Implementation Guidance Index > Data Consumer Responsibility

Data Consumer Responsibility

Privacy and Security

The information which adopters receive when querying DHDR is considered Personal Information and Personal Health Information. As a result, access to the personal health information must be restricted to only appropriately authorized users and used on a need-to-know basis as specified in data-sharing agreements and corresponding legislation.

User Credentials

In order to meet the privacy obligations, the audit records maintained at the service level need to know the details of the consumer application and the user making the request. The sending application is expected to create a JSON Web Token with the relevant information and embed within the FHIR® request as http header.

Message Validation

The consumer shall implement request messages that are well-formed and conform to this specification.