AWS Security ChangesHomeSearch

AWS healthlake documentation change

Service: healthlake · 2026-05-01 · Documentation medium

File: healthlake/latest/devguide/reference-fhir-operations-export.md

Summary

Added documentation for _security and _tag filtering parameters to the $export operation

Security assessment

The change documents security filtering parameters that provide access control mechanisms for data exports. This is a security feature enhancement rather than a response to a specific security vulnerability.

Diff

diff --git a/healthlake/latest/devguide/reference-fhir-operations-export.md b/healthlake/latest/devguide/reference-fhir-operations-export.md
index d1f00da54..a08ac468d 100644
--- a//healthlake/latest/devguide/reference-fhir-operations-export.md
+++ b//healthlake/latest/devguide/reference-fhir-operations-export.md
@@ -97,0 +98,2 @@ Name | Required? | Description | Example
+`_security` | No | Filter exported resources by `meta.security` Coding values. Use the `system|code` format. When multiple values are provided, resources must match all of them (AND semantics). Use `system|` (trailing pipe, no code) to match any code from a given system. | `&_security=https://myorg.com/tenant%7Cclinic-A`  
+`_tag` | No | Filter exported resources by `meta.tag` Coding values. Uses the same `system|code` format and AND semantics as `_security`. When both `_security` and `_tag` are specified, resources must match both filters. | `&_tag=https://myorg.com/dept%7Ccardiology`