Open Nursing Core FHIR Implementation Guide (ONC-IG)
1.0.0 - release
Open Nursing Core FHIR Implementation Guide (ONC-IG) - Local Development build (v1.0.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
Nursing records contain some of the most sensitive personal data an organisation holds. Every implementation of the Open Nursing Core IG must protect that data throughout its lifecycle. This page sets out the governance framework and the technical controls expected of conformant systems, with particular reference to the United Kingdom and NHS context.
Implementations MUST comply with the data protection law applicable in their jurisdiction:
Organisations operating within the NHS in England MUST additionally satisfy national information-governance requirements:
Each organisation should have a nominated Caldicott Guardian and a Data Protection Officer.
Implementation option. For FHIR-native deployments, the Open Health Stack Software Foundation's open-source FHIR Gateway provides a proxy layer for enforcing access-control policies in front of a FHIR store — one route to meeting the RBAC requirement above without building policy enforcement from scratch. This reference is informative, not a conformance requirement.
Protecting data is not only a technical duty. The equity and relational features of this IG — reasonable adjustments, "What Matters to Me", ethnicity and skin-tone records — carry information that, handled carelessly, could expose a person to discrimination or distress. Access to these fields SHOULD be governed with the same rigour as any other sensitive record, and their purpose is always to improve the person's care, never to label them.
This page describes governance expectations for implementers; it is not legal advice. Each organisation is responsible for its own Data Protection Impact Assessment and information-governance sign-off.