This proposal is part of the Profile Governed FHIR API tracker. See that item for the larger context or the full proposal here.

This proposal define a set of rules for a server to follow when redacting a resource to be compliant with a given profile. Standardization ensures that clients can reliably interpret a server's response.

Known Use Cases:

1. Bandwidth constrained clients may make very specific format/content requests of servers. If PATCH by Profile is implemented, this allows a client to read and write a minimized (focused) subset of resource elements.

2. Information protection redaction can be negotiated between client and server in a predictable way. The server won't silently remove elements. It will inform the client they are only authorized to the elements in the given profile.

Proposed rules are:

1. If the governing profile has SUBSETTED tagged, tag the resulting resource with SUBSETTED.

2. Elements or element slices with max=0 are removed from the resource.

3. Elements with max > 0 but not * are included if the instance has <= that number of instances. If the instance has more than max instances:

a. If slicing is defined and ordered, include the first max number of instances.

b. Otherwise, return an error (the server will not silently sample an un-ordered list).