AWS healthlake documentation change
Summary
Added documentation for _security and _tag filtering parameters to the $davinci-data-export operation
Security assessment
The change adds documentation for security filtering parameters (_security) that enable granular access control and multi-tenant export capabilities. This enhances security features but does not indicate a specific security issue being addressed.
Diff
diff --git a/healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md b/healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md index ecf718a16..fccbbade1 100644 --- a//healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md +++ b//healthlake/latest/devguide/reference-fhir-operations-davinci-data-export.md @@ -45,0 +46,2 @@ Parameter | Cardinality | Description +`_security` | 0..* | Filter exported resources by `meta.security` Coding values. Use the `system|code` format (pipe character must be URL-encoded as `%7C`). When multiple values are provided, resources must match all of them (AND semantics). Use `system|` (trailing pipe, no code) to match any code from a given system. +`_tag` | 0..* | Filter exported resources by `meta.tag` Coding values. Uses the same `system|code` format and AND semantics as `_security`. When both `_security` and `_tag` are specified, resources must match both filters.