STU 3 Candidate

This page is part of the FHIR Specification (v1.4.0: STU 3 Ballot 3). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R4 R3 R2

V3-InformationSensitivityPolicy.xml

Raw XML (canonical form)

Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements. For example, an "employee" sensitivity code would make little sense for use outside of a policy domain. "Taboo" would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply. Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable Sensitivity Act.code may be useful in some scenarious if used in combination with a sensitivity identifier and/or Act.title.

<ValueSet xmlns="http://hl7.org/fhir">
  <id value="v3-InformationSensitivityPolicy"/>
  <meta>
    <lastUpdated value="2016-03-31T08:01:25.570+11:00"/>
    <profile value="http://hl7.org/fhir/StructureDefinition/valueset-shareable-definition"/>
  </meta>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
      <h2>InformationSensitivityPolicy</h2>
      <p> Sensitivity codes are not useful for interoperability outside of a policy domain because
           sensitivity policies are typically localized and vary drastically across policy domains
           even for the same information category because of differing organizational business rules,
           security policies, and jurisdictional requirements.  For example, an &quot;employee&quot;
           sensitivity code would make little sense for use outside of a policy domain.   &quot;Taboo&quot;
           would rarely be useful outside of a policy domain unless there are jurisdictional requirements
           requiring that a provider disclose sensitive information to a patient directly. Sensitivity
           codes may be more appropriate in a legacy system's Master Files in order to notify those
           who access a patient's orders and observations about the sensitivity policies that apply.
            Newer systems may have a security engine that uses a sensitivity policy's criteria directly.
           The specializable Sensitivity Act.code may be useful in some scenarious if used in combination
           with a sensitivity identifier and/or Act.title.</p>
      <p>This value set includes codes from the following code systems:</p>
      <ul>
        <li>Include codes from 
          <a href="../../v3/ActCode/cs.html">http://hl7.org/fhir/v3/ActCode</a> where concept  is-a  
          <a href="../../v3/ActCode/cs.html#_InformationSensitivityPolicy">_InformationSensitivityPolicy</a>
        </li>
      </ul>
    </div>
  </text>
  <extension url="http://hl7.org/fhir/StructureDefinition/valueset-oid">
    <valueUri value="urn:oid:2.16.840.1.113883.1.11.20428"/>
  </extension>
  <url value="http://hl7.org/fhir/ValueSet/v3-InformationSensitivityPolicy"/>
  <version value="2014-03-26"/>
  <name value="InformationSensitivityPolicy"/>
  <status value="active"/>
  <experimental value="false"/>
  <publisher value="HL7 v3"/>
  <contact>
    <telecom>
      <system value="other"/>
      <value value="http://www.hl7.org"/>
    </telecom>
  </contact>
  <description value=" Sensitivity codes are not useful for interoperability outside of a policy domain because
     sensitivity policies are typically localized and vary drastically across policy domains
     even for the same information category because of differing organizational business rules,
     security policies, and jurisdictional requirements.  For example, an &quot;employee&quot;
     sensitivity code would make little sense for use outside of a policy domain.   &quot;Taboo&quot;
     would rarely be useful outside of a policy domain unless there are jurisdictional requirements
     requiring that a provider disclose sensitive information to a patient directly. Sensitivity
     codes may be more appropriate in a legacy system's Master Files in order to notify those
     who access a patient's orders and observations about the sensitivity policies that apply.
      Newer systems may have a security engine that uses a sensitivity policy's criteria directly.
     The specializable Sensitivity Act.code may be useful in some scenarious if used in combination
     with a sensitivity identifier and/or Act.title."/>
  <compose>
    <include>
      <system value="http://hl7.org/fhir/v3/ActCode"/>
      <filter>
        <property value="concept"/>
        <op value="is-a"/>
        <value value="_InformationSensitivityPolicy"/>
      </filter>
    </include>
  </compose>
</ValueSet>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.