diff --git a/mmv1/templates/terraform/examples/healthcare_fhir_store_notification_config.tf.erb b/mmv1/templates/terraform/examples/healthcare_fhir_store_notification_config.tf.erb
index 1ced4df5406d..c89a0a51ce87 100644
--- a/mmv1/templates/terraform/examples/healthcare_fhir_store_notification_config.tf.erb
+++ b/mmv1/templates/terraform/examples/healthcare_fhir_store_notification_config.tf.erb
@@ -13,11 +13,24 @@ resource "google_healthcare_fhir_store" "default" {
   }
 
   notification_configs {
-    pubsub_topic = google_pubsub_topic.topic.name
+    pubsub_topic = "${google_pubsub_topic.topic.id}" 
     send_full_resource = true
   }
+  depends_on = [google_pubsub_topic_iam_binding.binding]
 }
 
+// Enable notifications by giving the correct IAM permission to the unique service account.
+data "google_healthcare_project_service_account" "gcs_account" { 
+}
+
+// Create a Pub/Sub topic.
+resource "google_pubsub_topic_iam_binding" "binding" {
+  topic    = google_pubsub_topic.topic.id
+  role     = "roles/pubsub.publisher"
+  members  = ["serviceAccount:${data.google_healthcare_project_service_account.gcs_account.email_address}"]
+}
+
+
 resource "google_pubsub_topic" "topic" {
   name     = "<%= ctx[:vars]['pubsub_topic']%>"
 }
@@ -26,3 +39,5 @@ resource "google_healthcare_dataset" "dataset" {
   name     = "<%= ctx[:vars]['dataset_name'] %>"
   location = "us-central1"
 }
+
+
diff --git a/mmv1/third_party/terraform/data_sources/data_source_google_healthcare_project_service_account.go b/mmv1/third_party/terraform/data_sources/data_source_google_healthcare_project_service_account.go
new file mode 100644
index 000000000000..e4972caad6c6
--- /dev/null
+++ b/mmv1/third_party/terraform/data_sources/data_source_google_healthcare_project_service_account.go
@@ -0,0 +1,62 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGoogleHealthcareProjectServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGoogleHealthcareProjectServiceAccountRead,
+		Schema: map[string]*schema.Schema{
+			"project": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+				ForceNew: true,
+			},
+			"user_project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"email_address": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceGoogleHealthcareProjectServiceAccountRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	userAgent, err := generateUserAgentString(d, config.userAgent)
+	if err != nil {
+		return err
+	}
+
+	project, err := getProject(d, config)
+	if err != nil {
+		return err
+	}
+
+	rmProject, err := config.NewResourceManagerClient(userAgent).Projects.Get(project).Do()
+	if err != nil {
+		return handleNotFoundError(err, d, "Project not found")
+	}
+	projectNumber := rmProject.ProjectNumber
+
+	serviceAccountEmail := fmt.Sprintf("service-%v@gcp-sa-healthcare.iam.gserviceaccount.com", projectNumber)
+
+	if err := d.Set("project", project); err != nil {
+		return fmt.Errorf("Error setting project: %s", err)
+	}
+	if err := d.Set("email_address", serviceAccountEmail); err != nil {
+		return fmt.Errorf("Error setting email_address: %s", err)
+	}
+
+	d.SetId(serviceAccountEmail)
+
+	return nil
+}
diff --git a/mmv1/third_party/terraform/tests/data_source_google_healthcare_project_service_account_test.go b/mmv1/third_party/terraform/tests/data_source_google_healthcare_project_service_account_test.go
new file mode 100644
index 000000000000..56733703ba64
--- /dev/null
+++ b/mmv1/third_party/terraform/tests/data_source_google_healthcare_project_service_account_test.go
@@ -0,0 +1,31 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceGoogleHealthcareProjectServiceAccount_basic(t *testing.T) {
+	t.Parallel()
+
+	resourceName := "data.google_healthcare_project_service_account.gcs_account"
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleHealthcareProjectServiceAccount_basic,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "email_address"),
+				),
+			},
+		},
+	})
+}
+
+const testAccCheckGoogleHealthcareProjectServiceAccount_basic = `
+data "google_healthcare_project_service_account" "gcs_account" {
+}
+`
diff --git a/mmv1/third_party/terraform/utils/provider.go.erb b/mmv1/third_party/terraform/utils/provider.go.erb
index fa4f71fc1934..a18c99c9150f 100644
--- a/mmv1/third_party/terraform/utils/provider.go.erb
+++ b/mmv1/third_party/terraform/utils/provider.go.erb
@@ -269,6 +269,7 @@ func Provider() *schema.Provider {
 			"google_folder":                                    dataSourceGoogleFolder(),
 			"google_folders":                                   dataSourceGoogleFolders(),
 			"google_folder_organization_policy":                dataSourceGoogleFolderOrganizationPolicy(),
+			"google_healthcare_project_service_account":        dataSourceGoogleHealthcareProjectServiceAccount(),
 			"google_monitoring_notification_channel":           dataSourceMonitoringNotificationChannel(),
 			"google_monitoring_cluster_istio_service":          dataSourceMonitoringServiceClusterIstio(),
 			"google_monitoring_istio_canonical_service":        dataSourceMonitoringIstioCanonicalService(),