This page is part of the FHIR Specification (v4.0.1: R4 (v5.0.0: R5 - Mixed Normative and STU ) ). This is the current published version in it's permanent home (it will always be available at this URL). The current version which supercedes this version is 5.0.0 . For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

• Content
• Examples
• Detailed Descriptions
• Mappings
• Operations
• Search Params
• Profiles &
• Extensions
• R3 R4 Conversions

2.46 2.12 Resource Subscription - Content

FHIR Infrastructure Work Group

Maturity Level : 3

Trial Use

Security Category : Business

Compartments : Not linked to any No defined compartments

The subscription resource is used to define a push-based subscription from describes a server particular client's request to another system. Once a subscription is registered with the server, the server checks every resource that is created or updated, and if the resource matches the given criteria, it sends be notified about a message on the defined "channel" so that another system can take an appropriate action. SubscriptionTopic.

, or, more generally, W3C Pub/Sub 2.12.3 References to this Resource ).

• Resource References: SubscriptionStatus

2.46.3 2.12.4 Resource Content

 

See the Profiles & Extensions and the alternate Additional definitions: Master Definition XML + JSON , XML Schema / Schematron + JSON Schema , ShEx (for Turtle ) + see the extensions , the spreadsheet version & the dependency analysis

2.46.3.1 2.12.4.1 Terminology Bindings

Subscription.channel.type Subscription.channel.payload

Path	Definition ValueSet	Type	Reference Documentation
Subscription.status	The status of a subscription. SubscriptionStatusCodes (a valid code from Subscription Status )	Required	SubscriptionStatus State values for FHIR Subscriptions.
Subscription.filterBy.resourceType	SubscriptionTypes	Extensible	Types used with Subscriptions
	All Resource Types	ui
Subscription.filterBy.comparator	The type of method used to execute a subscription. SearchComparator	Required	What Search Comparator Codes are supported in search.
Subscription.filterBy.modifier	SearchModifierCode	Required	A supported modifier for a search parameter.
Subscription.channelType	SubscriptionChannelType (a valid code from SubscriptionChannel Type Codes )	Extensible	Core-defined FHIR channel types allowed for use in Subscriptions.
Subscription.contentType	The mime type of an attachment. Any MimeTypes (a valid mime type is allowed. code from urn:ietf:bcp:13 )	Required	Mime Types This value set includes all possible codes from BCP-13 (see http://tools.ietf.org/html/bcp13)
Subscription.content	SubscriptionPayloadContent	Required	Codes to represent how much resource content to send in the notification payload.

2.12.4.2 Constraints

2.46.4 2.12.5 Safety and Security

Executing each of the channels documented below involves the server sending a communication that will reveal information about the client and server relationship, and, if the entire resource is sent, administrative or clinical information that may be quite sensitive and/or protected under law. Servers Applications are responsible for ensuring appropriate following FHIR security is employed for each channel. The subscription resource does not address these concerns directly - it is assumed that these guidance . Some recommendations specific to subscriptions are administered by other configuration processes. For instance, a server might maintain a whitelist of acceptable servers for provided on the rest-create/rest-update methods. Emails should generally be secured using some technique such as Direct . Subscriptions Framework page.

2.46.5 2.12.6 Managing Multi-Resource Subscriptions and Errors

A subscription is defined by creating the Subscription resource As indicated on the server. When the Subscriptions Framework and SubscriptionTopic resource pages, subscriptions can have more than a single resource in scope (e.g., a subscription is created by the client, it sets the status that triggers on both Condition and Observation resources, a topic tied to "requested". After POSTing the subscription, all resources, etc.). If there are filters that do not apply to every resource available in a topic, clients SHOULD ensure that the client parses filterBy.resourceType element is filled appropriately. More detail can be found in the Location header Filters and saves Resource Types section of the new Subscription's logical id for use in subsequent operations. Subscriptions Framework page.

2.12.7 Payload Types

When There are three options available when specifying the server receives contents of a subscription, it SHOULD check that it is prepared to accept/process the subscription. If it is, it sets the subscription to Notification: active empty , id-only , and then process it like a normal create . If it isn't, it SHOULD return an error with an OperationOutcome instead full-resource . These options change the level of processing detail conveyed in the notification create Bundle .

The criteria are subject When deciding which payload type to request, systems SHOULD consider both ease of processing and security of PHI. To mitigate the same limitations as the client that created it, such as access to patient compartments etc. Note that risk of information leakage, systems SHOULD use the subscription remains active after minimum level of detail consistent with the client access tokens expire. use case. In practice, id-only provides a good balance between security and performance for many real-world scenarios.

Once If a server cannot or will not honor a payload type (e.g., will not send full-resource over HTTP), it SHOULD reject the Subscription request. A server has activated MAY instead accept the subscription, it sets subscription with modifications and return the status accepted version to "active" (note: the server can do this as it accepts client.

When sending event notifications servers SHALL populate the resource if it wants). SubscriptionStatus.notificationEvent structure with relevant information, depending on the payload type.

2.12.7.1 empty

An appropriately authorized client example notification with an empty payload can use search and/or history operations to see what subscriptions are currently active on be found here .

With the server. Once content type of empty , all information about the subscription resources involved in triggering the notification is no longer desired, only available via channels other than the client deletes Subscription itself (e.g., the subscription REST API or $events operation). This mitigates many security concerns by both removing most PHI from the server. The server may retry the notification and allows servers to consolidate authorization and authentication logic. When the subscriber receives a fixed number notification of times and/or refer errors this type, it may query the server to fetch all the relevant resources based on the SubscriptionTopic and applicable filters. The client might include a _lastUpdated query parameter, supplying its own alert logs. If last query timestamp to retrieve only the most recent resources. For example, if the notification fails, is for a topic about patient admission, the server should set subscriber will generally query for recent Encounters for a patient or group of patients, then fetch them as needed.

When populating the status SubscriptionStatus.notificationEvent structure for a notification with an empty payload, a server SHALL NOT include references to 'error' resources (e.g., SubscriptionStatus.notificationEvent.focus and mark SubscriptionStatus.notificationEvent.additionalContext SHALL NOT be present).

When the error in content type is empty , notification bundles SHALL NOT contain Bundle.entry elements other than the resource. If SubscriptionStatus for the notification.

2.12.7.2 id-only

An example notification succeeds, with an id-only payload can be found here .

With the server should update content type of id-only , the status resources involved in triggering the notification are only available through other channels (e.g., REST API), but notifications include URLs which can be used to "active again. If access those resources. This allows servers to consolidate authorization and authentication logic, while removing the need for expensive queries by subscribers. When a subscription fails consistently subscriber receives a server notification of this type, it may choose set directly fetch all the subscription status relevant resources using the supplied resource ids. For example, if the notification is for a topic about patient admission, the subscriber may fetch the Encounter(s) for a patient or group of patients.

When the content type is id-only , the SubscriptionStatus.notificationEvent structure SHALL include references to off and stop trying the appropriate focus resources in the SubscriptionStatus.notificationEvent.focus element. This provides clients a fixed location to send notifications. consolidate IDs for all notification types.

If Additionally, notification bundles MAY contain, in addition to the SubscriptionStatus , at least one Bundle.entry for each resource relevant to the notification. For example, a subscription nominates notification for a fixed end date, topic based on Encounter MAY include a reference to the server automatically deletes it at Encounter and MAY also include additional resources deemed relevant (e.g., the specified time. linked Patient).

2.46.6 2.12.7.3 Tracking Subscription Notifications full-resource

Applications that wish to track whether notifications have been sent for particular resources (or versions of resources) An example notification with a full-resource payload can look at the AuditEvent resources. For example: be found here .

GET [base]/AuditEvent?entity=Patient/103

This search will return all With the content type of full-resource , the AuditEvent resources that involved in triggering the notification are about Patient 103 . At included in the notification bundle. When a subscriber receives a notification of this time there is no deterministic way type, resources are already present in the bundle, though the subscriber may need to tell say which of those AuditEvent fetch additional resources come from the subscription sub-system that actually handles notifications. This server. For example, the if the notification is planned for a topic about patient admission, the subscriber may require related Observation resources.

When the content type is full-resource , the SubscriptionStatus.notificationEvent structure SHALL include references to be resolved the appropriate focus resources in the SubscriptionStatus.notificationEvent.focus element. This provides clients a future version of this specification. In fixed location to consolidate IDs for all notification types.

Notification bundles for full-resource subscriptions SHALL contain, in addition to the mean time, servers are encouraged SubscriptionStatus , at least one Bundle.entry for each resource relevant to create AuditEvent records when performing notifications the notification. For example, a notification for a topic based on Encounter SHALL include an Encounter and document how clients can identify MAY include additional resources deemed relevant (e.g., the relevant records when searching. In addition, servers might also create Communication resources Patient). Each Bundle.entry for some of the notifications that are sent a full-resource notification SHALL contain a relevant resource in response the entry.resource element. If a server cannot include the resource contents due to an issue with a subscription, such as when sending emails. specific notification, the server SHALL populate the entry.request and/or entry.response elements.

GET [base]/Communication?based-on=Subscription/103

2.12.8 Batching Results

This returns Subscriptions allow servers to batch multiple notifications into a list single subscription-notification Bundle. For example, if a server has a high-frequency of communications sent updates (e.g., several per second), it could be beneficial to combine notifications to reduce traffic and overhead. Note that servers SHALL NOT delay sending notification longer than time span specified by a subscription. TODO: search on payload.... Subscription.heartbeat .

2.46.7 2.12.9 Channels

2.46.7.1 2.12.9.1 REST Hook Deciding on Channel Type

This uses an empty POST message specification defines a core set of channel types to alert cover the subscriber that new results are available - POST majority of common use cases. Servers MAY define additional channel types as needed. Below is some guidance for implementers to [base]/Subscription: consider when selecting a channel type.

{ "resourceType": "Subscription", "criteria": "Observation?name=http://loinc.org|1975-2&_format=json", "channel": { "type": "rest-hook", "endpoint": "https://biliwatch.com/customers/mount-auburn-miu/on-result", "header": "Authorization: Bearer secret-token-abc-123" } }

2.12.9.1.1 REST-Hook

When a resource is created or updated that meets The FHIR standard makes extensive use of the criteria, RESTful model. Given the server sends a POST request with no body to popularity of REST and widespread adoption, most implementers should consider using REST-hook channels whenever possible. In general, REST-based systems are well-supported (e.g., tooling, infrastructure, documentation, etc.), and will present the nominated URL. lowest bar for implementation.

2.12.9.1.2 Websocket

When the subscriber receives a POST to https://biliwatch.com/customers/mount-auburn-miu/on-result , it re-issues the criteria as a query to Websockets are unique in the server, appending &_since=:last (where :last is replaced by pre-defined channel types in being the time at which only channel that does not require the client last checked). In to have an endpoint. Due to this way it can fetch all new relevant Observations . property, the websocket channel is very useful for clients where creating an endpoint would be difficult or impossible (e.g., mobile clients, web-based clients, etc.).

2.12.9.1.3 Email

Since payload The Email channel is missing, the data in the resources is only available through the channel that could contest REST API, which helps consolidate authorization in non-FHIR implementations. That said, Email communication is often high-latency and authentication logic. The server must append is typically used for communication to individuals - not applications. Email channels are particularly useful in the headers, context of these non-application use cases, such as public health notifications. For example, if any are given, to a public health agency does not have the POST request that ability or desire to build a custom RESTful solution (e.g., creating and maintaining an endpoint to receive notifications, as well as software to consume those notifications), it makes is straightforward to the client. map notifications to email addresses or aliases.

2.12.9.1.4 FHIR Messaging

Alternatively, the server can be asked to send the entire resource to FHIR Messaging is a nominated mechanism defined to allow for non-RESTful communication between FHIR end-point. This servers and clients. One common use case is usually appropriate when connectivity is an issue (e.g., remote sites that batch all communications when connections are available). This channel defines how to integrate topic-based subscriptions with the FHIR Messaging model.

2.12.9.1.5 Custom Channels

For use cases that are not well-met by any of the predefined channels, the Subscriptions Framework allows for defining routing rules within custom channel definitions. Some examples of scenarios where custom channels may be applicable include:

• requirements for reliable (guaranteed) delivery (e.g., message queues)
• implementations using other communication protocols (e.g., protocols specific to a managed eco-system such as cloud-based provider)
• implementations using a healthcare institution. { "channel": { "type": "rest-hook", "endpoint": "https://internal.acme.com/research/saturn", "payload": "application/fhir+json" } } non-standard serialization format

2.12.9.2 REST Hook

This requests that To receive notifications via HTTP/S POST, a server forward client requests a copy subscription with the channel type of any matching resource in JSON format to `rest-hook` (from the nominated server as subscription-channel-type Code System) and and an Update operation using endpoint ( Subscription.endpoint ) with the nominated desired URL. Note that this URL as must be accessible by the service base . In order to execute this channel, hosting server.

To convey an event notification, the server must know how POSTs a notification Bundle to authenticate appropriately with the destination server. This can be done by client's nominated endpoint URL per the subscription resource providing format requests in the Subscription:

• The content-type of the POST SHALL match the MIME type on the Subscription Subscription.contentType .
• Each Subscription.parameter indicates an authentication HTTP request header and SHALL be sent as {parameter.name}: {parameter.value} .

When a subscription is created for a REST Hook channel type, the server SHALL set initial status to use, or alternatively, requested , pending verification of the nominated endpoint URL. After a successful handshake notification has been sent and accepted, the server may be specifically configured to be able SHALL update the status to use active . Any errors in the nominated server. initial handshake SHALL result in the status being changed to error .

An example workflow for establishing a rest-hook subscription is shown below.

1. Client creates a Subscription with the channelType set to rest-hook .
2. Server responds with a success code and creates the subscription with a state of requested .
3. Server performs an HTTP POST to the requested endpoint with a handshake notification.
4. Client Endpoint accepts the POST and returns a success HTTP code (e.g., 200 ).
5. Server sends a notification of type heartbeat at any time (SHOULD at least once per heartbeatPeriod ).
6. Client Endpoint accepts a heartbeat via HTTP POST and returns an HTTP success code (e.g., 200 ).
7. Server sends a notification of type event-notification when triggered.
8. Client Endpoint accepts an event-notification via HTTP POST and returns an HTTP code (e.g., 200 ).

2.46.7.2 2.12.9.2.1 Channel Security Notes

HTTP is neither a secure nor an encrypted channel, nor does it provide endpoint verification. It is strongly recommended that implementations refuse requests to send notifications to URLs using the HTTP protocol (use HTTPS instead).

2.12.9.3 WebSockets

Subscriptions are created exclusively via While the primary interface for FHIR servers is the FHIR REST API. But API, notifications need not occur via REST. Indeed, some subscribers may be unable to expose an outward-facing HTTP server to receive triggered notifications. For example, a pure client-side Web app or mobile app may want to subscribe to a data feed without polling using the /history operation. feed. This can be accomplished using a websocket notification channel. channel from the subscription-channel-type Code System.

A client can declare its intention to listen To receive notifications via Web Sockets: { "channel": { "type": "websocket" } } The subscriber would then initiate WebSocket, a Web Socket connection to the server, at client requests a URL advertised in subscription with the FHIR server's Capability statement (subscriptions/webSocketUrl (todo)). A simple protocol channel type ( Subscription.channelType ) of websocket (from the subscription-channel-type Code System). Note that no endpoint ( Subscription.endpoint ) is used in websocket channels, since clients connect to listen a server-hosted websocket URL.

An example workflow for notifications: receiving notifications via websockets is shown below:

1. Client connects creates a secure Web Socket Subscription with the channelType set to websocket .
2. Server responds with a success code and creates the server's webSocketUrl (see subscription.
3. Client requests a websocket extension in binding token, by invoking the server's CapabilityStatement $get-ws-binding-token ). operation via REST. Note: this call is intended to be repeated as necessary (e.g., prior to a token expiring, a client should request a new one).
4. Client authenticates parses the response of the $get-ws-binding-token operation to server using extract a server-specified Web socket protocol (e.g. OAuth bearer token presentation). , expiration , and websocket-url .
5. Client connects to the server via websockets, via the returned websocket-url ( wss:// preferred).
6. Client sends a bind :id bind-with-token message over via websockets, with the socket (using token provided by the logical id server. Note: this operation can be repeated concurrently for multiple subscriptions that share the same websocket-url , and serially for continued operation over a single websocket connection.
7. Server sends one or more handshake messages via websockets (one per Subscription included in the token). Note: some servers may additionally send one or more event-notification messages at this time (e.g., all messages since last connected, last 'n' messages, etc.). Clients are expected to handle either flow.
8. Server sends a notification of type heartbeat at any time (SHOULD at least once per heartbeatPeriod ).
9. Server sends a notification of type event-notification when triggered.
10. If the subscription). For example, token is expiring soon and the client might issue: bind 123). Client wishes to continue receiving notifications, it should invoke the $get-ws-binding-token operation via REST.
11. Server responds with at least a "bound :id" message token , expiration , and websocket-url . Note that the token and websocket-url MAY be the same or new values, as determined by the server.
12. If the websocket-url is different from the existing connection, the Client establishes a new connection to acknowledge. the Client Endpoint.
13. Server Client sends a "ping :id" bind-with-token message via websockets, with the token provided by the server. Note: this operation can be repeated concurrently for multiple subscriptions that return the same websocket-url , and serially for continued operation over a single websocket connection.
14. Server sends one or more handshake messages via websockets (one per Subscription included in the token). Note: some servers may additionally send one or more event-notification messages at this time (e.g., all messages since last connected, last 'n' messages, etc.). Clients are expected to notify handle either flow.
15. Either the server or the client each time may close the websocket connection.

Notes:

• Notifications sent from the server SHALL be in the MIME Type specified by the Subscription.contentType , however, if notifications are requested for multiple subscriptions with different MIME types, the server MAY choose to send all notifications in a new result single MIME type.
• Notifications SHALL conform to the content level specified by Subscription.content .
• When receiving notifications, a connected websocket client has no responsibilities beyond reading the message (e.g., there is available no acknowledgement message).

2.46.7.3

Note to Implementers: The Websocket channel type needs more testing and feedback to ensure all requirements are met before finalizing the specification.

2.12.9.3.1 Email/SMS Channel Security Notes

A WebSocket security poses several challenges specific to the channel. When implementing websockets for notifications, please keep in mind the following list of some areas of concern:

• Authentication of WebSockets is not generically interoperable with JWT or other 'Authentication header' protocols - the JavaScript WebSocket API does not include the ability to include them.
• Given client limitations on concurrent WebSocket connections (commonly 6), it is recommended that a single connection be able to authenticate to multiple Subscription resources.
• Unlike HTTP/S requests, WebSockets can register be long-lived. Because of this, the case of revoking access of an active connection must be considered.
• This specification does not describe the security details of Websocket tokens issued by the $get-ws-binding-token operation. Issued tokens MAY be single-use (e.g., re-establishing a connection require a new token) or reusable until their expiration (e.g., re-establishing a connection can reuse an existing token). Additionally, servers are free to issue tokens as either single-client or shared. Servers SHOULD document their policy on token issuance.

2.12.9.4 Email

While the primary interface for its user FHIR servers is the FHIR REST API, notifications need not occur via REST. Indeed, some subscribers may be unable to maintain an outward-facing HTTP server to receive triggered notifications. For example, a public health organization may want to be notified of outbreaks of various illnesses. This can be accomplished using an email notification channel.

To receive notifications by email: via Email, a client requests a subscription with the channel type ( Subscription.channelType ) of email (from the subscription-channel-type Code System) and an endpoint ( Subscription.endpoint ) with the desired email URI (e.g., mailto:public_health_notifications@example.org ).

{ "channel": { "type": "email", "endpoint": "mailto:mt-auburn-results@direct.biliwatch.com", "header": "A new bilirubin result has arrived!" } }

The server would will send a new message for each matching resource. The body of the email may time a notification should be empty, sent (e.g., per event or it may contain per batch). The server will create a reference to message based on the search or values present in the matching resource. It is at Subscription.contentType and Subscription.content fields. If a server cannot honor the discretion of requested combination, the server as to how much information should reject the Subscription request rather than send unexpected email messages.

The email channel sets two guidelines about content:

• Message Body content SHALL be human readable
• Message Attachments SHOULD be machine readable

Due to provide. these guidelines, the Subscription.channel.header Subscription.contentType sets refers to the subject content of the email. The email should be secured appropriately, such as using Direct, as specified by the rules body of the applicable jurisdictions. SMS works very similarly: message. Attachment type information can be appended as a MIME parameter, for example:

{ "channel": { "type": "sms", "endpoint": "tel:+1555-345-5555" } }

• text/plain : a plain-text body with no attachment
• text/html : an HTML body with no attachment
• text/plain;attach=application/fhir+json : a plain-text body with a FHIR JSON bundle attached
• text/html;attach=application/fhir+xml : an HTML body with a FHIR XML bundle attached

Note: SMS messages are extremely limited in size, so The channel.payload Subscription.content will usually field SHALL be omitted (signifying that no payload is applied to any attachments, and MAY be sent). The recipient may be human, but this is applied to body contents (depending on server implementation). However, a server must not always include a body which exceeds the case. Irrespective of size, most servers will refuse specified content level. For example, a server may choose to send payloads always include a standard message in SMS for security reasons, the body of the message containing no PHI and may refuse vary the attachment, but cannot include PHI in the body of an email when the content is set to send emails unless encrypted. empty .

A mime/type of text/plain can be useful An example workflow using the email channel type is included below.

1. Client creates a Subscription with some extension describing how to convert resources the channelType set to email .
2. Server MAY respond with a text representation. This specification success code and create the subscription with a state of active .
3. Server MAY respond with a success code and create the subscription with a state of requested .
4. Server sends an initial message via the specified email server (e.g., verify the request, opt-out instructions, etc.).
5. Email Server responds with a channel appropriate response code (e.g., 250: OK ).
6. Server may provide supporting infrastructure send an email for this in the future. a notification of type heartbeat at any time (SHOULD at least once per heartbeatPeriod ).
7. Server may send an email for a notification of type event-notification at any time.

2.46.7.4 2.12.9.4.1 Channel Security Notes

Email (SMTP) is not a secure channel. Implementers must ensure that any messages containing PHI have been secured according to their policy requirements (e.g., use of a system such as Direct ).

2.12.9.5 Messaging

A client can register for its user There are times when it is desireable to use Subscriptions as a communication channel between FHIR servers that are connected via Messaging instead of REST. This can be accomplished using a Subscription with the channel type of message .

To receive notifications via messaging, a client should request a subscription with the channel type ( Subscription.channelType ) of message and set the endpoint ( Subscription.endpoint ) to the destination FHIR server base URL. Note that this URL must be accessible by messaging : the hosting server.

{ "channel": { "type": "message", "endpoint": "http://ehr.example.org/fhir/$process-message" } }

For each matching resource, a The FHIR server hosting the subscription (server) will send FHIR messages to the destination FHIR server (endpoint) as needed. These messages will, as the contents of the message, have a fully-formed subscription-notification Bundle. An example message can be found here .

An example workflow using the message channel type is included below.

1. Client creates a Subscription with the channelType set to message .
2. Server responds with a success code and creates the nominated end-point. Most servers will subscription with a state of requested .
3. Server sends a FHIR Message to the requested endpoint with a handshake notification.
4. Client Endpoint accepts the Message and returns success.
5. Server may send a Message containing a notification of type heartbeat at any time (SHOULD at least once per heartbeatPeriod ).
6. Server may send a Message containing a notification of type event-notification at any time.

Note to Implementers: The Messaging channel type needs more testing and feedback to ensure all requirements are met before finalizing the specification.

2.12.9.5.1 Channel Security Notes

Servers MAY require that the end-point is white-listed prior to allowing these kinds of subscriptions. Additionally, servers MAY impose authorization/authentication requirements for server to server communication (e.g., certificate pinning, etc.).

2.12.10 Defining Channel Types

Defining a new channel type requires clear communication to implementers of both clients and servers around requirements and expectations. Below are some areas which should be considered when creating a channel. Anyone defining a channel type is encouraged to publish their definition at registry.fhir.org .

STU Note: Note to Implementers: The details of Warning: This section is still in early drafting; feedback from topic authors is welcome to refine the message - mainly following guidance.

2.12.10.1 Channel Basics

At a minimum, the event following items should be defined:

• A system for Subscription.channelType that reflects the publisher of the definition (e.g., "https://myorg.example.org" instead of "urn:uuid:be35238b-0ed6-4062-93cf-818b8023a103")
• A generally descriptive code - for Subscription.channelType (e.g., 'secure-mq' instead of 'channel')
• The type of data required in Subscription.endpoint (e.g., URI, etc.)
• The meaning of Subscription.parameter field values (e.g., REST-hook defines as HTTP headers included in a POST). Note that channels can specify general behavior and/or specific parameters by name .
• Any additions or variations on MIME types for Subscription.contentType (e.g., email defines this as the email body, with allowable attachments.)
• Whether handshake notifications are still used, and guidance on usage if they are
• Whether heartbeat notifications are used, and guidance on timings if they are

2.12.10.2 Channel Security Considerations

Defining a channel has security implications. While it is not expected that authors cover all aspects of security, guidance specific to the channel SHOULD be resolved during provided. For example, when discussing REST-hooks, this specification includes guidance about using HTTPS over HTTP.

If the trial channel CANNOT be secured, that should be stated with a warning not to transfer PHI. If the channel is or can be secured, guidance should be given on how configurations relate to PHI safety, for example:

• Does the channel determine the legitimacy of both endpoints?
• Is the channel secure from third-party monitoring?

2.12.11 Managing Subscriptions and Errors

The subscription resource is authored by the client with an initial status of requested . A new subscription is created on the server using the RESTful create or update interaction. After a successful transaction, the client parses the Location header and saves the new Subscription's logical id for use period. in subsequent operations.

Feedback When the server receives a subscription, it SHOULD check that it is welcome here prepared to accept/process the subscription. If it is, it sets the subscription to requested and process it like a normal create . If it isn't, it SHOULD return an error with an OperationOutcome instead of processing the create .

The criteria are subject to the same limitations as the client that created it, such as access to patient compartments etc. Note that the subscription MAY remain active after the client access tokens expire.

Once the server has activated the subscription, it sets the status to active (note: the server may do this as it accepts the resource if it wants).

An appropriately authorized client can use search and/or history operations to see what subscriptions are currently active on the server. Once the subscription is no longer desired, the client deletes the subscription from the server.

The server may retry the notification a fixed number of times and/or refer errors to its own alert logs. If the notification fails, the server SHOULD set the status to error and mark the error in the resource. If the notification succeeds, the server SHOULD update the status to active and may remove any error codes. If a subscription fails consistently a server may choose set the subscription status to off and stop trying to send notifications.

Errors a server wishes to make accessible to clients are communicated via SubscriptionStatus.error . Clients MAY receive these errors in notifications sent by the server or detect them by running the $status operation on a subscription. Servers should provide a mechanism for clearing errors (e.g., when resetting a Subscription.status back to requested after an error).

2.46.8 2.12.12 Search Parameters

Search parameters for this resource. See also the full list of search parameters for this resource , and check the Extensions registry for search parameters on extensions related to this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

Name	Type	Description	Expression	In Common
contact	token	Contact details for the subscription	Subscription.contact
criteria content-level	token	Content level included in notifications	Subscription.content
filter-value	string	The search rules Filter value used to determine when to send a notification narrow notifications	Subscription.criteria Subscription.filterBy.value
identifier	token	A subscription identifier	Subscription.identifier
name	string	A human-readable name	Subscription.name
owner	reference	The managing entity	Subscription.managingEntity ( Practitioner , Organization , CareTeam , Patient , HealthcareService , PractitionerRole , RelatedPerson )
payload N	token	The mime-type of the notification payload notifications	Subscription.channel.payload Subscription.contentType
status	token	The current state of the subscription	Subscription.status
topic	uri	The canonical topic url that triggers notifications	Subscription.topic
type	token	The type of channel for the sent notifications	Subscription.channel.type Subscription.channelType
url	uri	The uri that will receive the notifications	Subscription.channel.endpoint Subscription.endpoint