Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

Example ValueSet/security-label-data-examples (XML)

Vocabulary Work GroupMaturity Level: N/AStandards Status: Informative

Raw XML (canonical form + also see XML Format Specification)

Definition for Value SetExample set of Data Security Labels

<?xml version="1.0" encoding="UTF-8"?>

<ValueSet xmlns="http://hl7.org/fhir">
  <id value="security-label-data-examples"/> 
  <meta> 
    <lastUpdated value="2022-09-10T04:52:37.223+10:00"/> 
    <profile value="http://hl7.org/fhir/StructureDefinition/shareablevalueset"/> 
  </meta> 
  <text> 
    <status value="extensions"/> 
    <div xmlns="http://www.w3.org/1999/xhtml">
      <p> This value set includes codes based on the following rules:</p> 
      <ul> 
        <li> Include these codes as defined in 
          <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-Confidentiality.html">
            <code> http://terminology.hl7.org/CodeSystem/v3-Confidentiality</code> 
          </a> 
          <table class="none">
            <tr> 
              <td style="white-space:nowrap">
                <b> Code</b> 
              </td> 
              <td> 
                <b> Display</b> 
              </td> 
              <td> 
                <b> Definition</b> 
              </td> 
            </tr> 
            <tr> 
              <td> 
                <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-Confidentiality.html#v3-Confidentiality-N">N</a> 
              </td> 
              <td> normal</td> 
              <td> Privacy metadata indicating the level of protection required to safeguard personal
                 and healthcare information, which if disclosed without authorization, would present
                 a considerable risk of harm to an individual's reputation and sense of privacy.
                <br/>  
                <br/>  *Usage Note:* The level of protection afforded normatively confidential information
                 is dictated by the prevailing normative privacy policies, which are intended to
                 engender patient trust in their healthcare providers.
                <br/>  
                <br/>  Privacy policies mandating normative levels of protection, which preempt less protective
                 privacy policies when the information is used in the delivery and management of
                 healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting
                 or emergency treatment).
                <br/>  
                <br/>  Confidentiality code total order hierarchy: Normal (N) is less protective than
                 *V* and *R*, and subsumes all other protection levels (i.e., *M, L, and U*).
                <br/>  
                <br/>  **Map:**Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care when purpose
                 of use is treatment: Default for normal clinical care access (i.e., most clinical
                 staff directly caring for the patient should be able to access nearly all of the
                 EHR). Maps to normal confidentiality for treatment information but not to ancillary
                 care, payment and operations.
                <br/>  
                <br/>  **Examples:** 
                <br/>  
                <br/>  n the US, this includes what HIPAA identifies as protected health information (PHI)
                 under 45 CFR Section 160.103.
              </td> 
            </tr> 
            <tr> 
              <td> 
                <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-Confidentiality.html#v3-Confidentiality-R">R</a> 
              </td> 
              <td> restricted</td> 
              <td> Privacy metadata indicating the level of protection required to safeguard potentially
                 stigmatizing information, which if disclosed without authorization, would present
                 a high risk of harm to an individual's reputation and sense of privacy.
                <br/>  
                <br/>  *Usage Note:* The level of protection afforded restricted confidential information
                 is dictated by specially protective organizational or jurisdictional privacy policies,
                 including at an authorized individual’s request, intended to engender patient
                 trust in providers of sensitive services.
                <br/>  
                <br/>  Privacy policies mandating additional levels of protection by restricting information
                 access preempt less protective privacy policies when the information is used in
                 the delivery and management of healthcare. May be pre-empted by jurisdictional
                 law (e.g., for public health reporting or emergency treatment).
                <br/>  
                <br/>  Confidentiality code total order hierarchy: Restricted (R) is less protective than
                 *V*, and subsumes all other protection levels (i.e., *N, M, L, and U*).
                <br/>  
                <br/>  **Examples:** 
                <br/>  
                <br/>  Includes information that is additionally protected such as sensitive conditions
                 mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease,
                 and reproductive health; or sensitive demographic information such as a patient’s
                 standing as an employee or a celebrity. May be used to indicate proprietary or
                 classified information that is not related to an individual (e.g., secret ingredients
                 in a therapeutic substance; or the name of a manufacturer).
              </td> 
            </tr> 
          </table> 
        </li> 
        <li> Include these codes as defined in 
          <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html">
            <code> http://terminology.hl7.org/CodeSystem/v3-ActCode</code> 
          </a> 
          <table class="none">
            <tr> 
              <td style="white-space:nowrap">
                <b> Code</b> 
              </td> 
              <td> 
                <b> Display</b> 
              </td> 
              <td> 
                <b> Definition</b> 
              </td> 
            </tr> 
            <tr> 
              <td> 
                <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-ETH">ETH</a> 
              </td> 
              <td> substance abuse information sensitivity</td> 
              <td> Policy for handling alcohol or drug-abuse information, which will be afforded heightened
                 confidentiality. Information handling protocols based on organizational policies
                 related to alcohol or drug-abuse information that is deemed sensitive.
                <br/>  
                <br/>  *Usage Note:* If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw
                 code system, and specify the law rather than or in addition to this more generic
                 code.
              </td> 
            </tr> 
            <tr> 
              <td> 
                <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-PSY">PSY</a> 
              </td> 
              <td> psychiatry disorder information sensitivity</td> 
              <td> Policy for handling psychiatry psychiatric disorder information, which is afforded
                 heightened confidentiality.
                <br/>  
                <br/>  *Usage Note:* If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw
                 code system, and specify the law rather than or in addition to this more generic
                 code.
              </td> 
            </tr> 
            <tr> 
              <td> 
                <a href="http://terminology.hl7.org/3.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-STD">STD</a> 
              </td> 
              <td> sexually transmitted disease information sensitivity</td> 
              <td> Policy for handling sexually transmitted disease information, which will be afforded
                 heightened confidentiality. Information handling protocols based on organizational
                 policies related to sexually transmitted disease information that is deemed sensitive.
                <br/>  
                <br/>  *Usage Note:* If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw
                 code system, and specify the law rather than or in addition to this more generic
                 code.
              </td> 
            </tr> 
          </table> 
        </li> 
      </ul> 
    </div> 
  </text> 
  <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
    <valueCode value="sec"/> 
  </extension> 
  <url value="http://hl7.org/fhir/ValueSet/security-label-data-examples"/> 
  <identifier> 
    <system value="urn:ietf:rfc:3986"/> 
    <value value="urn:oid:2.16.840.1.113883.4.642.3.3013"/> 
  </identifier> 
  <version value="5.0.0-ballot"/> 
  <name value="SecurityLabelDataExamples"/> 
  <title value="Example set of Data Security Labels"/> 
  <status value="draft"/> 
  <experimental value="false"/> 
  <date value="2022-05-10"/> 
  <publisher value="HL7 Security Work Group"/> 
  <contact> 
    <telecom> 
      <system value="url"/> 
      <value value="http://hl7.org/fhir"/> 
    </telecom> 
    <telecom> 
      <system value="email"/> 
      <value value="fhir@lists.hl7.org"/> 
    </telecom> 
  </contact> 
  <description value="A sample of security labels from [Healthcare Privacy and Security Classification
   System](security-labels.html#hcs) used on data (.meta.security) to indicate confidentialityCo
  de classification and maybe sensitivity codes."/> 
  <compose> 
    <include> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/> 
      <concept> 
        <code value="N"/> 
      </concept> 
      <concept> 
        <code value="R"/> 
      </concept> 
    </include> 
    <include> 
      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> 
      <concept> 
        <code value="ETH"/> 
      </concept> 
      <concept> 
        <code value="PSY"/> 
      </concept> 
      <concept> 
        <code value="STD"/> 
      </concept> 
    </include> 
  </compose> 
</ValueSet> 

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.