A conformance statement is a set of capabilities of a FHIR Server that may be used as a statement of actual server functionality or a statement of required or desired server implementation.

An absolute URL that is used to identify this conformance statement when it is referenced in a specification, model, design or an instance. This SHALL be a URL, SHOULD be globally unique, and SHOULD be an address at which this conformance statement is (or will be) published.

The identifier that is used to identify this version of the conformance statement when it is referenced in a specification, model, design or instance. This is an arbitrary value managed by the profile author manually and the value should be a timestamp.

There may be multiple different instances of a conformance statement that have the same identifier but different versions.

A free text natural language name identifying the conformance statement.

The name is not expected to be globally unique.

The status of this conformance statement.

This is not intended for use with actual conformance statements, but where conformance statements are used to describe possible or desired systems.

A flag to indicate that this conformance statement is authored for testing purposes (or education/evaluation/marketing), and is not intended to be used for genuine usage.

Allows filtering of conformance statements that are appropriate for use vs. not.

The date (and optionally time) when the conformance statement was published. The date must change when the business version changes, if it does, and it must change if the status code changes. In addition, it should change when the substantive content of the conformance statement changes.

Additional specific dates may be added as extensions.

The name of the individual or organization that published the conformance.

Helps establish the "authority/credibility" of the conformance. May also allow for contact.

Usually an organization, but may be an individual. This item SHOULD be populated unless the information is available from context.

Contacts to assist a user in finding and communicating with the publisher.

May be a web site, an email address, a telephone number (tel:), etc.

The name of an individual to contact regarding the conformance.

If there is no named individual, the telecom is for the organization as a whole.

Contact details for individual (if a name was provided) or the publisher.

A free text natural language description of the conformance statement and its use. Typically, this is used when the conformance statement describes a desired rather than an actual solution, for example as a formal expression of requirements as part of an RFP.

This field may include the purpose of this conformance statement, comments about its context etc. This does not need to be populated if the description is adequately implied by the software or implementation details.

The content was developed with a focus and intent of supporting the contexts that are listed. These terms may be used to assist with indexing and searching of conformance statements.

Assist in searching for appropriate content.

Explains why this conformance statement is needed and why it's been constrained as it has.

This element does not describe the usage of the conformance statement (that's done in comments), rather it's for traceability of why the element is either needed or why the constraints exist as they do. This may be used to point to source materials or specifications that drove the structure of this data element.

A copyright statement relating to the conformance statement and/or its contents. Copyright statements are generally legal restrictions on the use and publishing of the details of the system described by the conformance statement.

The way that this statement is intended to be used, to describe an actual running instance of software, a particular product (kind not instance of software) or a class of implementation (e.g. a desired purchase).

Allow searching the 3 modes.

Reference to a canonical URL of another conformance that this software implements or uses. This conformance statement is a published API description that corresponds to a business service. The rest of the conformance statement does not need to repeat the details of the referenced Conformance resource, but can do so.

HL7 defines the following Services: Terminology Service

Many Implementation Guides define additional services.

Software that is covered by this conformance statement. It is used when the conformance statement describes the capabilities of a particular software version, independent of an installation.

Name software is known by.

The version identifier for the software covered by this statement.

If possible, version should be specified, as statements are likely to be different for different versions of software.

Date this version of the software released.

Identifies a specific implementation instance that is described by the conformance statement - i.e. a particular installation, rather than the capabilities of a software program.

Information about the specific installation that this conformance statement relates to.

An absolute base URL for the implementation. This forms the base for REST interfaces as well as the mailbox and document interfaces.

The version of the FHIR specification on which this conformance statement is based.

A code that indicates whether the application accepts unknown elements or extensions when reading resources.

Unknown elements in a resource can only arise as later versions of the specification are published, because this is the only place where such elements can be defined. Hence accepting unknown elements is about inter-version compatibility.

Applications are recommended to accept unknown extensions and elements ('both'), but this is not always possible.

A list of the formats supported by this implementation using their content types.

"xml" or "json" are allowed, which describe the simple encodings described in the specification (and imply appropriate bundle support). Otherwise, mime types are legal here.

A list of profiles that represent different use cases supported by the system. For a server, "supported by the system" means the system hosts/produces a set of resources that are conformant to a particular profile, and allows clients that use its services to search using this profile and to find appropriate data. For a client, it means the system will search by this profile and process data according to the guidance implicit in the profile. See further discussion in [Using Profiles]{profiling.html#profile-uses}.

Supported profiles are different to the profiles that apply to a particular resource in rest.resource.profile. The resource profile is a general statement of what features of the resource are supported overall by the system - the sum total of the facilities it supports. A supported profile is a deeper statement about the functionality of the data and services provided by the server (or used by the client). A typical case is a laboratory system that produces a set of different reports - this is the list of types of data that it publishes. A key aspect of declaring profiles here is the question of how the client converts knowledge that the server publishes this data into working with the data; the client can inspect individual resources to determine whether they conform to a particular profile, but how does it find the ones that does? It does so by searching using the profile parameter, so any resources listed here must be valid values for the profile resource (using the identifier in the target profile). Typical supported profiles cross resource types to describe a network of related resources, so they are listed here rather than by resource. However, they do not need to describe more than one resource.

A definition of the restful capabilities of the solution, if any.

Multiple repetitions allow definition of both client and / or server behaviors or possibly behaviors under different configuration settings (for software or requirements statements).

Identifies whether this portion of the statement is describing ability to initiate or receive restful operations.

Information about the system's restful capabilities that apply across all applications, such as security.

Information about security implementation from an interface perspective - what a client needs to know.

Server adds CORS headers when responding to requests - this enables javascript applications to use the server.

The easiest CORS headers to add are Access-Control-Allow-Origin: * & Access-Control-Request-Method: GET, POST, PUT, DELETE. All servers SHOULD support CORS.

Types of security services are supported/required by the system.

General description of how security works.

Certificates associated with security profiles.

Mime type for certificate.

Actual certificate.

A specification of the restful capabilities of the solution for a specific resource type.

Max of one repetition per resource type.

A type of resource exposed via the restful interface.

A specification of the profile that describes the solution's overall support for the resource, including any constraints on cardinality, bindings, lengths or other limitations. See further discussion in [Using Profiles]{profiling.html#profile-uses}.

The profile applies to all resources of this type - i.e. it is the superset of what is supported by the system.

Additional information about the resource type is used by the system.

Identifies a restful operation supported by the solution.

Coded identifier of the operation, supported by the system resource.

Guidance specific to the implementation of this operation, such as 'delete is a logical delete' or 'updates are only allowed with version id' or 'creates permitted from pre-authorized certificates only'.

REST allows a degree of variability in the implementation of RESTful solutions that is useful for exchange partners to be aware of.

This field is set to no-version to specify that the system does not support (server) or use (client) versioning for this resource type. If this has some other value, the server must at least correctly track and populate the versionId meta-property on resources. If the value is 'versioned-update', then the server supports all the versioning features, including using e-tags for version integrity in the API.

If a server supports versionIds correctly, it SHOULD support vread too, but is not required to do so.

A flag for whether the server is able to return past versions as part of the vRead operation.

It is useful to support the vRead operation for current operations, even if past versions aren't available.

A flag to indicate that the server allows or needs to allow the client to create new identities on the server (e.g. that is, the client PUTs to a location where there is no existing resource). Allowing this operation means that the server allows the client to create new identities on the server.

Allowing the clients to create new identities on the server means that the system administrator needs to have confidence that the clients do not create clashing identities between them. Obviously, if there is only one client, this won't happen. While creating identities on the client means that the clients need to be managed, it's much more convenient for many scenarios if such management can be put in place.

A flag that indicates that the server supports conditional create.

Conditional Create is mainly appropriate for interface engine scripts converting from other formats, such as v2.

A code that indicates how the server supports conditional read.

Conditional Read is mainly appropriate for interface engine scripts converting from other formats, such as v2.

A flag that indicates that the server supports conditional update.

Conditional Update is mainly appropriate for interface engine scripts converting from other formats, such as v2.

A code that indicates how the server supports conditional delete.

Conditional Delete is mainly appropriate for interface engine scripts converting from other formats, such as v2.

A list of _include values supported by the server.

If this list is empty, the server does not support includes.

A list of _revinclude (reverse include) values supported by the server.

If this list is empty, the server does not support includes.

Search parameters for implementations to support and/or make use of - either references to ones defined in the specification, or additional ones defined for/by the implementation.

The name of the search parameter used in the interface.

Parameter names cannot overlap with standard parameter names, and standard parameters cannot be redefined.

An absolute URI that is a formal reference to where this parameter was first defined, so that a client can be confident of the meaning of the search parameter (a reference to SearchParameter.url).

This SHOULD be present, and matches SearchParameter.url.

The type of value a search parameter refers to, and how the content is interpreted.

While this can be looked up from the definition, it is included here as a convenience for systems that autogenerate a query interface based on the server conformance statement. It SHALL be the same as the type in the search parameter definition.

This allows documentation of any distinct behaviors about how the search parameter is used. For example, text matching algorithms.

Types of resource (if a resource is referenced).

This SHALL be the same as or a proper subset of the resources listed in the search parameter definition.

A modifier supported for the search parameter.

Contains the names of any search parameters which may be chained to the containing search parameter. Chained parameters may be added to search parameters of type reference, and specify that resources will only be returned if they contain a reference to a resource which matches the chained parameter value. Values for this field should be drawn from Conformance.rest.resource.searchParam.name on the target resource type.

Systems are not required to list all the chain names they support, but if they don't list them, clients may not know to use them.

A specification of restful operations supported by the system.

A coded identifier of the operation, supported by the system.

Guidance specific to the implementation of this operation, such as limitations on the kind of transactions allowed, or information about system wide search is implemented.

Search parameters that are supported for searching all resources for implementations to support and/or make use of - either references to ones defined in the specification, or additional ones defined for/by the implementation.

Typically, the only search parameters supported for all parameters are search parameters that apply to all resources - tags, profiles, text search etc.

Definition of an operation or a named query and with its parameters and their meaning and type.

The name of the operation or query. For an operation, this is the name prefixed with $ and used in the url. For a query, this is the name used in the _query parameter when the query is called.

The name here SHOULD be the same as the name in the definition, unless there is a name clash and the name cannot be used. The name does not include the "$" portion that is always included in the URL.

Where the formal definition can be found.

This can be used to build an HTML form to invoke the operation, for instance.

An absolute URI which is a reference to the definition of a compartment that the system supports. The reference is to a CompartmentDefinition resource by it's canonical URL.

At present, the only defined compartments are at CompartmentDefinition.

A description of the messaging capabilities of the solution.

Multiple repetitions allow the documentation of multiple endpoints per solution.

An endpoint (network accessible address) to which messages and/or replies are to be sent.

A list of the messaging transport protocol(s) identifiers, supported by this endpoint.

The network address of the end-point. For solutions that do not use network addresses for routing, it can be just an identifier.

Length if the receiver's reliable messaging cache in minutes (if a receiver) or how long the cache length on the receiver should be (if a sender).

If this value is missing then the application does not implement (receiver) or depend on (sender) reliable messaging.

Documentation about the system's messaging capabilities for this endpoint not otherwise documented by the conformance statement. For example, process for becoming an authorized messaging exchange partner.

A description of the solution's support for an event at this end-point.

The same event may be listed up to two times - once as sender and once as receiver.

A coded identifier of a supported messaging event.

The impact of the content of the message.

The mode of this event declaration - whether application is sender or receiver.

A resource associated with the event. This is the resource that defines the event.

This SHALL be provided if the event type supports multiple different resource types.

Information about the request for this event.

Information about the response for this event.

Guidance on how this event is handled, such as internal system trigger points, business rules, etc.

A document definition.

Mode of this document declaration - whether application is producer or consumer.

A description of how the application supports or uses the specified document profile. For example, when are documents created, what action is taken with consumed documents, etc.

A constraint on a resource used in the document.

The first resource is the document resource.