This page is part of the FHIR Specification (v1.0.2: DSTU 2). The current version which supercedes this version is

This page is part of the FHIR Specification (v1.4.0: STU 3 Ballot 3). The current version which supercedes this version is 5.0.0 . For a full list of available versions, see the Directory of published versions . For a full list of available versions, see the Directory of published versions

2.0 Implementation Implementation

FHIR Infrastructure FHIR Infrastructure Work Group Work Group

Maturity Level : N/A Maturity Level : N/A

Ballot Status : DSTU 2 Ballot Status : DSTU 2

Exchange Frameworks Exchange Frameworks Define how Resources are exchanged. Define how Resources are exchanged. RESTful API (HTTP) RESTful API (HTTP) Search Operations Documents Messaging Services: Terminology Service Terminology Service

Support Implementation Support. Implementation Support. Downloads - Schemas, Code, Tools Downloads - Schemas, Code, Tools FHIR Wiki FHIR Wiki Validating Resources Validating Resources Security Mapping Language ( tutorial & ) Security Labels & Security Labels Variations between Submitted data and Retrieved data Variations between Submitted data and Retrieved data Managing Resource Identity Managing Resource Identity Push vs Pull Push vs Pull Integrated Examples Integrated Examples Support Links (on FHIR Wiki) Support Links (on FHIR Wiki)

FHIR Profiles & Implementation Guides FHIR Profiles & Implementation Guides Adapting FHIR for specific usage. Adapting FHIR for specific usage. Profiling FHIR Profiling FHIR Implementation Guides Implementation Guides Profiles Defined as part of FHIR Profiles Defined as part of FHIR Common Use Cases Common Use Cases

2.0.0.1 Implementer's Safety Check List Implementer's Safety Check List FHIR is as simple to implement as we know how to make it. However, due to the nature of healthcare, and healthcare processes, and cultural concerns, there are a number of features in FHIR that implementers are obliged to consider in order to implement safe systems. This section is a check list to help implementers be sure that they've considered all the parts of FHIR that impact on their system design with regard to safety.

FHIR is as simple to implement as we know how to make it. However, due to the nature of healthcare, and healthcare processes, and cultural concerns, there are a number of features in FHIR that implementers are obliged to consider in order to implement safe systems.

This section is a check list to help implementers be sure that they've considered all the parts of FHIR that impact on their system design with regard to safety.

1. Production exchange of patient or other sensitive data will always use some form of encryption on the wire Production exchange of patient or other sensitive data will always use some form of encryption on the wire
2. For each resource that my system handles, I've reviewed the Modifier elements For each resource that my system handles, I've reviewed the Modifier elements
3. My system checks for My system checks for modifierExtension elements elements
4. My system supports elements labelled as "must-support" in the My system supports elements labelled as "must-support" in the profiles that apply to my system that apply to my system
5. For each resource that my system handles, my system handles the full Life cycle (status codes, currency issues, and erroneous entry status) For each resource that my system handles, my system handles the full Life cycle (status codes, currency issues, and erroneous entry status)
6. My system can render narratives properly (where they are used) My system can render narratives properly (where they are used)
7. My system has documented how distributed resource identification works in its relevant contexts of use, and where (and why) My system has documented how distributed resource identification works in its relevant contexts of use, and where (and why) contained resources are used resources are used
8. My system manages lists of current resources correctly My system manages lists of current resources correctly
9. My system makes the right My system makes the right Provenance statements and statements and AuditEvent logs, and uses the right security labels where appropriate logs, and uses the right security labels where appropriate
10. My system checks that the right Patient consent has been granted (where applicable) My system checks that the right Patient consent has been granted (where applicable)
11. When other systems return http errors from the RESTful API and When other systems return http errors from the RESTful API and Operations (perhaps using Operation Outcome (perhaps using Operation Outcome ), my system checks for them and handles them appropriately ), my system checks for them and handles them appropriately
12. My system publishes a conformance statement with My system publishes a conformance statement with StructureDefinitions , , ValueSets , and , and OperationDefinitions , etc., so other implementers know how the system functions Obviously this list is only a small part of the overall safety check list for an application, which will have checks regarding jurisdictionally mandated policies, internal integrity, etc. © HL7.org 2011+. FHIR DSTU2 (v1.0.2-7202) generated on Sat, Oct 24, 2015 07:44+1100. Links: Search , etc., so other implementers know how the system functions

Obviously this list is only a small part of the overall safety check list for an application, which will have checks regarding jurisdictionally mandated policies, internal integrity, etc.