Inferensys

Glossary

CapabilityStatement

A FHIR resource that describes the set of capabilities a FHIR server or client supports, including which resources, operations, and security protocols are available.
Operations room with a large monitor wall for system visibility and control.
FHIR INTEROPERABILITY DECLARATION

What is CapabilityStatement?

A formal FHIR resource that declares the specific features, operations, and security protocols a server or client supports, enabling automated discovery and conformance verification.

A CapabilityStatement is a structured FHIR resource that serves as a machine-readable contract, explicitly declaring the set of capabilities a FHIR server or client supports. It details which resource types, interactions (read, create, search), search parameters, and security protocols are available, allowing other systems to dynamically discover how to interoperate without prior manual configuration.

This resource is fundamental to automated conformance testing and interoperability governance. By comparing a system's CapabilityStatement against a StructureDefinition or ImplementationGuide, a FHIR Validator can programmatically verify that a server meets the requirements of a specific use case, such as the US Core Implementation Guide, ensuring that federated learning nodes expose the necessary clinical data endpoints.

FHIR INTEROPERABILITY FOUNDATION

Key Features of a CapabilityStatement

A CapabilityStatement is a FHIR resource that formally declares the features a server or client supports, enabling automated discovery and robust contractual conformance testing between systems.

01

Declared RESTful Interactions

The resource explicitly enumerates which FHIR interactions a server supports for each resource type.

  • read: Direct access to a known resource by its logical ID
  • vread: Retrieves a specific historical version of a resource
  • update: Allows a client to modify an existing resource
  • delete: Removes a resource from the server
  • history: Fetches the complete change log for a resource type
  • create: Enables the submission of a new resource instance
  • search: Defines which search parameters are indexed and queryable

This declaration allows a client to programmatically adapt its behavior without manual configuration.

02

Security Protocol Declaration

The rest.security element provides a machine-readable contract for authentication and authorization.

  • CORS Support: Declares cross-origin resource sharing policies for browser-based apps
  • Service Management: Links to the FHIR OAuth 2.0 endpoints for SMART on FHIR workflows
  • Certificate Requirements: Specifies mutual TLS or PKI-based authentication needs

This section is critical for automated security negotiation, allowing a client to discover the exact token endpoint and scopes required before attempting a connection.

03

Resource Profile Constraints

A CapabilityStatement references specific StructureDefinitions to indicate which constrained profiles a server claims conformance to.

  • US Core Profiles: Declares support for USCDI-mandated data elements
  • Custom Profiles: Advertises proprietary extensions and slicing rules
  • Supported Profiles: Lists canonical URLs for every profile the server validates against

This mechanism transforms a generic FHIR endpoint into a semantically precise interface, ensuring that a client sending a US Core Patient resource will be understood and processed correctly.

04

Operation Definition Binding

Beyond basic CRUD, the resource advertises support for extended FHIR operations.

  • $validate: Checks a resource against its stated profile rules
  • $expand: Requests a ValueSet to be fully enumerated for a drop-down UI
  • $match: Performs patient matching for master person index deduplication
  • $everything: Fetches a complete patient record graph in a single bundle

Each operation is bound to a specific resource context, allowing a client to discover that, for example, Patient/$match is available for probabilistic identity resolution.

05

Messaging Event Support

For event-driven architectures, the CapabilityStatement defines the FHIR messaging events a system can send or receive.

  • Event Catalog: Lists specific event codes like patient-link or observation-created
  • MessageHeader Profiles: Specifies the exact bundle structure expected for each event
  • Endpoint Declarations: Provides the destination URL for message delivery

This section enables loose coupling between clinical systems, where a laboratory system can discover exactly which admission-discharge-transfer events a subscribing EHR supports.

06

Document Composition Rules

The document element declares the FHIR document bundles a system can produce or consume.

  • Clinical Document Architecture (CDA) Replacement: Defines FHIR-based clinical notes
  • Composition Profiles: Specifies the exact section structure and coded headings
  • Digital Signature Support: Indicates whether documents are cryptographically signed

This allows a document consumer to validate that a received Continuity of Care Document (CCD) conforms to the expected template before attempting to parse it for clinical data.

FHIR CAPABILITY DISCOVERY

Frequently Asked Questions

Essential questions about the FHIR CapabilityStatement resource, the foundational metadata document that enables automated interoperability by declaring a server's supported resources, operations, and security protocols.

A CapabilityStatement is a FHIR resource that functions as a machine-readable contract, explicitly declaring the set of capabilities a FHIR server or client supports. It answers the critical question: 'What can this endpoint do?' without requiring out-of-band human negotiation.

For interoperability, it is essential because it enables:

  • Automated Discovery: Client applications can programmatically determine which resources (e.g., Patient, Observation), operations (e.g., $validate, $everything), and interaction types (e.g., create, search) are available.
  • Security Metadata: It advertises supported authorization protocols like SMART on FHIR and OAuth 2.0 endpoints via the rest.security element.
  • Version Negotiation: It specifies the exact FHIR version (fhirVersion element) supported, preventing version mismatch errors.

In a federated learning context, a central aggregator uses the CapabilityStatement of each hospital's FHIR server to dynamically discover which endpoints support the FHIR Bulk Data Access operations needed to export de-identified training datasets.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.