
<extension url="required">
<valueBoolean value="false"/>
</extension>
</extension>
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension">
<extension url="key">
<valueString value="x-api-key"/>
</extension>
<extension url="value">
<valueUri
value="https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Api-Key.json"/>
</extension>
<extension url="required">
<valueBoolean value="true"/>
</extension>
</extension>
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension">
<extension url="key">
<valueString value="Request-Context"/>
</extension>
<extension url="value">
<valueUri
value="https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Request-Context.json"/>
</extension>
<extension url="required">
<valueBoolean value="true"/>
</extension>
</extension>
</extension>
</extension>
<url
value="https://fhir-ig.digital.health.nz/screening/CapabilityStatement/FHIRScreeningCapabilityStatement"/>
<version value="0.9.2"/>
<name value="FHIRScreeningCapabilityStatement"/>
<title value="National Screening FHIR API Capability Statement"/>
<status value="draft"/>
<date value="2024-05-03"/>
<publisher value="Health New Zealand | Te Whatu Ora"/>
<contact>
<name value="Health New Zealand | Te Whatu Ora"/>
<telecom>
<system value="url"/>
<value value="https://www.tewhatuora.govt.nz/"/>
</telecom>
<telecom>
<system value="email"/>
<value value="integration@tewhatuora.govt.nz"/>
</telecom>
</contact>
<contact>
<name value="HNZ Integration Team"/>
<telecom>
<system value="email"/>
<value value="integration@tewhatuora.govt.nz"/>
<use value="work"/>
</telecom>
</contact>
<description value="National Screening FHIR API"/>
<jurisdiction>
<coding>
<system value="urn:iso:std:iso:3166"/>
<code value="NZ"/>
<display value="New Zealand"/>
</coding>
</jurisdiction>
<kind value="instance"/>
<implementation>
<description value="National Screening FHIR API"/>
<url value="https://fhir.api.digital.health.nz/R4"/>
</implementation>
<fhirVersion value="4.0.1"/>
<format value="json"/>
<rest>
<mode value="server"/>
<security>
<extension
url="http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris">
<extension url="token">
<valueUri
value="https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/token"/>
</extension>
</extension>
<extension
url="http://fhir-registry.smarthealthit.org/StructureDefinition/capabilities">
<valueCode value="client-confidential-symmetric"/>
</extension>
<cors value="true"/>
<service>
<coding>
<code value="SMART-on-FHIR"/>
</coding>
</service>
</security>
<resource>
<type value="DocumentReference"/>
<profile
value="https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary"/>
<documentation
value="Provides a document rendition of screening summary information"/>
<interaction>
<code value="search-type"/>
</interaction>
<versioning value="versioned"/>
<readHistory value="false"/>
<updateCreate value="false"/>
<conditionalCreate value="false"/>
<conditionalRead value="not-supported"/>
<conditionalUpdate value="false"/>
<conditionalDelete value="not-supported"/>
<searchInclude value="DocumentReference:subject"/>
<searchParam>
<name value="subject"/>
<definition
value="https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-subject"/>
<type value="reference"/>
<documentation
value="NHI of the person who is the subject of the screening summary document.
- If no screening information exists in the Register for a given subject NHI, the API returns `200 OK` and an empty FHIR Bundle."/>
</searchParam>
<searchParam>
<name value="category"/>
<definition
value="https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-category"/>
<type value="token"/>
<documentation
value="Filters screening summaries by selecting the type of screening programme"/>
</searchParam>
<searchParam>
<name value="contenttype"/>
<definition
value="https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-contenttype"/>
<type value="token"/>
<documentation
value="Optional parameter that allows a PDF rendition (#application/pdf) of the screening summary content to be requested instead of the default HTML."/>
</searchParam>
</resource>
<interaction>
<code value="search-system"/>
<documentation
value="### Read (GET) Operation Statuses
|**Code**|**Meaning**|**Description**|
|:--:|:-----------------|:--|
|200|OK |The request was successful, and the response body contains the representation requested|
|302|FOUND |A common redirect response; you can GET the representation at the URI in the Location response header|
|304|NOT MODIFIED |Your client's cached version of the representation is still up to date|
|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|
|404|NOT FOUND |The requested representation was not found. Retrying this request is unlikely to be successful|
|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |An internal server error prevented return of the representation response|
|503|SERVICE UNAVAILABLE|We are temporarily unable to return the representation. Please wait and try again later|
### Search (GET) Operation Statuses
|**Code**|**Meaning** |**OperationOutcome** in response?|**Description**|
|:--:|:-----------------|:----------------------------------|:----------------------------------|
|200|OK |Yes, when there are additional messages about a match result|The request was successful, and the response body contains the representation requested|
|302|FOUND |No |A common redirect response; you can GET the representation at the URI in the Location response header|
|400|BAD REQUEST |Yes|Incorrect search parameters or malformed request - see diagnostics in OperationOutcome|
|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|
|429|TOO MANY REQUESTS |No |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |No |An internal server error prevented return of the representation response|
|503|SERVICE UNAVAILABLE|No |The server is temporarily unable to return the representation. Please wait and try again later|
### Create (POST or PUT) Operation Statuses
|**Code**|**Meaning**|**Description**|
|:--:|:-----------------|:--|
|200|OK |The request was successful, and the resource was updated. The response body contains the updated representation|
|201|CREATED |The request was successful, a new resource was created, and the response body contains the representation|
|204|OK - NO CONTENT |The request was successful, but no content is returned in the response. In reality this is seldom used for REST APIs and more typically for process APIs. Should include a `Location` header indicating the location of an associated relevant resource|
|207|MULTI STATUS |The HTTP 207 Multi-Status response code indicates that there might be a mixture of responses.|
|400|BAD REQUEST |The data given in the POST or PUT failed validation. Inspect the response body for details|
|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to create or update the resource|
|404|NOT FOUND |The endpoint that the API Consumer is attempting to create or update does not exist. Retrying this request is unlikely to be successful|
|405|METHOD NOT ALLOWED |You can't POST or PUT to the resource|
|422|UNPROCESSABLE CONTENT|The server understands the requests content and syntax however it is unable to process the instruction. Retrying this request will not succeed - the request must be modified|
|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |We couldn't create or update the resource. Please try again later|
### Delete (DELETE) Operation Statuses
|**Code**|**Meaning**|**Description**|
|:--:|:-----------------|:--|
|204|OK |The request was successful; the resource was deleted|
|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to delete the resource|
|404|NOT FOUND | |
|405|METHOD NOT ALLOWED |You can't DELETE the resource|
|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |We couldn't delete the resource. Please try again later|
### Non existent API endpoints
When a consumer attempts to call a non-existent API end point, respond
with a **501 Not Implemented** status code."/>
</interaction>
</rest>
</CapabilityStatement>