Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

4.3.2.20 CodeSystem http://hl7.org/fhir/safety-entries

Vocabulary icon Work Group Maturity Level: 0Informative Use Context: Any

This is a code system defined by the FHIR project.

Summary

Defining URL:http://hl7.org/fhir/safety-entries
Version:5.0.0-ballot
Name:FHIRSafetyCheckListEntries
Title:FHIR Safety CheckList Entries
Status:draft
Definition:

The check list items icon defined as part of the FHIR specification.

Committee:??
OID:2.16.840.1.113883.4.642.4.1819 (for OID based terminology systems)
Flags:CaseSensitive, Complete
All codes ValueSet:http://hl7.org/fhir/ValueSet/safety-entries

This Code system is not currently used

This code system http://hl7.org/fhir/safety-entries defines the following codes:

CodeDefinitionCopy
life-cycle For each resource that my system handles, my system handles the full [Life cycle](lifecycle.html) (status codes, currency issues, and erroneous entry status)btn btn
modifiers For each resource that my system handles, I've reviewed the [Modifier elements](conformance-rules.html#isModifier)btn btn
modifier-extensions My system checks for [modifierExtension](extensibility.html#modifierExtension) elementsbtn btn
must-support My system supports [elements labeled as 'MustSupport'](conformance-rules.html#mustSupport) in the [profiles](profiling.html) that apply to my systembtn btn
identity My system has documented how [distributed resource identification](managing.html#distributed) works in its relevant contexts of use, and where (and why) [contained](references.html#contained) resources are usedbtn btn
current My system manages lists of [current resources](lifecycle.html#current) correctlybtn btn
error-checks When other systems [return http errors from the RESTful API](http.html#summary) and [Operations](operations.html) (perhaps using [Operation Outcome](operationoutcome.html)), my system checks for them and handles them appropriately btn btn
link-merge My system ensures checks for patient links (and/or merges) and handles data that is linked to patients accordinglybtn btn
cs-declare My system publishes a [Capability Statement](capabilitystatement.html) with [StructureDefinitions](structuredefinition.html), [ValueSets](valueset.html), and [OperationDefinitions](operationdefinition.html), etc., so other implementers know how the system functionsbtn btn
valid-checked All resources in use are [valid](validation.html) against the base specification and the [profiles](profiling.html) that apply to my system (see note about the [correct run-time use of validation](validation.html#correct-use))btn btn
obs-focus I've reviewed the [Observation](observation.html) resource, and understand how ```focus``` is a mechanism for observations to be about someone or something other than the patient or subject of record.btn btn
time-zone My system checks for time zones and adjusts times appropriately. (note: time zones are extremely difficult to get correct - see [W3C Timezone Advice](https://www.w3.org/TR/timezone/), and note that some fields should be timezone corrected, and others should not be)btn btn
date-rendering My system renders dates safely for changes in culture and language (the date formats D-M-Y and M-D-Y are not differentiated for many dates, and this is a well-known source of confusion. Systems should use the month name, or otherwise be specific for each date when rendering, unless there is solid confidence that such confusion cannot arise, even in the future when information/narrative from resources will be shared much more widely)btn btn
cross-resource My system takes care to ensure that clients can (for servers) or will (for clients) find the information they need when content that might reasonably be exposed using more than one FHIR resource. Possible patterns: Support a single search across the applicable resources, or expose data through each applicable resource. See discussion on [Wiki Page](https://confluence.hl7.org/display/FHIR/Managing+Overlap+Between+Resources) for further informationbtn btn
display-warnings My system will display warnings returned by the server to the userbtn btn
search-parameters My system checks whether the server processed all the requested search parameter, and is safe if servers ignore parameters (typically, either filters locally or warns the user)btn btn
missing-values My system caters for [parameters that have missing values](search.html#missing) when doing search operations, and responds correctly to the client with regard to [erroneous search parameters](search.html#errors)btn btn
default-filters My system includes appropriate default filters when searching based on patient context - e.g. filtering out entered-in-error records, filtering to only include active, living patients if appropriate, and clearly documents these (preferably including them in the self link for a searchbtn btn
deletion-check For each resource, I have checked whether resources can be deleted, and/or how records are marked as incorrect/no longer relevantbtn btn
deletion-replication Deletion of records (or equivalent updates in status) flow through the system so any replicated copies are deleted/updatedbtn btn
deletion-support (If a server) my documentation about deleted resources is clear, and my test sandbox (if exists) has deleted/error record cases in the test databtn btn
check-consent My system checks that the right [Patient consent](consent.html) has been granted (where applicable)btn btn
distribute-aod My system sends an [Accounting of Disclosure](secpriv-module.html#AoD) to the consenter as requested when permitted actions on resources are performed using an [AuditEvent](auditevent.html) Resourcebtn btn
check-clocks My system ensures that system clocks are synchronized using a protocol like NTP or SNTP, or my server is robust against clients that have the wrong clock setbtn btn
check-dns-responses My system uses security methods for an API to authenticate where Domain Name System (DNS) responses are coming from and ensure that they are validbtn btn
use-encryption Production exchange of patient or other sensitive data will always use some form of [encryption on the wire](security.html#http)btn btn
use-tls Where resources are exchanged using [HTTP](security.html#http), [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) should be utilized to protect the communications channelbtn btn
use-smime Where resources are exchanged using email, [S/MIME](https://en.wikipedia.org/wiki/S/MIME) should be used to protect the end-to-end communicationbtn btn
use-tls-per-bcp195 Production exchange should utilize recommendations for [Best-Current-Practice on TLS in BCP 195](https://tools.ietf.org/html/bcp195)btn btn
use-ouath My system utilizes a risk and use case [appropriate OAuth profile](security.html#oauth) (preferably [Smart App Launch](http://hl7.org/fhir/smart-app-launch)), with a [clear policy on authentication strength](security.html#authentication)btn btn
use-openidconnect My system uses [OpenID Connect](https://openid.net/connect/) (or other suitable authentication protocol) to verify identity of end user, where it is necessary that end-users be identified to the client application, and has a clear policy on [identity proofing](secpriv-module.html#user)btn btn
use-rbac My system applies appropriate access control to every request, using a combination of requester’s clearance (ABAC) and/or roles (RBAC)btn btn
use-labels My system considers [security labels](security-labels.html) on the affected resources when making access control decisions btn btn
render-narratives My system can [render narratives properly](narrative.html#css) and [securely](security.html#narrative)(where they are used)btn btn
check=validation My system [validates all input received](validation.html) (whether in resource format or other) from other actors so that it data is well-formed and does not contain content that would cause unwanted system behaviorbtn btn
use-provenance My system makes the right [Provenance](provenance.html) statements and [AuditEvent](auditevent.html) logs, and uses the right [security labels](security-labels.html#core) where appropriatebtn btn
enable-cors Server: CORS ([cross-origin resource sharing](http://enable-cors.org/)) is appropriately enabled (many clients are Javascript apps running in a browser)btn btn
use-json JSON is supported (many clients are Javascript apps running in a browser; XML is inconvenient at best)btn btn
json-for-errors JSON is returned correctly when errors happen (clients often don't handle HTML errors well)btn btn
use-format-header The _format header is supported correctlybtn btn
use-operation-outcome Errors are trapped and an OperationOutcome returnedbtn btn

 

See the full registry of code systems defined as part of FHIR.


Explanation of the columns that may appear on this page:

LevelA few code lists that FHIR defines are hierarchical - each code is assigned a level. See Code System for further information.
SourceThe source of the definition of the code (when the value set draws in codes defined elsewhere)
CodeThe code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
DisplayThe display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
DefinitionAn explanation of the meaning of the concept
CommentsAdditional notes about how to use the code