Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

Example CodeSystem/safety-entries (XML)

Vocabulary Work GroupMaturity Level: N/AStandards Status: Informative

Raw XML (canonical form + also see XML Format Specification)

Definition for Code SystemFHIRSafetyCheckListEntries

<?xml version="1.0" encoding="UTF-8"?>

<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="safety-entries"/> 
  <meta> 
    <lastUpdated value="2022-09-10T04:52:37.223+10:00"/> 
  </meta> 
  <text> 
    <status value="generated"/> 
    <div xmlns="http://www.w3.org/1999/xhtml">
      <p> This code system 
        <code> http://hl7.org/fhir/safety-entries</code>  defines the following codes:
      </p> 
      <table class="codes">
        <tr> 
          <td style="white-space:nowrap">
            <b> Code</b> 
          </td> 
          <td> 
            <b> Definition</b> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">life-cycle
            <a name="safety-entries-life-cycle"> </a> 
          </td> 
          <td> 
            <div> 
              <p> For each resource that my system handles, my system handles the full 
                <a href="lifecycle.html">Life cycle</a>  (status codes, currency issues, and erroneous entry status)
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">modifiers
            <a name="safety-entries-modifiers"> </a> 
          </td> 
          <td> 
            <div> 
              <p> For each resource that my system handles, I've reviewed the 
                <a href="conformance-rules.html#isModifier">Modifier elements</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">modifier-extensions
            <a name="safety-entries-modifier-extensions"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system checks for 
                <a href="extensibility.html#modifierExtension">modifierExtension</a>  elements
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">must-support
            <a name="safety-entries-must-support"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system supports 
                <a href="conformance-rules.html#mustSupport">elements labeled as 'MustSupport'</a>  in the 
                <a href="profiling.html">profiles</a>  that apply to my system
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">identity
            <a name="safety-entries-identity"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system has documented how 
                <a href="managing.html#distributed">distributed resource identification</a>  works in its relevant contexts of use, and where (and why) 
                <a href="references.html#contained">contained</a>  resources are used
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">current
            <a name="safety-entries-current"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system manages lists of 
                <a href="lifecycle.html#current">current resources</a>  correctly
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">error-checks
            <a name="safety-entries-error-checks"> </a> 
          </td> 
          <td> 
            <div> 
              <p> When other systems 
                <a href="http.html#summary">return http errors from the RESTful API</a>  and 
                <a href="operations.html">Operations</a>  (perhaps using 
                <a href="operationoutcome.html">Operation Outcome</a> ), my system checks for them and handles them appropriately
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">link-merge
            <a name="safety-entries-link-merge"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system ensures checks for patient links (and/or merges) and handles data that
                 is linked to patients accordingly</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">cs-declare
            <a name="safety-entries-cs-declare"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system publishes a 
                <a href="capabilitystatement.html">Capability Statement</a>  with 
                <a href="structuredefinition.html">StructureDefinitions</a> , 
                <a href="valueset.html">ValueSets</a> , and 
                <a href="operationdefinition.html">OperationDefinitions</a> , etc., so other implementers know how the system functions
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">valid-checked
            <a name="safety-entries-valid-checked"> </a> 
          </td> 
          <td> 
            <div> 
              <p> All resources in use are 
                <a href="validation.html">valid</a>  against the base specification and the 
                <a href="profiling.html">profiles</a>  that apply to my system (see note about the 
                <a href="validation.html#correct-use">correct run-time use of validation</a> )
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">obs-focus
            <a name="safety-entries-obs-focus"> </a> 
          </td> 
          <td> 
            <div> 
              <p> I've reviewed the 
                <a href="observation.html">Observation</a>  resource, and understand how 
                <code> focus</code>  is a mechanism for observations to be about someone or something other than the
                 patient or subject of record.
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">time-zone
            <a name="safety-entries-time-zone"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system checks for time zones and adjusts times appropriately. (note: time zones
                 are extremely difficult to get correct - see 
                <a href="https://www.w3.org/TR/timezone/">W3C Timezone Advice</a> , and note that some fields should be timezone corrected, and others should not
                 be)
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">date-rendering
            <a name="safety-entries-date-rendering"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system renders dates safely for changes in culture and language (the date formats
                 D-M-Y and M-D-Y are not differentiated for many dates, and this is a well-known
                 source of confusion. Systems should use the month name, or otherwise be specific
                 for each date when rendering, unless there is solid confidence that such confusion
                 cannot arise, even in the future when information/narrative from resources will
                 be shared much more widely)</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">cross-resource
            <a name="safety-entries-cross-resource"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system takes care to ensure that clients can (for servers) or will (for clients)
                 find the information they need when content that might reasonably be exposed using
                 more than one FHIR resource. Possible patterns: Support a single search across
                 the applicable resources, or expose data through each applicable resource. See
                 discussion on 
                <a href="https://confluence.hl7.org/display/FHIR/Managing+Overlap+Between+Resources">Wiki Page</a>  for further information
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">display-warnings
            <a name="safety-entries-display-warnings"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system will display warnings returned by the server to the user</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">search-parameters
            <a name="safety-entries-search-parameters"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system checks whether the server processed all the requested search parameter,
                 and is safe if servers ignore parameters (typically, either filters locally or
                 warns the user)</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">missing-values
            <a name="safety-entries-missing-values"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system caters for 
                <a href="search.html#missing">parameters that have missing values</a>  when doing search operations, and responds correctly to the client with regard
                 to 
                <a href="search.html#errors">erroneous search parameters</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">default-filters
            <a name="safety-entries-default-filters"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system includes appropriate default filters when searching based on patient
                 context - e.g. filtering out entered-in-error records, filtering to only include
                 active, living patients if appropriate, and clearly documents these (preferably
                 including them in the self link for a search</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">deletion-check
            <a name="safety-entries-deletion-check"> </a> 
          </td> 
          <td> 
            <div> 
              <p> For each resource, I have checked whether resources can be deleted, and/or how
                 records are marked as incorrect/no longer relevant</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">deletion-replication
            <a name="safety-entries-deletion-replication"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Deletion of records (or equivalent updates in status) flow through the system so
                 any replicated copies are deleted/updated</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">deletion-support
            <a name="safety-entries-deletion-support"> </a> 
          </td> 
          <td> 
            <div> 
              <p> (If a server) my documentation about deleted resources is clear, and my test sandbox
                 (if exists) has deleted/error record cases in the test data</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">check-consent
            <a name="safety-entries-check-consent"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system checks that the right 
                <a href="consent.html">Patient consent</a>  has been granted (where applicable)
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">distribute-aod
            <a name="safety-entries-distribute-aod"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system sends an 
                <a href="secpriv-module.html#AoD">Accounting of Disclosure</a>  to the consenter as requested when permitted actions on resources are performed
                 using an 
                <a href="auditevent.html">AuditEvent</a>  Resource
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">check-clocks
            <a name="safety-entries-check-clocks"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system ensures that system clocks are synchronized using a protocol like NTP
                 or SNTP, or my server is robust against clients that have the wrong clock set</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">check-dns-responses
            <a name="safety-entries-check-dns-responses"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system uses security methods for an API to authenticate where Domain Name System
                 (DNS) responses are coming from and ensure that they are valid</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-encryption
            <a name="safety-entries-use-encryption"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Production exchange of patient or other sensitive data will always use some form
                 of 
                <a href="security.html#http">encryption on the wire</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-tls
            <a name="safety-entries-use-tls"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Where resources are exchanged using 
                <a href="security.html#http">HTTP</a> , 
                <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>  should be utilized to protect the communications channel
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-smime
            <a name="safety-entries-use-smime"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Where resources are exchanged using email, 
                <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a>  should be used to protect the end-to-end communication
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-tls-per-bcp195
            <a name="safety-entries-use-tls-per-bcp195"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Production exchange should utilize recommendations for 
                <a href="https://tools.ietf.org/html/bcp195">Best-Current-Practice on TLS in BCP 195</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-ouath
            <a name="safety-entries-use-ouath"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system utilizes a risk and use case 
                <a href="security.html#oauth">appropriate OAuth profile</a>  (preferably 
                <a href="http://hl7.org/fhir/smart-app-launch">Smart App Launch</a> ), with a 
                <a href="security.html#authentication">clear policy on authentication strength</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-openidconnect
            <a name="safety-entries-use-openidconnect"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system uses 
                <a href="https://openid.net/connect/">OpenID Connect</a>  (or other suitable authentication protocol) to verify identity of end user, where
                 it is necessary that end-users be identified to the client application, and has
                 a clear policy on 
                <a href="secpriv-module.html#user">identity proofing</a> 
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-rbac
            <a name="safety-entries-use-rbac"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system applies appropriate access control to every request, using a combination
                 of requester’s clearance (ABAC) and/or roles (RBAC)</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-labels
            <a name="safety-entries-use-labels"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system considers 
                <a href="security-labels.html">security labels</a>  on the affected resources when making access control decisions
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">render-narratives
            <a name="safety-entries-render-narratives"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system can 
                <a href="narrative.html#css">render narratives properly</a>  and 
                <a href="security.html#narrative">securely</a> (where they are used)
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">check=validation
            <a name="safety-entries-check.61validation"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system 
                <a href="validation.html">validates all input received</a>  (whether in resource format or other) from other actors so that it data is well-formed
                 and does not contain content that would cause unwanted system behavior
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-provenance
            <a name="safety-entries-use-provenance"> </a> 
          </td> 
          <td> 
            <div> 
              <p> My system makes the right 
                <a href="provenance.html">Provenance</a>  statements and 
                <a href="auditevent.html">AuditEvent</a>  logs, and uses the right 
                <a href="security-labels.html#core">security labels</a>  where appropriate
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">enable-cors
            <a name="safety-entries-enable-cors"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Server: CORS (
                <a href="http://enable-cors.org/">cross-origin resource sharing</a> ) is appropriately enabled (many clients are Javascript apps running in a browser)
              </p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-json
            <a name="safety-entries-use-json"> </a> 
          </td> 
          <td> 
            <div> 
              <p> JSON is supported (many clients are Javascript apps running in a browser; XML is
                 inconvenient at best)</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">json-for-errors
            <a name="safety-entries-json-for-errors"> </a> 
          </td> 
          <td> 
            <div> 
              <p> JSON is returned correctly when errors happen (clients often don't handle HTML
                 errors well)</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-format-header
            <a name="safety-entries-use-format-header"> </a> 
          </td> 
          <td> 
            <div> 
              <p> The _format header is supported correctly</p> 

            </div> 
          </td> 
        </tr> 
        <tr> 
          <td style="white-space:nowrap">use-operation-outcome
            <a name="safety-entries-use-operation-outcome"> </a> 
          </td> 
          <td> 
            <div> 
              <p> Errors are trapped and an OperationOutcome returned</p> 

            </div> 
          </td> 
        </tr> 
      </table> 
    </div> 
  </text> 
  <extension url="http://hl7.org/fhir/StructureDefinition/codesystem-use-markdown">
    <valueBoolean value="true"/> 
  </extension> 
  <url value="http://hl7.org/fhir/safety-entries"/> 
  <identifier> 
    <system value="urn:ietf:rfc:3986"/> 
    <value value="urn:oid:2.16.840.1.113883.4.642.4.1819"/> 
  </identifier> 
  <version value="5.0.0-ballot"/> 
  <name value="FHIRSafetyCheckListEntries"/> 
  <title value="FHIR Safety CheckList Entries"/> 
  <status value="draft"/> 
  <experimental value="false"/> 
  <publisher value="FHIR Project"/> 
  <description value="The [check list items](http://hl7.org/fhir/safety.html) defined as part of the
   FHIR specification."/> 
  <caseSensitive value="true"/> 
  <valueSet value="http://hl7.org/fhir/ValueSet/safety-entries"/> 
  <hierarchyMeaning value="is-a"/> 
  <content value="complete"/> 
  <concept> 
    <code value="life-cycle"/> 
    <definition value="For each resource that my system handles, my system handles the full [Life cycle](lifecycle.h
    tml) (status codes, currency issues, and erroneous entry status)"/> 
  </concept> 
  <concept> 
    <code value="modifiers"/> 
    <definition value="For each resource that my system handles, I've reviewed the [Modifier elements](conformance-r
    ules.html#isModifier)"/> 
  </concept> 
  <concept> 
    <code value="modifier-extensions"/> 
    <definition value="My system checks for [modifierExtension](extensibility.html#modifierExtension)
     elements"/> 
  </concept> 
  <concept> 
    <code value="must-support"/> 
    <definition value="My system supports [elements labeled as 'MustSupport'](conformance-rules.html#mustSupport)
     in the [profiles](profiling.html) that apply to my system"/> 
  </concept> 
  <concept> 
    <code value="identity"/> 
    <definition value="My system has documented how [distributed resource identification](managing.html#distributed)
     works in its relevant contexts of use, and where (and why) [contained](references.html#contai
    ned) resources are used"/> 
  </concept> 
  <concept> 
    <code value="current"/> 
    <definition value="My system manages lists of [current resources](lifecycle.html#current) correctly"/> 
  </concept> 
  <concept> 
    <code value="error-checks"/> 
    <definition value="When other systems [return http errors from the RESTful API](http.html#summary)
     and [Operations](operations.html) (perhaps using [Operation Outcome](operationoutcome.html)),
     my system checks for them and handles them appropriately "/> 
  </concept> 
  <concept> 
    <code value="link-merge"/> 
    <definition value="My system ensures checks for patient links (and/or merges) and handles data that
     is linked to patients accordingly"/> 
  </concept> 
  <concept> 
    <code value="cs-declare"/> 
    <definition value="My system publishes a [Capability Statement](capabilitystatement.html) with [StructureDefinit
    ions](structuredefinition.html), [ValueSets](valueset.html), and [OperationDefinitions](operat
    iondefinition.html), etc., so other implementers know how the system functions"/> 
  </concept> 
  <concept> 
    <code value="valid-checked"/> 
    <definition value="All resources in use are [valid](validation.html) against the base specification
     and the [profiles](profiling.html) that apply to my system (see note about the
     [correct run-time use of validation](validation.html#correct-use))"/> 
  </concept> 
  <concept> 
    <code value="obs-focus"/> 
    <definition value="I've reviewed the [Observation](observation.html) resource, and understand how
     ```focus``` is a mechanism for observations to be about someone or something other
     than the patient or subject of record."/> 
  </concept> 
  <concept> 
    <code value="time-zone"/> 
    <definition value="My system checks for time zones and adjusts times appropriately. (note: time zones
     are extremely difficult to get correct - see [W3C Timezone Advice](https://www.w3.org/TR/time
    zone/), and note that some fields should be timezone corrected, and others should
     not be)"/> 
  </concept> 
  <concept> 
    <code value="date-rendering"/> 
    <definition value="My system renders dates safely for changes in culture and language (the date formats
     D-M-Y and M-D-Y are not differentiated for many dates, and this is a well-known
     source of confusion. Systems should use the month name, or otherwise be specific
     for each date when rendering, unless there is solid confidence that such confusion
     cannot arise, even in the future when information/narrative from resources will
     be shared much more widely)"/> 
  </concept> 
  <concept> 
    <code value="cross-resource"/> 
    <definition value="My system takes care to ensure that clients can (for servers) or will (for clients)
     find the information they need when content that might reasonably be exposed using
     more than one FHIR resource. Possible patterns: Support a single search across
     the applicable resources, or expose data through each applicable resource. See
     discussion on [Wiki Page](https://confluence.hl7.org/display/FHIR/Managing+Overlap+Between+Re
    sources) for further information"/> 
  </concept> 
  <concept> 
    <code value="display-warnings"/> 
    <definition value="My system will display warnings returned by the server to the user"/> 
  </concept> 
  <concept> 
    <code value="search-parameters"/> 
    <definition value="My system checks whether the server processed all the requested search parameter,
     and is safe if servers ignore parameters (typically, either filters locally or
     warns the user)"/> 
  </concept> 
  <concept> 
    <code value="missing-values"/> 
    <definition value="My system caters for [parameters that have missing values](search.html#missing)
     when doing search operations, and responds correctly to the client with regard
     to [erroneous search parameters](search.html#errors)"/> 
  </concept> 
  <concept> 
    <code value="default-filters"/> 
    <definition value="My system includes appropriate default filters when searching based on patient
     context - e.g. filtering out entered-in-error records, filtering to only include
     active, living patients if appropriate, and clearly documents these (preferably
     including them in the self link for a search"/> 
  </concept> 
  <concept> 
    <code value="deletion-check"/> 
    <definition value="For each resource, I have checked whether resources can be deleted, and/or how
     records are marked as incorrect/no longer relevant"/> 
  </concept> 
  <concept> 
    <code value="deletion-replication"/> 
    <definition value="Deletion of records (or equivalent updates in status) flow through the system so
     any replicated copies are deleted/updated"/> 
  </concept> 
  <concept> 
    <code value="deletion-support"/> 
    <definition value="(If a server) my documentation about deleted resources is clear, and my test sandbox
     (if exists) has deleted/error record cases in the test data"/> 
  </concept> 
  <concept> 
    <code value="check-consent"/> 
    <definition value="My system checks that the right [Patient consent](consent.html) has been granted
     (where applicable)"/> 
  </concept> 
  <concept> 
    <code value="distribute-aod"/> 
    <definition value="My system sends an [Accounting of Disclosure](secpriv-module.html#AoD) to the consenter
     as requested when permitted actions on resources are performed using an [AuditEvent](auditeve
    nt.html) Resource"/> 
  </concept> 
  <concept> 
    <code value="check-clocks"/> 
    <definition value="My system ensures that system clocks are synchronized using a protocol like NTP
     or SNTP, or my server is robust against clients that have the wrong clock set"/> 
  </concept> 
  <concept> 
    <code value="check-dns-responses"/> 
    <definition value="My system uses security methods for an API to authenticate where Domain Name System
     (DNS) responses are coming from and ensure that they are valid"/> 
  </concept> 
  <concept> 
    <code value="use-encryption"/> 
    <definition value="Production exchange of patient or other sensitive data will always use some form
     of [encryption on the wire](security.html#http)"/> 
  </concept> 
  <concept> 
    <code value="use-tls"/> 
    <definition value="Where resources are exchanged using [HTTP](security.html#http), [TLS](https://en.wikipedia.or
    g/wiki/Transport_Layer_Security) should be utilized to protect the communications
     channel"/> 
  </concept> 
  <concept> 
    <code value="use-smime"/> 
    <definition value="Where resources are exchanged using email, [S/MIME](https://en.wikipedia.org/wiki/S/MIME)
     should be used to protect the end-to-end communication"/> 
  </concept> 
  <concept> 
    <code value="use-tls-per-bcp195"/> 
    <definition value="Production exchange should utilize recommendations for [Best-Current-Practice on
     TLS in BCP 195](https://tools.ietf.org/html/bcp195)"/> 
  </concept> 
  <concept> 
    <code value="use-ouath"/> 
    <definition value="My system utilizes a risk and use case [appropriate OAuth profile](security.html#oauth)
     (preferably [Smart App Launch](http://hl7.org/fhir/smart-app-launch)), with a [clear
     policy on authentication strength](security.html#authentication)"/> 
  </concept> 
  <concept> 
    <code value="use-openidconnect"/> 
    <definition value="My system uses [OpenID Connect](https://openid.net/connect/) (or other suitable
     authentication protocol) to verify identity of end user, where it is necessary
     that end-users be identified to the client application, and has a clear policy
     on [identity proofing](secpriv-module.html#user)"/> 
  </concept> 
  <concept> 
    <code value="use-rbac"/> 
    <definition value="My system applies appropriate access control to every request, using a combination
     of requester’s clearance (ABAC) and/or roles (RBAC)"/> 
  </concept> 
  <concept> 
    <code value="use-labels"/> 
    <definition value="My system considers [security labels](security-labels.html) on the affected resources
     when making access control decisions "/> 
  </concept> 
  <concept> 
    <code value="render-narratives"/> 
    <definition value="My system can [render narratives properly](narrative.html#css) and [securely](security.html#n
    arrative)(where they are used)"/> 
  </concept> 
  <concept> 
    <code value="check=validation"/> 
    <definition value="My system [validates all input received](validation.html) (whether in resource
     format or other) from other actors so that it data is well-formed and does not
     contain content that would cause unwanted system behavior"/> 
  </concept> 
  <concept> 
    <code value="use-provenance"/> 
    <definition value="My system makes the right [Provenance](provenance.html) statements and [AuditEvent](auditeven
    t.html) logs, and uses the right [security labels](security-labels.html#core) where
     appropriate"/> 
  </concept> 
  <concept> 
    <code value="enable-cors"/> 
    <definition value="Server: CORS ([cross-origin resource sharing](http://enable-cors.org/)) is appropriately
     enabled (many clients are Javascript apps running in a browser)"/> 
  </concept> 
  <concept> 
    <code value="use-json"/> 
    <definition value="JSON is supported (many clients are Javascript apps running in a browser; XML is
     inconvenient at best)"/> 
  </concept> 
  <concept> 
    <code value="json-for-errors"/> 
    <definition value="JSON is returned correctly when errors happen (clients often don't handle HTML
     errors well)"/> 
  </concept> 
  <concept> 
    <code value="use-format-header"/> 
    <definition value="The _format header is supported correctly"/> 
  </concept> 
  <concept> 
    <code value="use-operation-outcome"/> 
    <definition value="Errors are trapped and an OperationOutcome returned"/> 
  </concept> 
</CodeSystem> 

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.