Da Vinci Unsolicited Notifications
1.0.0 - STU1 Release

This page is part of the Da Vinci Unsolicited Notifications (v1.0.0: STU1) based on FHIR R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Security

Da Vinci Unsolicited Notifications involves the server sending a communication that could reveal information about the client and server relationship, as well as sensitive administrative or clinical information. Servers are responsible for ensuring appropriate security is employed and for following the FHIR security guidance. Sensitive data should only be exchanged over secured channels therefore a variety of communication protocols may be appropriate given the nature of the existing inter-party communication channels. This guide does not address these concerns directly; it is assumed that these are administered by other configuration processes.

FHIR does not mandate a single technical approach to security and privacy; rather, the specification provides a set of building blocks that can be applied to create secure, private systems. For example, the de-facto security layer for FHIR RESTful transactions is SMART’s profile of OAuth 2.0:

There are several ongoing initiatives to address various security and privacy issues including:

Once a suitable approach has been agreed upon and published, it will be referenced in a future version of this guide.