NZ Shared Digital Health Record API
0.3.0 - draft
NZ Shared Digital Health Record API
0.3.0 - draft
NZ Shared Digital Health Record API - Local Development build (v0.3.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
| Draft as of 2024-04-15 |
<CapabilityStatement xmlns="http://hl7.org/fhir">
<id value="SDHRCapabliityStatement"/>
<meta>
<profile
value="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/hnz-capability-statement"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: CapabilityStatement SDHRCapabliityStatement</b></p><a name="SDHRCapabliityStatement"> </a><a name="hcSDHRCapabliityStatement"> </a><a name="SDHRCapabliityStatement-en-US"> </a><div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%"><p style="margin-bottom: 0px"/><p style="margin-bottom: 0px">Profile: <a href="file:///home/runner/work/fhir-ig-builder/fhir-ig-builder/hnz-digital-tooling/output/StructureDefinition-hnz-capability-statement.html">Capability Statement profile for use with the Health New Zealand Te Whatu Ora OpenAPI spec converter</a></p></div><h2 id="title">NZ Shared Digital Health Record API</h2><ul><li>Implementation Guide Version: 0.3.0 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>application/fhir+json</code></li><li>Supported Patch Formats: </li><li>Published on: 2024-04-15 01:15:23+0000 </li><li>Published by: Health New Zealand </li></ul><blockquote class="impl-note"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id="rest">FHIR RESTful Capabilities</h2><div class="panel panel-default"><div class="panel-heading"><h3 id="mode1" class="panel-title">Mode: <code>server</code></h3></div><div class="panel-body"><div class="lead"><em>Security</em></div><div class="row"><div class="col-lg-6">Enable CORS: yes</div><div class="col-lg-6">Security services supported: <code>SMART-on-FHIR</code></div></div><blockquote><div><p>OAuth 2.0 - Client Credential flow.)</p>
</div></blockquote><div class="lead"><em>Summary of System-wide Interactions</em></div><ul><li>Supports the <code>search-system</code>interaction described as follows:<div><h3>Request-Context custom header</h3>
<p>All screening FHIR API requests must include the HNZ request context <em>custom header</em> supplying identifiers for the health user
and organisation behind the API request.</p>
<p>This context is supplied using the 'Request-Context' custom header in the form of a base64-encoded JSON object.</p>
<table class="grid">
<thead>
<tr>
<th align="left"><strong>Context property</strong></th>
<th align="left"><strong>Value</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="left"><code>userIdentifier</code></td>
<td align="left">The userid of the user as authenticated by the PMS/health application (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>secondaryIdentifier</code></td>
<td align="left">The secondary identifier for the user - this <strong>MUST</strong> be the end users Common Person Number (aka HPI Practitioner identifier) of the practitioner using the application (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>purposeOfUse</code></td>
<td align="left">Set to <code>"NZSCREEN"</code> (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>userFullName</code></td>
<td align="left">Full name of the user of the PMS/health application.` (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>userRole</code></td>
<td align="left">Role of the user of the PMS/health application. Set to `"PROV" (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>orgIdentifier</code></td>
<td align="left">The HPI Organisation Number (aka HPI Organisation identifier) for the organisation in which the API consumer application is deployed (REQUIRED)</td>
</tr>
<tr>
<td align="left"><code>facilityIdentifier</code></td>
<td align="left">HPI identifier for the facility where the user is located (REQUIRED)</td>
</tr>
</tbody>
</table>
<p>A schema definition and examples for <code>Request-Context</code> can be <a href="https://github.com/tewhatuora/schemas/blob/main/json-schema/Request-Context.json">found here</a></p>
<h4>Example Request-Context Header Payload</h4>
<p><strong>Base64 Encoded</strong></p>
<pre><code>eyJ1c2VySWRlbnRpZmllciI6InBhdCIsInVzZXJSb2xlIjoiUFJPViIsInNlY29uZGFyeUlkZW50aWZpZXIiOnsidXNlIjoib2ZmaWNpYWwiLCJzeXN0ZW0iOiJodHRwczovL3N0YW5kYXJkcy5kaWdpdGFsLmhlYWx0aC5uei9ucy9ocGktcGVyc29uLWlkIiwidmFsdWUiOiI5OVpaWlMifSwicHVycG9zZU9mVXNlIjpbIlBST1YiXSwidXNlckZ1bGxOYW1lIjoiQmV2ZXJseSBDcnVzaGVyIiwib3JnSWRlbnRpZmllciI6IkcwMDAwMS1HIiwiZmFjaWxpdHlJZGVudGlmaWVyIjoiRlpaOTk5LUIifQ
</code></pre>
<p><strong>Decoded JSON</strong></p>
<pre><code class="language-json">{
"userIdentifier": "pat",
"userRole": "PROV",
"secondaryIdentifier": {
"use": "official",
"system": "https://standards.digital.health.nz/ns/hpi-person-id",
"value": "99ZZZS"
},
"purposeOfUse": [
"NZSCREEN"
],
"userFullName": "Beverly Crusher",
"orgIdentifier": "G00001-G",
"facilityIdentifier": "FZZ999-B"
}
</code></pre>
<h3>Error status codes</h3>
<h4>Read (GET) Operation Statuses</h4>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">200</td>
<td align="left">OK</td>
<td align="left">The request was successful, and the response body contains the representation requested</td>
</tr>
<tr>
<td align="center">302</td>
<td align="left">FOUND</td>
<td align="left">A common redirect response; you can GET the representation at the URI in the Location response header</td>
</tr>
<tr>
<td align="center">304</td>
<td align="left">NOT MODIFIED</td>
<td align="left">Your client's cached version of the representation is still up to date</td>
</tr>
<tr>
<td align="center">400</td>
<td align="left">BAD REQUEST</td>
<td align="left">Missing or bad <code>Recurity-Context</code> custom header; FHIR request payload does not validate against Implementation Guide</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">The supplied credentials, if any, are not sufficient to access the resource</td>
</tr>
<tr>
<td align="center">403</td>
<td align="left">FORBIDDEN</td>
<td align="left">Insufficient privilege to access the requested FHIR resource/operation</td>
</tr>
<tr>
<td align="center">404</td>
<td align="left">NOT FOUND</td>
<td align="left">The requested representation was not found. Retrying this request is unlikely to be successful</td>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">An internal server error prevented return of the representation response</td>
</tr>
<tr>
<td align="center">503</td>
<td align="left">SERVICE UNAVAILABLE</td>
<td align="left">We are temporarily unable to return the representation. Please wait and try again later</td>
</tr>
</tbody>
</table>
<h4>Search (GET) Operation Statuses</h4>
<table class="grid">
<thead>
<tr>
<th align="center"><strong>Code</strong></th>
<th align="left"><strong>Meaning</strong></th>
<th align="left"><strong>OperationOutcome</strong> in response?</th>
<th align="left"><strong>Description</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">200</td>
<td align="left">OK</td>
<td align="left">Yes, When there are additional messages about a match result</td>
<td align="left">The request was successful, and the response body contains the representation requested</td>
</tr>
<tr>
<td align="center">302</td>
<td align="left">FOUND</td>
<td align="left">No</td>
<td align="left">A common redirect response; you can GET the representation at the URI in the Location response header</td>
</tr>
<tr>
<td align="center">400</td>
<td align="left">BAD REQUEST</td>
<td align="left">Yes</td>
<td align="left">Missing or bad <code>Recurity-Context</code> custom header;<br>FHIR request payload does not validate against Implementation Guide</td>
</tr>
<tr>
<td align="center">401</td>
<td align="left">UNAUTHORIZED</td>
<td align="left">Yes</td>
<td align="left">The supplied credentials, if any, are not sufficient to access the resource</td>
</tr>
<tr>
<td align="center">403</td>
<td align="left">FORBIDDEN</td>
<td align="left">Yes</td>
<td align="left">Insufficient privilege to access the requested FHIR resource/operation. See <a href="./OperationOutcome-APIError-Unauthorised.html">OperationOutcome-APIError-Unauthorised</a></td>
</tr>
<tr>
<td align="center">429</td>
<td align="left">TOO MANY REQUESTS</td>
<td align="left">No</td>
<td align="left">Your application is sending too many simultaneous requests</td>
</tr>
<tr>
<td align="center">500</td>
<td align="left">SERVER ERROR</td>
<td align="left">No</td>
<td align="left">An internal server error prevented return of the representation response</td>
</tr>
<tr>
<td align="center">503</td>
<td align="left">SERVICE UNAVAILABLE</td>
<td align="left">No</td>
<td align="left">The server is temporarily unable to return the representation. Please wait and try again later</td>
</tr>
</tbody>
</table>
<h3>Non existent API endpoints</h3>
<p>When a consumer attempts to call a non-existent API end point, respond
with a <strong>501 Not Implemented</strong> status code.</p>
</div></li></ul></div></div><h3 id="resourcesCap1">Capabilities by Resource/Profile</h3><h4 id="resourcesSummary1">Summary</h4><p>The summary table lists the resources that are part of this configuration, and for each resource it lists:</p><ul><li>The relevant profiles (if any)</li><li>The interactions supported by each resource (<b><span class="bg-info">R</span></b>ead, <b><span class="bg-info">S</span></b>earch, <b><span class="bg-info">U</span></b>pdate, and <b><span class="bg-info">C</span></b>reate, are always shown, while <b><span class="bg-info">VR</span></b>ead, <b><span class="bg-info">P</span></b>atch, <b><span class="bg-info">D</span></b>elete, <b><span class="bg-info">H</span></b>istory on <b><span class="bg-info">I</span></b>nstance, or <b><span class="bg-info">H</span></b>istory on <b><span class="bg-info">T</span></b>ype are only present if at least one of the resources has support for them.</li><li><span>The required, recommended, and some optional search parameters (if any). </span></li><li>The linked resources enabled for <code>_include</code></li><li>The other resources enabled for <code>_revinclude</code></li><li>The operations on the resource (if any)</li></ul><div class="table-responsive"><table class="table table-condensed table-hover"><thead><tr><th><b>Resource Type</b></th><th><b>Profile</b></th><th class="text-center"><b title="GET a resource (read interaction)">R</b></th><th class="text-center"><b title="GET all set of resources of the type (search interaction)">S</b></th><th class="text-center"><b title="PUT a new resource version (update interaction)">U</b></th><th class="text-center"><b title="POST a new resource (create interaction)">C</b></th><th><b title="Required and recommended search parameters">Searches</b></th><th><code><b>_include</b></code></th><th><code><b>_revinclude</b></code></th><th><b>Operations</b></th></tr></thead><tbody><tr><td><a href="#AllergyIntolerance1-1">AllergyIntolerance</a></td><td><a href="StructureDefinition-SDHRAllergyIntolerance.html">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRAllergyIntolerance</a></td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td></td><td/><td/><td/></tr><tr><td><a href="#Condition1-2">Condition</a></td><td><a href="StructureDefinition-SDHRCondition.html">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRCondition</a></td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td></td><td/><td/><td/></tr><tr><td><a href="#Encounter1-3">Encounter</a></td><td><a href="StructureDefinition-SDHREncounter.html">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHREncounter</a></td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td></td><td/><td/><td/></tr><tr><td><a href="#Observation1-4">Observation</a></td><td><a href="StructureDefinition-SDHRObservation.html">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRObservation</a></td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td class="text-center">y</td><td></td><td/><td/><td/></tr></tbody></table></div><hr/><div class="panel panel-default"><div class="panel-heading"><h4 id="AllergyIntolerance1-1" class="panel-title"><span style="float: right;">Resource Conformance: supported </span>AllergyIntolerance</h4></div><div class="panel-body"><div class="container"><div class="row"><div class="col-lg-6"><span class="lead">Base System Profile</span><br/><a href="StructureDefinition-SDHRAllergyIntolerance.html">SDHRAllergyIntolerance</a></div><div class="col-lg-3"><span class="lead">Profile Conformance</span><br/><b>SHALL</b></div><div class="col-lg-3"><span class="lead">Reference Policy</span><br/></div></div><p/><div class="row"><div class="col-lg-6"><span class="lead">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class="panel panel-default"><div class="panel-heading"><h4 id="Condition1-2" class="panel-title"><span style="float: right;">Resource Conformance: supported </span>Condition</h4></div><div class="panel-body"><div class="container"><div class="row"><div class="col-lg-6"><span class="lead">Base System Profile</span><br/><a href="StructureDefinition-SDHRCondition.html">SDHRCondition</a></div><div class="col-lg-3"><span class="lead">Profile Conformance</span><br/><b>SHALL</b></div><div class="col-lg-3"><span class="lead">Reference Policy</span><br/></div></div><p/><div class="row"><div class="col-lg-6"><span class="lead">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class="panel panel-default"><div class="panel-heading"><h4 id="Encounter1-3" class="panel-title"><span style="float: right;">Resource Conformance: supported </span>Encounter</h4></div><div class="panel-body"><div class="container"><div class="row"><div class="col-lg-6"><span class="lead">Base System Profile</span><br/><a href="StructureDefinition-SDHREncounter.html">SDHREncounter</a></div><div class="col-lg-3"><span class="lead">Profile Conformance</span><br/><b>SHALL</b></div><div class="col-lg-3"><span class="lead">Reference Policy</span><br/></div></div><p/><div class="row"><div class="col-lg-6"><span class="lead">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class="panel panel-default"><div class="panel-heading"><h4 id="Observation1-4" class="panel-title"><span style="float: right;">Resource Conformance: supported </span>Observation</h4></div><div class="panel-body"><div class="container"><div class="row"><div class="col-lg-6"><span class="lead">Base System Profile</span><br/><a href="StructureDefinition-SDHRObservation.html">SDHRObservation</a></div><div class="col-lg-3"><span class="lead">Profile Conformance</span><br/><b>SHALL</b></div><div class="col-lg-3"><span class="lead">Reference Policy</span><br/></div></div><p/><div class="row"><div class="col-lg-6"><span class="lead">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div></div>
</text>
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/resource-metadata-extension">
<extension url="licenseURL">
<valueUri
value="https://www.tewhatuora.govt.nz/assets/Our-health-system/Digital-health/Digital-Service-Hub/API-Access-and-Use-Agreement.docx"/>
</extension>
<extension url="externalDocs">
<valueUri value="https://fhir-ig.digital.health.nz/shared-care"/>
</extension>
<extension url="licenseName">
<valueString
value="Health New Zealand Digital Services Hub API Access and Use Agreement"/>
</extension>
<extension url="globalHeaders">
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension">
<extension url="key">
<valueString value="X-Correlation-Id"/>
</extension>
<extension url="value">
<valueUri
value="https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Api-Key.json"/>
</extension>
<extension url="required">
<valueBoolean value="true"/>
</extension>
</extension>
<extension
url="https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension">
<extension url="key">
<valueString value="Request-Context"/>
</extension>
<extension url="value">
<valueUri
value="https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Request-Context.json"/>
</extension>
<extension url="required">
<valueBoolean value="true"/>
</extension>
</extension>
</extension>
</extension>
<url
value="https://fhir-ig.digital.health.nz/sdhr/CapabilityStatement/SDHRCapabliityStatement"/>
<version value="0.3.0"/>
<name value="SDHRCapabliityStatement"/>
<title value="NZ Shared Digital Health Record API"/>
<status value="draft"/>
<experimental value="true"/>
<date value="2024-04-15T01:15:23.3688326Z"/>
<publisher value="Health New Zealand"/>
<contact>
<name value="Health New Zealand"/>
<telecom>
<system value="url"/>
<value value="https://github.com/tewhatuora"/>
</telecom>
</contact>
<contact>
<name value="HNZ Integration Team"/>
<telecom>
<system value="email"/>
<value value="integration@tewhatuora.govt.nz"/>
<use value="work"/>
</telecom>
</contact>
<description value="NZ Shared Digital Health Record API"/>
<kind value="capability"/>
<software>
<name value="NZ Shared Digital Health Record API"/>
<version value="1.0.0.0"/>
</software>
<implementation>
<description
value="Health NZ | Te Whatu Ora NZ Shared Digital Health Record API"/>
<url value="https://fhir.api.digital.health.nz/R4"/>
</implementation>
<fhirVersion value="4.0.1"/>
<format value="application/fhir+json"/>
<rest>
<mode value="server"/>
<security>
<extension
url="http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris">
<extension url="token">
<valueUri
value="https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/token"/>
</extension>
<extension url="authorize">
<valueUri
value="https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/authorize"/>
</extension>
</extension>
<extension
url="http://fhir-registry.smarthealthit.org/StructureDefinition/capabilities">
<valueCode value="client-confidential-symmetric"/>
</extension>
<cors value="true"/>
<service>
<coding>
<code value="SMART-on-FHIR"/>
</coding>
</service>
<description value="OAuth 2.0 - Client Credential flow.)"/>
</security>
<resource>
<type value="AllergyIntolerance"/>
<profile
value="https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRAllergyIntolerance"/>
<interaction>
<code value="read"/>
</interaction>
<interaction>
<code value="create"/>
</interaction>
<interaction>
<code value="update"/>
</interaction>
<interaction>
<code value="search-type"/>
</interaction>
</resource>
<resource>
<type value="Condition"/>
<profile
value="https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRCondition"/>
<interaction>
<code value="read"/>
</interaction>
<interaction>
<code value="create"/>
</interaction>
<interaction>
<code value="update"/>
</interaction>
<interaction>
<code value="search-type"/>
</interaction>
</resource>
<resource>
<type value="Encounter"/>
<profile
value="https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHREncounter"/>
<interaction>
<code value="read"/>
</interaction>
<interaction>
<code value="create"/>
</interaction>
<interaction>
<code value="update"/>
</interaction>
<interaction>
<code value="search-type"/>
</interaction>
</resource>
<resource>
<type value="Observation"/>
<profile
value="https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRObservation"/>
<interaction>
<code value="read"/>
</interaction>
<interaction>
<code value="create"/>
</interaction>
<interaction>
<code value="update"/>
</interaction>
<interaction>
<code value="search-type"/>
</interaction>
</resource>
<interaction>
<code value="search-system"/>
<documentation
value=" ### Request-Context custom header
All screening FHIR API requests must include the HNZ request context *custom header* supplying identifiers for the health user
and organisation behind the API request.
This context is supplied using the 'Request-Context' custom header in the form of a base64-encoded JSON object.
|**Context property**|**Value**|
|:------------------|:---------|
| `userIdentifier` | The userid of the user as authenticated by the PMS/health application (REQUIRED) |
| `secondaryIdentifier` | The secondary identifier for the user - this **MUST** be the end users Common Person Number (aka HPI Practitioner identifier) of the practitioner using the application (REQUIRED) |
| `purposeOfUse` | Set to `"NZSCREEN"` (REQUIRED) |
| `userFullName` | Full name of the user of the PMS/health application.` (REQUIRED) |
| `userRole` | Role of the user of the PMS/health application. Set to `"PROV" (REQUIRED) |
| `orgIdentifier` | The HPI Organisation Number (aka HPI Organisation identifier) for the organisation in which the API consumer application is deployed (REQUIRED) |
| `facilityIdentifier` | HPI identifier for the facility where the user is located (REQUIRED) |
A schema definition and examples for `Request-Context` can be [found here](https://github.com/tewhatuora/schemas/blob/main/json-schema/Request-Context.json)
#### Example Request-Context Header Payload
**Base64 Encoded**
```
eyJ1c2VySWRlbnRpZmllciI6InBhdCIsInVzZXJSb2xlIjoiUFJPViIsInNlY29uZGFyeUlkZW50aWZpZXIiOnsidXNlIjoib2ZmaWNpYWwiLCJzeXN0ZW0iOiJodHRwczovL3N0YW5kYXJkcy5kaWdpdGFsLmhlYWx0aC5uei9ucy9ocGktcGVyc29uLWlkIiwidmFsdWUiOiI5OVpaWlMifSwicHVycG9zZU9mVXNlIjpbIlBST1YiXSwidXNlckZ1bGxOYW1lIjoiQmV2ZXJseSBDcnVzaGVyIiwib3JnSWRlbnRpZmllciI6IkcwMDAwMS1HIiwiZmFjaWxpdHlJZGVudGlmaWVyIjoiRlpaOTk5LUIifQ
```
**Decoded JSON**
```json
{
"userIdentifier": "pat",
"userRole": "PROV",
"secondaryIdentifier": {
"use": "official",
"system": "https://standards.digital.health.nz/ns/hpi-person-id",
"value": "99ZZZS"
},
"purposeOfUse": [
"NZSCREEN"
],
"userFullName": "Beverly Crusher",
"orgIdentifier": "G00001-G",
"facilityIdentifier": "FZZ999-B"
}
```
### Error status codes
#### Read (GET) Operation Statuses
|**Code**|**Meaning**|**Description**|
|:--:|:-----------------|:--|
|200|OK |The request was successful, and the response body contains the representation requested|
|302|FOUND |A common redirect response; you can GET the representation at the URI in the Location response header|
|304|NOT MODIFIED |Your client's cached version of the representation is still up to date|
|400|BAD REQUEST |Missing or bad `Recurity-Context` custom header; FHIR request payload does not validate against Implementation Guide|
|401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|
|403|FORBIDDEN |Insufficient privilege to access the requested FHIR resource/operation|
|404|NOT FOUND |The requested representation was not found. Retrying this request is unlikely to be successful|
|429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |An internal server error prevented return of the representation response|
|503|SERVICE UNAVAILABLE|We are temporarily unable to return the representation. Please wait and try again later|
#### Search (GET) Operation Statuses
|**Code**|**Meaning** |**OperationOutcome** in response?|**Description**|
|:--:|:-----------------|:----------------------------------|:----------------------------------|
|200|OK |Yes, When there are additional messages about a match result|The request was successful, and the response body contains the representation requested|
|302|FOUND |No |A common redirect response; you can GET the representation at the URI in the Location response header|
|400|BAD REQUEST |Yes|Missing or bad `Recurity-Context` custom header;<br>FHIR request payload does not validate against Implementation Guide|
|401|UNAUTHORIZED |Yes|The supplied credentials, if any, are not sufficient to access the resource|
|403|FORBIDDEN |Yes|Insufficient privilege to access the requested FHIR resource/operation. See [OperationOutcome-APIError-Unauthorised](./OperationOutcome-APIError-Unauthorised.html)|
|429|TOO MANY REQUESTS |No |Your application is sending too many simultaneous requests|
|500|SERVER ERROR |No |An internal server error prevented return of the representation response|
|503|SERVICE UNAVAILABLE|No |The server is temporarily unable to return the representation. Please wait and try again later|
### Non existent API endpoints
When a consumer attempts to call a non-existent API end point, respond
with a **501 Not Implemented** status code."/>
</interaction>
</rest>
</CapabilityStatement>