Release 5 Preview #2

This page is part of the FHIR Specification (v4.4.0: R5 Preview #2). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R4 R3 R2

V3-InformationSensitivityPolicy.xml

Vocabulary Work GroupMaturity Level: N/AStandards Status: Informative

Raw XML (canonical form + also see XML Format Specification)

Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements. For example, an "employee" sensitivity code would make little sense for use outside of a policy domain. "Taboo" would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply. Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable Sensitivity Act.code may be useful in some scenarious if used in combination with a sensitivity identifier and/or Act.title.

<?xml version="1.0" encoding="UTF-8"?>

<ValueSet xmlns="http://hl7.org/fhir">
  <id value="v3-InformationSensitivityPolicy"/> 
  <meta> 
    <lastUpdated value="2020-05-03T08:43:35.811+10:00"/> 
    <profile value="http://hl7.org/fhir/StructureDefinition/shareablevalueset"/> 
  </meta> 
  <text> 
    <status value="generated"/> 
    <div xmlns="http://www.w3.org/1999/xhtml">
      <h2> V3 Value SetInformationSensitivityPolicy</h2> 
      <div> 
        <p> Sensitivity codes are not useful for interoperability outside of a policy domain because
             sensitivity policies are typically localized and vary drastically across policy domains
             even for the same information category because of differing organizational business rules,
             security policies, and jurisdictional requirements.  For example, an &quot;employee&quot;
             sensitivity code would make little sense for use outside of a policy domain.   &quot;Taboo&quot;
             would rarely be useful outside of a policy domain unless there are jurisdictional requirements
             requiring that a provider disclose sensitive information to a patient directly. Sensitivity
             codes may be more appropriate in a legacy system's Master Files in order to notify those
             who access a patient's orders and observations about the sensitivity policies that apply.
              Newer systems may have a security engine that uses a sensitivity policy's criteria directly.
             The specializable Sensitivity Act.code may be useful in some scenarious if used in combination
             with a sensitivity identifier and/or Act.title.</p> 

      </div> 
      <ul> 
        <li> Include codes from 
          <a href="../../v3/ActCode/cs.html">
            <code> http://terminology.hl7.org/CodeSystem/v3-ActCode</code> 
          </a>  where concept  is-a  
          <a href="../../v3/ActCode/cs.html#v3-ActCode-_InformationSensitivityPolicy">_InformationSensitivityPolicy</a> 
        </li> 
      </ul> 
    </div> 
  </text> 
  <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
    <valueCode value="external"/> 
  </extension> 
  <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">
    <valueInteger value="0"/> 
  </extension> 
  <url value="http://terminology.hl7.org/ValueSet/v3-InformationSensitivityPolicy"/> 
  <identifier> 
    <system value="urn:ietf:rfc:3986"/> 
    <value value="urn:oid:2.16.840.1.113883.1.11.20428"/> 
  </identifier> 
  <version value="2014-03-26"/> 
  <name value="v3.InformationSensitivityPolicy"/> 
  <title value="V3 Value SetInformationSensitivityPolicy"/> 
  <status value="active"/> 
  <experimental value="false"/> 
  <publisher value="HL7 v3"/> 
  <contact> 
    <telecom> 
      <system value="url"/> 
      <value value="http://www.hl7.org"/> 
    </telecom> 
  </contact> 
  <description value=" Sensitivity codes are not useful for interoperability outside of a policy domain because
     sensitivity policies are typically localized and vary drastically across policy domains
     even for the same information category because of differing organizational business rules,
     security policies, and jurisdictional requirements.  For example, an &quot;employee&quot;
     sensitivity code would make little sense for use outside of a policy domain.   &quot;Taboo&quot;
     would rarely be useful outside of a policy domain unless there are jurisdictional requirements
     requiring that a provider disclose sensitive information to a patient directly. Sensitivity
     codes may be more appropriate in a legacy system's Master Files in order to notify those
     who access a patient's orders and observations about the sensitivity policies that apply.
      Newer systems may have a security engine that uses a sensitivity policy's criteria directly.
     The specializable Sensitivity Act.code may be useful in some scenarious if used in combination
     with a sensitivity identifier and/or Act.title."/> 
  <immutable value="false"/> 
  <compose> 
    <include> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> 
      <filter> 
        <property value="concept"/> 
        <op value="is-a"/> 
        <value value="_InformationSensitivityPolicy"/> 
      </filter> 
    </include> 
  </compose> 
</ValueSet> 

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.