STU3 Candidate

This page is part of the FHIR Specification (v1.8.0: STU 3 Draft). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R4 R3 R2

V3-InformationSensitivityPolicy.json

Raw JSON (canonical form)

Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements. For example, an "employee" sensitivity code would make little sense for use outside of a policy domain. "Taboo" would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply. Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable Sensitivity Act.code may be useful in some scenarious if used in combination with a sensitivity identifier and/or Act.title.

{
  "resourceType": "ValueSet",
  "id": "v3-InformationSensitivityPolicy",
  "meta": {
    "lastUpdated": "2016-12-06T12:22:34.981+11:00",
    "profile": [
      "http://hl7.org/fhir/StructureDefinition/valueset-shareable-definition"
    ]
  },
  "text": {
    "status": "generated",
    "div": "<div>!-- Snipped for Brevity --></div>"
  },
  "url": "http://hl7.org/fhir/ValueSet/v3-InformationSensitivityPolicy",
  "identifier": [
    {
      "system": "urn:ietf:rfc:3986",
      "value": "urn:oid:2.16.840.1.113883.1.11.20428"
    }
  ],
  "version": "2014-03-26",
  "name": "InformationSensitivityPolicy",
  "status": "active",
  "experimental": false,
  "publisher": "HL7 v3",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org"
        }
      ]
    }
  ],
  "description": " Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements.  For example, an \"employee\" sensitivity code would make little sense for use outside of a policy domain.   \"Taboo\" would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply.  Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable Sensitivity Act.code may be useful in some scenarious if used in combination with a sensitivity identifier and/or Act.title.",
  "immutable": false,
  "compose": {
    "include": [
      {
        "system": "http://hl7.org/fhir/v3/ActCode",
        "filter": [
          {
            "property": "concept",
            "op": "is-a",
            "value": "_InformationSensitivityPolicy"
          }
        ]
      }
    ]
  }
}

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.