CRD is introducing so-called trigger guards, here: HL7.FHIR.US.DAVINCI-CRD\Formal Specification - FHIR v4.0.1

in an attempt to ensure that an EHR doesn't send PHI to a payer/CRD system that oughtn't receive it. Definitely, an EHR shouldn't make a CRD request to the wrong payer. 

The proposed solution is too flexible, insufficiently specified and will almost certainly result in incompatible implementations.

>The FHIRPath may reference any context or pre-fetch elements defined by the service using the context field name or pre-fetch name. E.g. %patient can be used to refer to a pre-fetch by the name of ‘patient’.

As written, this addition suggests to CRD services that any valid FHIRPath expression will be supported and evaluated at every hook invocation; requiring significant development from EHR developers and costing performance in clinical workflows.

Instead, the specification should place a normative requirement on CDS Clients, of:

CRD clients SHALL ensure that a given payer’s service is only invoked for patients that are believed to have active coverage with that payer.

And not introduce the concept of a guard at all.