This page is part of the DaVinci Postable Remittance FHIR Implementation Guide (v1.0.0: STU 1) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions

Privacy and Security

Privacy & Security Considerations

The profiles in this IG are defined to ensure sufficient information to properly search for a previously sent postable remittance. There are existing processes that payers and clearinghouses take to secure their portals and similar processes should be taken to secure access to the APIs defined in this IG.

Some of the data shared as part of the postable remittance process may have associated constraints on the use of that information for other purposes, including subsequent disclosure to other payers, practitioners, policy-holders, etc. HL7 FHIR supports conveying this information via security labels on transmitted resources. The expectation is that the authentication and authorization processes used to secure the APIs defined in this IG will allow payers and clearinghouses to ensure that the information being returned is allowed to be disclosed from a privacy perspective.

In order to make queries about postable remittances, the provider system will need to access the payor system. This will require that the provider system authenticates to the payer system or an intermediary. Every system implementing the Postable Remittance guide will need to be aware of and follow the guidance in the FHIR Core Specification on Clinical Safety, the FHIR Core Specification on Security and the Security and Privacy page in the Da Vinci HRex guide.