This page is part of the FHIR Specification (v4.4.0: R5 Preview #2). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3
Security Work Group | Maturity Level: 3 | Trial Use | Use Context: Any |
This is a value set defined by the FHIR project.
Summary
Defining URL: | http://hl7.org/fhir/ValueSet/provenance-activity-type |
Version: | 4.4.0 |
Name: | ProvenanceActivityType |
Title: | Provenance activity type |
Definition: | This value set contains representative Activity Type codes, which includes codes from the HL7 DocumentCompletion, ActStatus, and DataOperations code system, W3C PROV-DM and PROV-N concepts and display names, several HL7 Lifecycle Event codes for which there are agreed upon definitions, and non-duplicated codes from the HL7 Security and Privacy Ontology Operations codes. |
Committee: | Security Work Group |
OID: | 2.16.840.1.113883.4.642.3.438 (for OID based terminology systems) |
Copyright: | This is a value set of representative Activity Type codes. |
Source Resource | XML / JSON |
This value set is used in the following places:
http://terminology.hl7.org/CodeSystem/v3-DocumentCompletion
Code | Display | |
LA | legally authenticated | A completion status in which a document has been signed manually or electronically by the individual who is legally responsible for that document. This is the most mature state in the workflow progression. |
http://terminology.hl7.org/CodeSystem/v3-ActCode
Code | Display | |
ANONY | anonymize | Custodian system must remove any information that could result in identifying the information subject. |
DEID | deidentify | Custodian system must strip information of data that would allow the identification of the source of the information or the information subject. |
MASK | mask | Custodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext. User may be provided a key to decrypt per license or "shared secret". |
LABEL | assign security label | Custodian security system must assign and bind security labels in order to classify information created in the information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the assignment and binding. Usage Note: In security systems, security policy label assignments do not change, they may supersede prior assignments, and such reassignments are always tracked for auditing and other purposes. |
PSEUD | pseudonymize | Custodian system must strip information of data that would allow the identification of the source of the information or the information subject. Custodian may retain a key to relink data necessary to reidentify the information subject. |
http://terminology.hl7.org/CodeSystem/v3-DataOperation
Code | Display | |
CREATE | create | Description:Fundamental operation in an Information System (IS) that results only in the act of bringing an object into existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. For an HL7 Act, the state transitions per the HL7 Reference Information Model. |
DELETE | delete | Description:Fundamental operation in an Information System (IS) that results only in the removal of information about an object from memory or storage. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
UPDATE | revise | Definition:Fundamental operation in an Information System (IS) that results only in the revision or alteration of an object. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
APPEND | append | Description:Fundamental operation in an Information System (IS) that results only in the addition of information to an object already in existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
NULLIFY | nullify | Description:Change the status of an object representing an Act to "nullified", i.e., treat as though it never existed. For an HL7 Act, the state transitions per the HL7 Reference Information Model. |
http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle
This value set includes codes based on the following rules:
This expansion generated 03 May 2020
This value set contains 38 concepts
Expansion based on:
Code | System | Display | Logical Definition (CLD) |
LA | http://terminology.hl7.org/CodeSystem/v3-DocumentCompletion | legally authenticated | A completion status in which a document has been signed manually or electronically by the individual who is legally responsible for that document. This is the most mature state in the workflow progression. |
ANONY | http://terminology.hl7.org/CodeSystem/v3-ActCode | anonymize | Custodian system must remove any information that could result in identifying the information subject. |
DEID | http://terminology.hl7.org/CodeSystem/v3-ActCode | deidentify | Custodian system must strip information of data that would allow the identification of the source of the information or the information subject. |
MASK | http://terminology.hl7.org/CodeSystem/v3-ActCode | mask | Custodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext. User may be provided a key to decrypt per license or "shared secret". |
LABEL | http://terminology.hl7.org/CodeSystem/v3-ActCode | assign security label | Custodian security system must assign and bind security labels in order to classify information created in the information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the assignment and binding. Usage Note: In security systems, security policy label assignments do not change, they may supersede prior assignments, and such reassignments are always tracked for auditing and other purposes. |
PSEUD | http://terminology.hl7.org/CodeSystem/v3-ActCode | pseudonymize | Custodian system must strip information of data that would allow the identification of the source of the information or the information subject. Custodian may retain a key to relink data necessary to reidentify the information subject. |
CREATE | http://terminology.hl7.org/CodeSystem/v3-DataOperation | create | Description:Fundamental operation in an Information System (IS) that results only in the act of bringing an object into existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. For an HL7 Act, the state transitions per the HL7 Reference Information Model. |
DELETE | http://terminology.hl7.org/CodeSystem/v3-DataOperation | delete | Description:Fundamental operation in an Information System (IS) that results only in the removal of information about an object from memory or storage. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
UPDATE | http://terminology.hl7.org/CodeSystem/v3-DataOperation | revise | Definition:Fundamental operation in an Information System (IS) that results only in the revision or alteration of an object. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
APPEND | http://terminology.hl7.org/CodeSystem/v3-DataOperation | append | Description:Fundamental operation in an Information System (IS) that results only in the addition of information to an object already in existence. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface. |
NULLIFY | http://terminology.hl7.org/CodeSystem/v3-DataOperation | nullify | Description:Change the status of an object representing an Act to "nullified", i.e., treat as though it never existed. For an HL7 Act, the state transitions per the HL7 Reference Information Model. |
access | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Access/View Record Lifecycle Event | Occurs when an agent causes the system to obtain and open a record entry for inspection or review. |
hold | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Add Legal Hold Record Lifecycle Event | Occurs when an agent causes the system to tag or otherwise indicate special access management and suspension of record entry deletion/destruction, if deemed relevant to a lawsuit or which are reasonably anticipated to be relevant or to fulfill organizational policy under the legal doctrine of “duty to preserve”. |
amend | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Amend (Update) Record Lifecycle Event | Occurs when an agent makes any change to record entry content currently residing in storage considered permanent (persistent). |
archive | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Archive Record Lifecycle Event | Occurs when an agent causes the system to create and move archive artifacts containing record entry content, typically to long-term offline storage. |
attest | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Attest Record Lifecycle Event | Occurs when an agent causes the system to capture the agent’s digital signature (or equivalent indication) during formal validation of record entry content. |
decrypt | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Decrypt Record Lifecycle Event | Occurs when an agent causes the system to decode record entry content from a cipher. |
deidentify | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | De-Identify (Anononymize) Record Lifecycle Event | Occurs when an agent causes the system to scrub record entry content to reduce the association between a set of identifying data and the data subject in a way that might or might not be reversible. |
deprecate | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Deprecate Record Lifecycle Event | Occurs when an agent causes the system to tag record entry(ies) as obsolete, erroneous or untrustworthy, to warn against its future use. |
destroy | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Destroy/Delete Record Lifecycle Event | Occurs when an agent causes the system to permanently erase record entry content from the system. |
disclose | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Disclose Record Lifecycle Event | Occurs when an agent causes the system to release, transfer, provision access to, or otherwise divulge record entry content. |
encrypt | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Encrypt Record Lifecycle Event | Occurs when an agent causes the system to encode record entry content in a cipher. |
extract | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Extract Record Lifecycle Event | Occurs when an agent causes the system to selectively pull out a subset of record entry content, based on explicit criteria. |
link | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Link Record Lifecycle Event | Occurs when an agent causes the system to connect related record entries. |
merge | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Merge Record Lifecycle Event | Occurs when an agent causes the system to combine or join content from two or more record entries, resulting in a single logical record entry. |
originate | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Originate/Retain Record Lifecycle Event | Occurs when an agent causes the system to: a) initiate capture of potential record content, and b) incorporate that content into the storage considered a permanent part of the health record. |
pseudonymize | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Pseudonymize Record Lifecycle Event | Occurs when an agent causes the system to remove record entry content to reduce the association between a set of identifying data and the data subject in a way that may be reversible. |
reactivate | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Re-activate Record Lifecycle Event | Occurs when an agent causes the system to recreate or restore full status to record entries previously deleted or deprecated. |
receive | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Receive/Retain Record Lifecycle Event | Occurs when an agent causes the system to a) initiate capture of data content from elsewhere, and b) incorporate that content into the storage considered a permanent part of the health record. |
reidentify | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Re-identify Record Lifecycle Event | Occurs when an agent causes the system to restore information to data that allows identification of information source and/or information subject. |
unhold | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Remove Legal Hold Record Lifecycle Event | Occurs when an agent causes the system to remove a tag or other cues for special access management had required to fulfill organizational policy under the legal doctrine of “duty to preserve”. |
report | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Report (Output) Record Lifecycle Event | Occurs when an agent causes the system to produce and deliver record entry content in a particular form and manner. |
restore | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Restore Record Lifecycle Event | Occurs when an agent causes the system to recreate record entries and their content from a previous created archive artefact. |
transform | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Transform/Translate Record Lifecycle Event | Occurs when an agent causes the system to change the form, language or code system used to represent record entry content. |
transmit | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Transmit Record Lifecycle Event | Occurs when an agent causes the system to send record entry content from one (EHR/PHR/other) system to another. |
unlink | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Unlink Record Lifecycle Event | Occurs when an agent causes the system to disconnect two or more record entries previously connected, rendering them separate (disconnected) again. |
unmerge | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Unmerge Record Lifecycle Event | Occurs when an agent causes the system to reverse a previous record entry merge operation, rendering them separate again. |
verify | http://terminology.hl7.org/CodeSystem/iso-21089-lifecycle | Verify Record Lifecycle Event | Occurs when an agent causes the system to confirm compliance of data or data objects with regulations, requirements, specifications, or other imposed conditions based on organizational policy. |
See the full registry of value sets defined as part of FHIR.
Explanation of the columns that may appear on this page:
Lvl | A few code lists that FHIR defines are hierarchical - each code is assigned a level. For value sets, levels are mostly used to organize codes for user convenience, but may follow code system hierarchy - see Code System for further information |
Source | The source of the definition of the code (when the value set draws in codes defined elsewhere) |
Code | The code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract') |
Display | The display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application |
Definition | An explanation of the meaning of the concept |
Comments | Additional notes about how to use the code |