Sensitive Data


Sensitive records relate directly to tests and results that are considered as highly confidential in nature. In NHS Wales systems, sensitive records (e.g. test results, clinical documents) are flagged, requiring the user to 'break glass' in order to view that record.

This page describes how the Data Standards Wales profiles can support flagging FHIR resources as having sensitive data via the information in the resource metadata tag.

This implementation guide references the following profiles for Diagnostic Data.

Security Labels

A security label is a concept attached to a resource or bundle that provides specific security metadata about the information it is fixed. The intent of a security label is that the recipient of resources or bundles with security-tags is obligated to enforce the handling caveats of the tags and carry the security labels forward as appropriate.

Implementation Guidance

This page sets out guidance for the use of security labels with DataStandardsWales profiles. It describes how the security labels connect to the relevant resources and what limitations are in place with WRRS data:

Security Labels used

DataStandardsWales resources as described above will return one of the following codes from v3-Confidentiality Codesystem. This is mapped from underlying NHS Wales system data:

  • N - Normal
  • R - Restricted

Unrecognised security label

In the case a Security label is not returned with the resource the confidentiality should be regarded as Normal

Obligations around security labels

There is an obligation on the consuming system for Diagnostic data received from DataStandardsWales resources to appropriately handle results based on the Security Label attached to that resource.

Meta Content

  <id value="1000012" />
    <versionId value="1" />
    <profile value="" />
      <system value="" />
      <code value="N" />
      <display value="Normal" />
...  [snip] ...
  <id value="1000012" />
    <versionId value="1" />
    <profile value="" />
      <system value="" />
      <code value="R" />
      <display value="Restricted" />
...  [snip] ...
To be completed


It SHOULD be possible to limit search results based on their confidentiality by using the querystring _tag={CodeSystem|Code}. Some examples include:


A client interested in all sensitive Diagnostic reports by Patient and Code can use the following query:

GET [base]/DiagnosticReport?patient=[id]&code=[code]&_tag=|R

A client interested in all sensitive Observations by Patient and Code can use the following query:

GET [base]/Observation?patient=[id]&code=[code]&_tag=|R

A client interested in all sensitive ServiceRequests by Patient and Code can use the following query:

GET [base]/ServiceRequest?patient=[id]&code=[code]&_tag=|R

Non-Sensitive/Not Restricted

A client requesting non-sensitive Diagnostic data can either, not include the Tag as per the example below:

GET [base]/[resource]?patient=[id]&code=[code]

or may decide to include the _tag with a confidentiality of N

GET [base]/[resource]?patient=[id]&code=[code]&_tag=|N