http://hl7.org/fhir/safety-entries|5.0.0
name
FHIRSafetyCheckListEntries
FHIRSafetyCheckListEntries
package
hl7.fhir.r5.core@5.0.0
hl7.fhir.r5.core@5.0.0
content
complete
complete
status
draft
draft
FHIR Safety CheckList Entries
The [checklist items](http://hl7.org/fhir/safety.html) defined as part of the FHIR specification.
| code | display | definition | hierarchy |
|---|---|---|---|
| life-cycle | For each resource that my system handles, my system handles the full [Life cycle](lifecycle.html) (s... | ||
| modifiers | For each resource that my system handles, I've reviewed the [Modifier elements](conformance-rules.ht... | ||
| modifier-extensions | My system checks for [modifierExtension](extensibility.html#modifierExtension) elements... | ||
| must-support | My system supports [elements labeled as 'MustSupport'](conformance-rules.html#mustSupport) in the [p... | ||
| identity | My system has documented how [distributed resource identification](managing.html#distributed) works ... | ||
| current | My system manages lists of [current resources](lifecycle.html#current) correctly... | ||
| error-checks | When other systems [return http errors from the RESTful API](http.html#summary) and [Operations](ope... | ||
| link-merge | My system ensures checks for patient links (and/or merges) and handles data that is linked to patien... | ||
| cs-declare | My system publishes a [Capability Statement](capabilitystatement.html) with [StructureDefinitions](s... | ||
| valid-checked | All resources in use are [valid](validation.html) against the base specification and the [profiles](... | ||
| obs-focus | I've reviewed the [Observation](observation.html) resource, and understand how ```focus``` is a mech... | ||
| time-zone | My system checks for timezones and adjusts times appropriately. (note: timezones are extremely diffi... | ||
| date-rendering | My system renders dates safely for changes in culture and language (the date formats D-M-Y and M-D-Y... | ||
| cross-resource | My system takes care to ensure that clients can (for servers) or will (for clients) find the informa... | ||
| display-warnings | My system will display warnings returned by the server to the user... | ||
| search-parameters | My system checks whether the server processed all the requested search parameter, and is safe if ser... | ||
| missing-values | My system caters for [parameters that have missing values](search.html#missing) when doing search op... | ||
| default-filters | My system includes appropriate default filters when searching based on patient context - e.g. filter... | ||
| deletion-check | For each resource, I have checked whether resources can be deleted, and/or how records are marked as... | ||
| deletion-replication | Deletion of records (or equivalent updates in status) flow through the system so any replicated copi... | ||
| deletion-support | (If a server) my documentation about deleted resources is clear, and my test sandbox (if exists) has... | ||
| check-consent | My system checks that the right [Patient consent](consent.html) has been granted (where applicable)... | ||
| distribute-aod | My system sends an [Accounting of Disclosure](secpriv-module.html#AoD) to the consenter as requested... | ||
| check-clocks | My system ensures that system clocks are synchronized using a protocol like NTP or SNTP, or my serve... | ||
| check-dns-responses | My system uses security methods for an API to authenticate where Domain Name System (DNS) responses ... | ||
| use-encryption | Production exchange of patient or other sensitive data will always use some form of [encryption on t... | ||
| use-tls | Where resources are exchanged using [HTTP](security.html#http), [TLS](https://en.wikipedia.org/wiki/... | ||
| use-smime | Where resources are exchanged using email, [S/MIME](https://en.wikipedia.org/wiki/S/MIME) should be ... | ||
| use-tls-per-bcp195 | Production exchange should utilize recommendations for [Best-Current-Practice on TLS in BCP 195](htt... | ||
| use-ouath | My system utilizes a risk and use case [appropriate OAuth profile](security.html#oauth) (preferably ... | ||
| use-openidconnect | My system uses [OpenID Connect](https://openid.net/connect/) (or other suitable authentication proto... | ||
| use-rbac | My system applies appropriate access control to every request, using a combination of requester’s cl... | ||
| use-labels | My system considers [security labels](security-labels.html) on the affected resources when making ac... | ||
| render-narratives | My system can [render narratives properly](narrative.html#css) and [securely](security.html#narrativ... | ||
| check=validation | My system [validates all input received](validation.html) (whether in resource format or other) from... | ||
| use-provenance | My system makes the right [Provenance](provenance.html) statements and [AuditEvent](auditevent.html)... | ||
| enable-cors | Server: CORS ([cross-origin resource sharing](http://enable-cors.org/)) is appropriately enabled (ma... | ||
| use-json | JSON is supported (many clients are Javascript apps running in a browser; XML is inconvenient at bes... | ||
| json-for-errors | JSON is returned correctly when errors happen (clients often don't handle HTML errors well)... | ||
| use-format-header | The _format header is supported correctly... | ||
| use-operation-outcome | Errors are trapped and an OperationOutcome returned... |