工作组:FHIR Infrastructure 成熟度: Normative标准状态: Normative

FHIR规范提供了一套资源 和几个不同的框架,用于在不同系统之间交换资源。 为了适用更广泛场景,本规范中制定的规则相当宽松。 因此,不同的应用程序由于采用此规范中不同的可选项将导致程序间无法互操作,这是FHIR规范所允许的。 符合本规范的应用程序需要声明所采用的特定交换框架,并详细说明使用的框架和资源内容。

应用程序需声明符合以下交换框架中的一个(或多个):

为了提供相关框架和资源内容具体用法的详细信息, FHIR提供了一个符合性配置层, 实施者可用来提供计算机可理解的符合性声明,以说明资源和其交换框架如何解决在具体场景下的问题。 符合性配置层是使用以下关键资源来实现的:

Value Set 值集 定义一组编码值(有关详细信息,请参阅使用编码")
StructureDefinition 结构定义 制定有关如何在特定上下文中使用资源(或类型)及其数据元素的规则,包括定义如何使用扩展。 结构定义资源中的编码元素引用值集。
CapabilityStatement 能力声明 对支持的资源和相关(增删改查等)操作的功能性声明。能力声明资源引用配置文件来描述程资源的特定使用场景。
Implementation Guide 实施指南 实施指南包含了能力声明、配置文件、扩展、值集、互操作应用程序文档。

该规范还提供了许多工具 ,以通过技术手段帮助实施者强制符合本规范的基本要求。

FHIR是一个封闭的规范。规范定义了对贯标者的要求,包括需提供的API服务或交换框架、标准资源等。 贯标系统可提供高于FHIR标准的功能(例如,用自定义名称添加更多的端点或服务),但对那些FHIR规范没有明确允许的新增功能,不能在符合性声明中当成或描述为“FHIR符合性要求”。

符合本规范并不能保证患者或数据安全。但如果不符合此规范会有以下两种额外风险:

  • FHIR已在一定程度上进行了评审查,不会采纳任何不满足符合性要求的变更,而变更可能有未知风险。
  • 类似FHIR的解决方案(基于FHIR,但不符合)由于不满足符合性规范,可能会向客户承诺兑现一些空头期望,没能达到这些期望也可能导致风险。

系统只能在能力声明资源 CapabilityStatement中描述FHIR的功能符合性。

本规范使用RFC 2119中定义的动词 SHALL、SHOULD、和MAY 来统一描述的涵义。但与RFC 2119不同,此规范允许不同的应用程序因使用不同的可选功能而无法交互。特别是:

  1. SHALL(必须):对所有实施者的绝对要求
  2. SHALL NOT(不能): 要求对所有实施者绝对禁止
  3. SHOULD/SHOULD NOT(应该/不应该):实施者在其特定实施的背景下考虑的最佳做法或建议。可能由于某种原理忽略某个建议,但在换方式之前必须理解其全部含义并仔细权衡。
  4. MAY(可以): 真正的可选项; 可以使用或忽略,因为实施者的决定不会造成任何后果。

资源的内容和格式必须符合本规范中描述的规则。比如规范所述的要求,又如下面将介绍的能控制符合性的属性。 资源和数据类型中定义的 数据元素有3个与符合性直接相关的属性:Cardinality(基数)、Is-Modifier、MustSupport(必须支持)。 它们相互作用以满足符合性的要求。

All attributes defined in FHIR have cardinality as part of their definition - a minimum number of required appearances and a maximum number. These numbers specify the number of times the attribute may appear in any instance of the resource type. This specification only defines the following cardinalities: 0..1, 0..*, 1..1, and 1..*. Profiles that describe specific use cases may use other values for cardinality within the limits of the cardinality defined by the base resource.

Note that when present, elements cannot be empty - they SHALL have a value attribute, child elements, or extensions. This means that setting an element to a minimum cardinality of 1 does not ensure that valid data will be present; specific FHIRPath constraints are required to ensure that the required data will be present.

In this specification, very few elements have a minimum cardinality of 1. Resources are used in many contexts, often quite removed from their primary use case, and sometimes even basic information is quite incomplete. For this reason, the only elements that have a minimum cardinality of 1 are those where they are necessary to any understanding of the resource or element that contains them. The minimum cardinalities should not be taken as a guide to what elements are expected to be present in any particular use of the resource, including their normal/primary usage purpose. In some cases, this specification publishes additional profiles that define which elements are required in particular situations. Similar profiles are published by jurisdictions, vendors, profiling organizations, or projects.

For elements that have cardinality > 1, the order in which they appear may have meaning. Unless the element definition (either in this specification or the extension) defines a meaning to the order explicitly (using ElementDefinition.orderMeaning), the meaning of the order is not defined, and implementations are allowed to reorder the elements. Note that it is not possible to define a meaning for the order of the elements in a profile using a StructureDefinition. When there is no definition of the meaning of the order, implementations that need to choose a single element from a list of elements for some use SHALL do so based on the semantics of the content of the element that repeats. Profiles and Implementation guides may often make rules about this selection process.

Clients should not depend on servers maintaining ordering of elements, unless the retrieved resource conforms to a profile which mandates maintenance of ordering. If a server cannot maintain ordering, it must strip off known profile tags which require maintenance of ordering, and strip off unknown profiles (since they might require maintenance of ordering).

Is-Modifier is a boolean property that is assigned when an element is defined, either as part of the base resource contents in this specification, or when extensions are defined.

An element is a modifier if and only if it cannot be safely ignored because its value, or its meaning if missing, may cause the interpretation of the containing element or one of its descendants to no longer conform to the stated definition for the element. Typical examples of elements that are labeled "Is-Modifier" are elements such as "status", "active", "refuted", or "certainty" that invert or negate the meaning of the resource (or element) that contains them.

Modifier is not an indication of the degree of importance for a particular piece of information or whether the element ought to be ignored when the resource is used for common use-cases. It is expected that if you ignore an element you may miss an important piece of computable meaning.

For example, consider Observation:

  • Observation.status allows the entered-in-error code, which indicates that no actual Observation occurred at all. The definition of Observation indicates that it is a measurement that has been made - and doesn't allow for the possibility of a measurement that wasn't made. As a result, if the status element were ignored and an Observation were interpreted at face value based on its definition, a system or user would infer that an Observation had occurred, which would be false
  • If an application ignores the Observation.subject element, it wouldn't know who or what was observed, which would make the remaining information largely useless for most usage. However, any system that ignores the subject would not have a false understanding of the Observation as it's defined. The system would understand what type of observation was made, when and what was found, just not who it was about
  • Even something as critical as Observation.code is not a modifier element. While the Observation would have little utility without the code, the understanding when ignoring the element that “some” Observation had been made on the specified subject at the specified date and time would still be true when the element was reintroduced. The only exception would be if a value expressed in the Observation.code element could somehow convey that the Observation had not occurred or otherwise cause the instance to diverge from the defined meaning of Observation when ignoring the element

The definition of is-modifier has a corollary: any element that meets the requirement that it could cause the interpretation of the containing element or its descendants to diverge from their definition SHALL explicitly declare how such divergence could occur and must be marked as a modifier element. Any element not marked is-modifier and without that explanation SHALL NOT be used by an implementer in such a manner as to make the element behave as a modifier. For example, using a special "name" on a patient to indicate that the subject isn’t a real patient, but is instead an artificial structure used for non-patient tests would be non-conformant with FHIR because Patient.name is not a modifier element

Whether an element is a modifier cannot be changed when element usage is described in a constraining Structure Definition. When an element is labeled as Is-Modifier, the documentation must be clear about why it is a modifier.

A typical example of a modifier element is one that negates the element that contains it. For instance, in the following fragment of a resource definition:

NameFlagsCard.TypeDescription & Constraintsdoco
.. AllergyIntoleranceDomainResourceAllergy or Intolerance (generally: Risk of Adverse reaction to a substance)
... onsetΣ0..1dateTimeDate(/time) when manifestations showed
... patientΣ1..1Reference(Patient)Who the sensitivity is for
... verificationStatus?! Σ0..1CodeableConceptunconfirmed | confirmed | refuted | entered-in-error
AllergyIntoleranceVerificationStatus (Required)
... criticalityΣ0..1codeCRITL | CRITH | CRITU
AllergyIntoleranceCriticality (Required)

The definition of an AllergyIntolerance is that it contains information about "Risk of harmful or undesirable, physiological response which is unique to an individual and associated with exposure to a substance". If the value of the 'verificationStatus' element is set to entered-in-error, the entire resource does not actually contain valid information about any risk of exposure, and it is not safe for applications to ignore this element. As a consequence, it is labeled as 'is modifier = true'. In this tabular representation of the resource, this shows as the flag '?!'. The JSON and XML representations of a resource definition have their own representation of 'is modifier = true' status, and it is defined directly in a ElementDefinition.

If a narrative summary is present, and the status is generated, Is-Modifier elements SHALL be represented in the narrative summary of the resource. If Narrative is present with some other status Is-modifier elements SHOULD be represented.

If the value of a modifier element is not explicit in the instance, or known by the context, the resource might not be able to be safely understood. Wherever possible, elements labeled "Is-Modifier = true" also have a minimum cardinality of 1, in order to introduce certainty in their handling. However, sometimes this is not possible - much legacy data is not well described. Implementations producing resources SHOULD ensure that appropriate values for isModifier elements are provided at all times.

Implementations processing the data in resources SHALL understand the impact of the element when using the data. Implementations are not required to "support" the element in any meaningful way - they may achieve this understanding by rejecting instances that contain values outside those they support (for instance, an application may refuse to accept observations with a reliability other than "ok"). Alternatively, implementations may be able to be sure that, due to their implementation environment, such values will never occur. However applications SHOULD always check the value irrespective of this.

Note that processing the data of a resource typically means copying or filtering data out of a resource for use in another context (display to a human, decision support, exchange in another format where not all information is included or storing it for this kind of use). Servers and background processes that simply move whole resources around unchanged are not "processing the data of the resource", and therefore these applications are not required to check Is-Modifier elements.

Every element in the base resource has a value of "true" or "false" for the Is-Modifier flag. The value of the flag cannot be changed by profiles on the resource, in either direction. When a StructureDefinition defines an extension, it labels the extension with the Is-Modifier flag, and this cannot be changed in other profiles. Note that extensions that have is-Modifier = true are represented differently in resource instances ("modifierExtension" instead of "extension"), and there are additional rules about how they are handled.

Most status elements are marked as modifiers because of the presence of the entered-in-error status. Other modifiers are defined:

Labeling an element MustSupport means that implementations that produce or consume resources SHALL provide "support" for the element in some meaningful way. Because the base FHIR specification is intended to be independent of any particular implementation context, no elements are flagged as mustSupport=true as part of the base specification. This flag is intended for use in profiles that have a defined implementation context.

For this reason, the specification itself never labels any elements as MustSupport. This is done in StructureDefinitions, where the profile labels an element as mustSupport=true. When a profile does this, it SHALL also make clear exactly what kind of "support" is required, as this could involve expectations around what a system must store, display, allow data capture of, include in decision logic, pass on to other data consumers, etc.

Note that an element that has the property IsModifier is not necessarily a "key" element (e.g. one of the important elements to make use of the resource), nor is it automatically mustSupport - however both of these things are more likely to be true for IsModifier elements than for other elements.

All elements may have constraints attached to them (also known as 'invariants'). Constraints defined on an element have the following properties:

KeyIdentifies the constraint uniquely amongst all the constraints in the context - typically, this is used to refer to the constraint in an error message
RequirementsAn explanation of why the constraint has been applied - what harmful conditions are being avoided
SeverityThe severity of the invariant - see below
Human DescriptionA human description of the rule intended to be shown as the explanation for a message when the constraint is not met
ExpressionA FHIRPath expression that must evaluate to true when run on the element
XPathAn XPath expression that must evaluate to true when run on the element in the XML representation

Many constraints are defined in the base specification. In addition, additional constraints may be defined in profiles that apply to resources. Systems are not required to evaluate the constraints, just as they are not required to check for conformance, or schema validity. However, systems SHOULD always ensure that all resources are valid against all applicable constraints.

Constraints have a severity level:

Error (rule) A rule that all resources must conform to. Validators should report it as an error if the rule is violated, and applications processing the content can reject it as an invalid resource
Warning Report this as a warning that there may be a problem with the resource, but it is considered valid and can be processed normally
Guideline A warning marked with an extension (http://hl7.org/fhir/StructureDefinition/elementdefinition-bestpractice) that indicates that it should be a treated as an error if the implementation context asks a validator to enforce best practice rules. See Best Practices for a full list

Elements can also be explicitly associated with constraints defined elsewhere. This is a notification to implementers that the element is affected by the constraint. It has no meaning when the constraints are evaluated.

Profiles may define additional constraints that apply to an element, but they cannot alter or remove constraints that are already applied.

In addition to the conformance metadata, each element has other metadata properties defined in the ElementDefinition:

This specification includes many examples. While every effort has been made to ensure that the examples are fully conformant to the specification, if the examples disagree with the specification, the specification is considered correct and normative, not the examples. This same rule applies to the reference implementations.

The examples reflected in this specification do *not* represent actual people. Any resemblance to real people - alive or dead - is entirely coincidental. In some cases, examples may be drawn from real clinical data. However, if this has occurred, the content has been scrubbed to remove any identifying information.