This page is part of the Da Vinci Risk Adjustment FHIR Implementation Guide (v2.1.0: STU 2) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions
Security, Privacy, and Safety
Although the exact mechanisms for securing these exchanges are not specified as part of this IG:
- Exchanges are limited to mutually agreed upon (i.e., between the Server and the Client) patient lists or population.
- Systems should use standard authentication and authorization approaches. The SMART App Launch and SMART backend services authentication/authorization approach are recommended models.
- This implementation guide inherits all of the mandatory requirements and recommendations defined in the Security and Privacy section of the Da Vinci Health Record Exchange (HRex) implementaion guide. Implementers SHALL read and adhere to the guidance for the following topics:
- Statutes, Regulations
- FHIR Clinical Safy, Security and Implementation Guidance
- Security/Privacy Related Technologies, Including Explicit Consent and Security Labels
- Exchange Security
- Additionally Protected Information
- Security Contexts for Da Vinci IGs