Health NZ | Te Whatu Ora FHIR Screening Implementation Guide
0.9.3 - draft
Health NZ | Te Whatu Ora FHIR Screening Implementation Guide - Local Development build (v0.9.3) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
Draft as of 2024-05-03 |
{
"resourceType" : "CapabilityStatement",
"id" : "FHIRScreeningCapabilityStatement",
"meta" : {
"profile" : [
🔗 "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/hnz-capability-statement"
]
},
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CapabilityStatement FHIRScreeningCapabilityStatement</b></p><a name=\"FHIRScreeningCapabilityStatement\"> </a><a name=\"hcFHIRScreeningCapabilityStatement\"> </a><a name=\"FHIRScreeningCapabilityStatement-en-NZ\"> </a><h2 id=\"title\">National Screening FHIR API Capability Statement</h2><ul><li>Implementation Guide Version: 0.9.3 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>json</code></li><li>Supported Patch Formats: </li><li>Published on: 2024-05-03 </li><li>Published by: Health New Zealand | Te Whatu Ora </li></ul><blockquote class=\"impl-note\"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id=\"rest\">FHIR RESTful Capabilities</h2><div class=\"panel panel-default\"><div class=\"panel-heading\"><h3 id=\"mode1\" class=\"panel-title\">Mode: <code>server</code></h3></div><div class=\"panel-body\"><div class=\"lead\"><em>Security</em></div><div class=\"row\"><div class=\"col-lg-6\">Enable CORS: yes</div><div class=\"col-lg-6\">Security services supported: <code>SMART-on-FHIR</code></div></div><div class=\"lead\"><em>Summary of System-wide Interactions</em></div><ul><li>Supports the <code>search-system</code>interaction described as follows:<div><h3>Read (GET) Operation Statuses</h3>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">200</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">The request was successful, and the response body contains the representation requested</td>\n</tr>\n<tr>\n<td align=\"center\">302</td>\n<td align=\"left\">FOUND</td>\n<td align=\"left\">A common redirect response; you can GET the representation at the URI in the Location response header</td>\n</tr>\n<tr>\n<td align=\"center\">304</td>\n<td align=\"left\">NOT MODIFIED</td>\n<td align=\"left\">Your client's cached version of the representation is still up to date</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to access the resource</td>\n</tr>\n<tr>\n<td align=\"center\">404</td>\n<td align=\"left\">NOT FOUND</td>\n<td align=\"left\">The requested representation was not found. Retrying this request is unlikely to be successful</td>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">An internal server error prevented return of the representation response</td>\n</tr>\n<tr>\n<td align=\"center\">503</td>\n<td align=\"left\">SERVICE UNAVAILABLE</td>\n<td align=\"left\">We are temporarily unable to return the representation. Please wait and try again later</td>\n</tr>\n</tbody>\n</table>\n<h3>Search (GET) Operation Statuses</h3>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>OperationOutcome</strong> in response?</th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">200</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">Yes, when there are additional messages about a match result</td>\n<td align=\"left\">The request was successful, and the response body contains the representation requested</td>\n</tr>\n<tr>\n<td align=\"center\">302</td>\n<td align=\"left\">FOUND</td>\n<td align=\"left\">No</td>\n<td align=\"left\">A common redirect response; you can GET the representation at the URI in the Location response header</td>\n</tr>\n<tr>\n<td align=\"center\">400</td>\n<td align=\"left\">BAD REQUEST</td>\n<td align=\"left\">Yes</td>\n<td align=\"left\">Incorrect search parameters or malformed request - see diagnostics in OperationOutcome</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to access the resource</td>\n<td align=\"left\"/>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">No</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">No</td>\n<td align=\"left\">An internal server error prevented return of the representation response</td>\n</tr>\n<tr>\n<td align=\"center\">503</td>\n<td align=\"left\">SERVICE UNAVAILABLE</td>\n<td align=\"left\">No</td>\n<td align=\"left\">The server is temporarily unable to return the representation. Please wait and try again later</td>\n</tr>\n</tbody>\n</table>\n<h3>Create (POST or PUT) Operation Statuses</h3>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">200</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">The request was successful, and the resource was updated. The response body contains the updated representation</td>\n</tr>\n<tr>\n<td align=\"center\">201</td>\n<td align=\"left\">CREATED</td>\n<td align=\"left\">The request was successful, a new resource was created, and the response body contains the representation</td>\n</tr>\n<tr>\n<td align=\"center\">204</td>\n<td align=\"left\">OK - NO CONTENT</td>\n<td align=\"left\">The request was successful, but no content is returned in the response. In reality this is seldom used for REST APIs and more typically for process APIs. Should include a <code>Location</code> header indicating the location of an associated relevant resource</td>\n</tr>\n<tr>\n<td align=\"center\">207</td>\n<td align=\"left\">MULTI STATUS</td>\n<td align=\"left\">The HTTP 207 Multi-Status response code indicates that there might be a mixture of responses.</td>\n</tr>\n<tr>\n<td align=\"center\">400</td>\n<td align=\"left\">BAD REQUEST</td>\n<td align=\"left\">The data given in the POST or PUT failed validation. Inspect the response body for details</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to create or update the resource</td>\n</tr>\n<tr>\n<td align=\"center\">404</td>\n<td align=\"left\">NOT FOUND</td>\n<td align=\"left\">The endpoint that the API Consumer is attempting to create or update does not exist. Retrying this request is unlikely to be successful</td>\n</tr>\n<tr>\n<td align=\"center\">405</td>\n<td align=\"left\">METHOD NOT ALLOWED</td>\n<td align=\"left\">You can't POST or PUT to the resource</td>\n</tr>\n<tr>\n<td align=\"center\">422</td>\n<td align=\"left\">UNPROCESSABLE CONTENT</td>\n<td align=\"left\">The server understands the requests content and syntax however it is unable to process the instruction. Retrying this request will not succeed - the request must be modified</td>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">We couldn't create or update the resource. Please try again later</td>\n</tr>\n</tbody>\n</table>\n<h3>Delete (DELETE) Operation Statuses</h3>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">204</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">The request was successful; the resource was deleted</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to delete the resource</td>\n</tr>\n<tr>\n<td align=\"center\">404</td>\n<td align=\"left\">NOT FOUND</td>\n<td align=\"left\"/>\n</tr>\n<tr>\n<td align=\"center\">405</td>\n<td align=\"left\">METHOD NOT ALLOWED</td>\n<td align=\"left\">You can't DELETE the resource</td>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">We couldn't delete the resource. Please try again later</td>\n</tr>\n</tbody>\n</table>\n<h3>Non existent API endpoints</h3>\n<p>When a consumer attempts to call a non-existent API end point, respond\nwith a <strong>501 Not Implemented</strong> status code.</p>\n</div></li></ul></div></div><h3 id=\"resourcesCap1\">Capabilities by Resource/Profile</h3><h4 id=\"resourcesSummary1\">Summary</h4><p>The summary table lists the resources that are part of this configuration, and for each resource it lists:</p><ul><li>The relevant profiles (if any)</li><li>The interactions supported by each resource (<b><span class=\"bg-info\">R</span></b>ead, <b><span class=\"bg-info\">S</span></b>earch, <b><span class=\"bg-info\">U</span></b>pdate, and <b><span class=\"bg-info\">C</span></b>reate, are always shown, while <b><span class=\"bg-info\">VR</span></b>ead, <b><span class=\"bg-info\">P</span></b>atch, <b><span class=\"bg-info\">D</span></b>elete, <b><span class=\"bg-info\">H</span></b>istory on <b><span class=\"bg-info\">I</span></b>nstance, or <b><span class=\"bg-info\">H</span></b>istory on <b><span class=\"bg-info\">T</span></b>ype are only present if at least one of the resources has support for them.</li><li><span>The required, recommended, and some optional search parameters (if any). </span></li><li>The linked resources enabled for <code>_include</code></li><li>The other resources enabled for <code>_revinclude</code></li><li>The operations on the resource (if any)</li></ul><div class=\"table-responsive\"><table class=\"table table-condensed table-hover\"><thead><tr><th><b>Resource Type</b></th><th><b>Profile</b></th><th class=\"text-center\"><b title=\"GET a resource (read interaction)\">R</b></th><th class=\"text-center\"><b title=\"GET all set of resources of the type (search interaction)\">S</b></th><th class=\"text-center\"><b title=\"PUT a new resource version (update interaction)\">U</b></th><th class=\"text-center\"><b title=\"POST a new resource (create interaction)\">C</b></th><th><b title=\"Required and recommended search parameters\">Searches</b></th><th><code><b>_include</b></code></th><th><code><b>_revinclude</b></code></th><th><b>Operations</b></th></tr></thead><tbody><tr><td><a href=\"#DocumentReference1-1\">DocumentReference</a></td><td><a href=\"StructureDefinition-nz-screening-summary.html\">https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary</a></td><td></td><td class=\"text-center\">y</td><td class=\"text-center\"></td><td class=\"text-center\"></td><td>subject, category, contenttype</td><td><code>DocumentReference:subject</code></td><td><code/></td><td/></tr></tbody></table></div><hr/><div class=\"panel panel-default\"><div class=\"panel-heading\"><h4 id=\"DocumentReference1-1\" class=\"panel-title\"><span style=\"float: right;\">Resource Conformance: supported </span>DocumentReference</h4></div><div class=\"panel-body\"><div class=\"container\"><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Base System Profile</span><br/><a href=\"StructureDefinition-nz-screening-summary.html\">https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary</a></div><div class=\"col-lg-3\"><span class=\"lead\">Profile Conformance</span><br/><b>SHALL</b></div><div class=\"col-lg-3\"><span class=\"lead\">Reference Policy</span><br/></div></div><p/><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Interaction summary</span><br/><ul><li>Supports <code>search-type</code>.</li></ul></div></div><p/><div class=\"row\"><div class=\"col-12\"><span class=\"lead\">Documentation</span><blockquote><div><p>Provides a document rendition of screening summary information</p>\n</div></blockquote></div></div><div class=\"row\"><div class=\"col-lg-7\"><span class=\"lead\">Search Parameters</span><table class=\"table table-condensed table-hover\"><thead><tr><th>Conformance</th><th>Parameter</th><th>Type</th><th>Documentation</th></tr></thead><tbody><tr><td><b>SHALL</b></td><td>subject</td><td><code>reference</code></td><td><div><p>NHI of the person who is the subject of the screening summary document.</p>\n<ul>\n<li>If no screening information exists in the Register for a given subject NHI, the API returns <code>200 OK</code> and an empty FHIR Bundle.</li>\n</ul>\n</div></td></tr><tr><td><b>SHALL</b></td><td>category</td><td><code>token</code></td><td><div><p>Filters screening summaries by selecting the type of screening programme</p>\n</div></td></tr><tr><td><b>SHALL</b></td><td>contenttype</td><td><code>token</code></td><td><div><p>Optional parameter that allows a PDF rendition (#application/pdf) of the screening summary content to be requested instead of the default HTML.</p>\n</div></td></tr></tbody></table></div><div class=\"col-lg-5\">\u00a0</div></div></div></div></div></div>"
},
"extension" : [
{
"extension" : [
{
"url" : "licenseURL",
"valueUri" : "https://www.tewhatuora.govt.nz/assets/Our-health-system/Digital-health/Digital-Service-Hub/API-Access-and-Use-Agreement.docx"
},
{
"url" : "externalDocs",
"valueUri" : "https://fhir-ig.digital.health.nz/screening"
},
{
"url" : "licenseName",
"valueString" : "Health New Zealand Digital Services Hub API Access and Use Agreement"
},
{
"extension" : [
{
"extension" : [
{
"url" : "key",
"valueString" : "Correlation-Id"
},
{
"url" : "value",
"valueUri" : "https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Correlation-Id.json"
},
{
"url" : "required",
"valueBoolean" : false
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension"
},
{
"extension" : [
{
"url" : "key",
"valueString" : "x-api-key"
},
{
"url" : "value",
"valueUri" : "https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Api-Key.json"
},
{
"url" : "required",
"valueBoolean" : true
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension"
},
{
"extension" : [
{
"url" : "key",
"valueString" : "Request-Context"
},
{
"url" : "value",
"valueUri" : "https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Request-Context.json"
},
{
"url" : "required",
"valueBoolean" : true
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension"
}
],
"url" : "globalHeaders"
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/resource-metadata-extension"
}
],
"url" : "https://fhir-ig.digital.health.nz/screening/CapabilityStatement/FHIRScreeningCapabilityStatement",
"version" : "0.9.3",
"name" : "FHIRScreeningCapabilityStatement",
"title" : "National Screening FHIR API Capability Statement",
"status" : "draft",
"date" : "2024-05-03",
"publisher" : "Health New Zealand | Te Whatu Ora",
"contact" : [
{
"name" : "Health New Zealand | Te Whatu Ora",
"telecom" : [
{
"system" : "url",
"value" : "https://www.tewhatuora.govt.nz/"
},
{
"system" : "email",
"value" : "integration@tewhatuora.govt.nz"
}
]
},
{
"name" : "HNZ Integration Team",
"telecom" : [
{
"system" : "email",
"value" : "integration@tewhatuora.govt.nz",
"use" : "work"
}
]
}
],
"description" : "National Screening FHIR API",
"jurisdiction" : [
{
"coding" : [
{
"system" : "urn:iso:std:iso:3166",
"code" : "NZ",
"display" : "New Zealand"
}
]
}
],
"kind" : "instance",
"implementation" : {
"description" : "National Screening FHIR API",
"url" : "https://fhir.api.digital.health.nz/R4"
},
"fhirVersion" : "4.0.1",
"format" : [
"json"
],
"rest" : [
{
"mode" : "server",
"security" : {
"extension" : [
{
"extension" : [
{
"url" : "token",
"valueUri" : "https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/token"
}
],
"url" : "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris"
},
{
"url" : "http://fhir-registry.smarthealthit.org/StructureDefinition/capabilities",
"valueCode" : "client-confidential-symmetric"
}
],
"cors" : true,
"service" : [
{
"coding" : [
{
"code" : "SMART-on-FHIR"
}
]
}
]
},
"resource" : [
{
"type" : "DocumentReference",
"profile" : "https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary",
"documentation" : "Provides a document rendition of screening summary information",
"interaction" : [
{
"code" : "search-type"
}
],
"versioning" : "versioned",
"readHistory" : false,
"updateCreate" : false,
"conditionalCreate" : false,
"conditionalRead" : "not-supported",
"conditionalUpdate" : false,
"conditionalDelete" : "not-supported",
"searchInclude" : [
"DocumentReference:subject"
],
"searchParam" : [
{
"name" : "subject",
"definition" : "https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-subject",
"type" : "reference",
"documentation" : "NHI of the person who is the subject of the screening summary document.\n- If no screening information exists in the Register for a given subject NHI, the API returns `200 OK` and an empty FHIR Bundle."
},
{
"name" : "category",
"definition" : "https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-category",
"type" : "token",
"documentation" : "Filters screening summaries by selecting the type of screening programme"
},
{
"name" : "contenttype",
"definition" : "https://hl7.org/fhir/searchparameter-registry.html#DocumentReference-contenttype",
"type" : "token",
"documentation" : "Optional parameter that allows a PDF rendition (#application/pdf) of the screening summary content to be requested instead of the default HTML."
}
]
}
],
"interaction" : [
{
"code" : "search-system",
"documentation" : "### Read (GET) Operation Statuses\n\n|**Code**|**Meaning**|**Description**|\n|:--:|:-----------------|:--|\n|200|OK |The request was successful, and the response body contains the representation requested|\n|302|FOUND |A common redirect response; you can GET the representation at the URI in the Location response header|\n|304|NOT MODIFIED |Your client's cached version of the representation is still up to date|\n|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|\n|404|NOT FOUND |The requested representation was not found. Retrying this request is unlikely to be successful|\n|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|\n|500|SERVER ERROR |An internal server error prevented return of the representation response|\n|503|SERVICE UNAVAILABLE|We are temporarily unable to return the representation. Please wait and try again later|\n\n### Search (GET) Operation Statuses\n\n|**Code**|**Meaning** |**OperationOutcome** in response?|**Description**|\n|:--:|:-----------------|:----------------------------------|:----------------------------------|\n|200|OK |Yes, when there are additional messages about a match result|The request was successful, and the response body contains the representation requested|\n|302|FOUND |No |A common redirect response; you can GET the representation at the URI in the Location response header|\n|400|BAD REQUEST |Yes|Incorrect search parameters or malformed request - see diagnostics in OperationOutcome|\n|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|\n|429|TOO MANY REQUESTS |No |Your application is sending too many simultaneous requests|\n|500|SERVER ERROR |No |An internal server error prevented return of the representation response|\n|503|SERVICE UNAVAILABLE|No |The server is temporarily unable to return the representation. Please wait and try again later|\n\n### Create (POST or PUT) Operation Statuses\n\n|**Code**|**Meaning**|**Description**|\n|:--:|:-----------------|:--|\n|200|OK |The request was successful, and the resource was updated. The response body contains the updated representation|\n|201|CREATED |The request was successful, a new resource was created, and the response body contains the representation|\n|204|OK - NO CONTENT |The request was successful, but no content is returned in the response. In reality this is seldom used for REST APIs and more typically for process APIs. Should include a `Location` header indicating the location of an associated relevant resource|\n|207|MULTI STATUS |The HTTP 207 Multi-Status response code indicates that there might be a mixture of responses.|\n|400|BAD REQUEST |The data given in the POST or PUT failed validation. Inspect the response body for details|\n|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to create or update the resource|\n|404|NOT FOUND |The endpoint that the API Consumer is attempting to create or update does not exist. Retrying this request is unlikely to be successful|\n|405|METHOD NOT ALLOWED |You can't POST or PUT to the resource|\n|422|UNPROCESSABLE CONTENT|The server understands the requests content and syntax however it is unable to process the instruction. Retrying this request will not succeed - the request must be modified|\n|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|\n|500|SERVER ERROR |We couldn't create or update the resource. Please try again later|\n\n### Delete (DELETE) Operation Statuses\n\n|**Code**|**Meaning**|**Description**|\n|:--:|:-----------------|:--|\n|204|OK |The request was successful; the resource was deleted|\n|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to delete the resource|\n|404|NOT FOUND | |\n|405|METHOD NOT ALLOWED |You can't DELETE the resource|\n|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|\n|500|SERVER ERROR |We couldn't delete the resource. Please try again later|\n\n\n### Non existent API endpoints\n\nWhen a consumer attempts to call a non-existent API end point, respond\nwith a **501 Not Implemented** status code."
}
]
}
]
}