AWS Security ChangesHomeSearch

AWS healthlake documentation change

Service: healthlake · 2026-05-01 · Documentation medium

File: healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md

Summary

Added documentation for _security and _tag filtering parameters to the $davinci-data-export operation

Security assessment

The change adds documentation for security filtering parameters (_security) that enable granular access control and multi-tenant export capabilities. This enhances security features but does not indicate a specific security issue being addressed.

Diff

diff --git a/healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md b/healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md
index ecf718a16..fccbbade1 100644
--- a//healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md
+++ b//healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md
@@ -45,0 +46,2 @@ Parameter | Cardinality | Description
+`_security` | 0..* | Filter exported resources by `meta.security` Coding values. Use the `system|code` format (pipe character must be URL-encoded as `%7C`). When multiple values are provided, resources must match all of them (AND semantics). Use `system|` (trailing pipe, no code) to match any code from a given system.  
+`_tag` | 0..* | Filter exported resources by `meta.tag` Coding values. Uses the same `system|code` format and AND semantics as `_security`. When both `_security` and `_tag` are specified, resources must match both filters.