Secondary Use FHIR Server Implementation Guide
0.1.0 - ci-build

Publish Box goes here

Prototype Limits

Prototype Limits

Not A Production Server

The current implementation does not include:

  • authentication
  • authorization
  • consent enforcement
  • audit store
  • tenant isolation
  • rate limiting
  • production Bulk job scheduling
  • retry or queue management
  • formal data access policy

It is meant for local experiments around FHIR-shaped secondary-use flows.

Not A Complete FHIR Repository

The mock server supports a focused subset:

  • resource read
  • resource search over a small parameter set
  • _summary=count
  • minimal Bulk-shaped export
  • metadata

It does not implement full FHIR REST behavior, conditional interactions, history, transactions, includes, chained search, full token syntax, paging, or full date precision semantics.

Profile Validation Not Wired

The runtime uses HAPI FHIR R4 and can serialize typed R4 resources, but profile validation is not part of the server flow yet.

Some generated resources use BgZ/zib-like profile labels because the fixture is shaped around recognizable Dutch clinical concepts. Those labels should not be read as a claim that every generated resource validates against the named profile.

Bulk Data Subset

The export flow follows the practical Bulk Data polling and NDJSON shape, but it is not a complete Bulk Data implementation.

Current differences include:

  • jobs complete synchronously
  • access tokens are not required
  • no _since
  • no long-running job state machine
  • adapter-specific cohort parameters
  • adapter-specific _summary=count count preview
  • best-effort completion notification rather than durable delivery retries

Privacy Scope

The privacy modes are deterministic transforms for local evaluation.

They are not:

  • anonymization certification
  • legal advice
  • a replacement for consent and authorization
  • a guarantee against re-identification
  • a full statistical disclosure-control method

The minimized mode is useful for demonstrating a smaller analytical export shape, but it should still be reviewed as synthetic prototype behavior.

Dataset Scope

The datasets are generated and fake.

They are designed to exercise:

  • cohort selection
  • patient references
  • IBD diagnosis and medication patterns
  • hospital and GP overlap
  • data-quality edge cases
  • privacy transforms

They are not epidemiological data and must not be used for clinical or policy conclusions.