Bob recently heard from CMS that they expect a CRD/DTR service determination / pre-emptive prior auth to be built with a 278 response for HIPAA compliance (opposite of what we were hoping in https://chat.fhir.org/#narrow/stream/179283-Da-Vinci/topic/pre-emptive.20prior.20auth.20and.20hipaa ). 

We should update the guidance under unsolicited determination to mention something like "Similar to PAS, to use an unsolicited determination there is an expectation that either it has been translated from a 278 response or is being done under a HIPAA exception ( https://build.fhir.org/ig/HL7/davinci-pas/specification.html#processing-prior-authorization-submissions-under-the-cms-exception )"

CRD had a clear place to add this, for DTR I'm not as sure where it should go. The SDC Adaptive forms page has a section on writing a ClaimResponse.