This value set includes codes based on the following rules:

• Include these codes as defined in http://hl7.org/fhir/v3/ActCode version 📍1.0.2

  Code	Display	Definition
  _ActInformationSensitivityPolicy	ActInformationSensitivityPolicy	Types of sensitivity policies that apply to Acts. Act.confidentialityCode is defined in the RIM as "constraints around appropriate disclosure of information about this Act, regardless of mood." Usage Note: ActSensitivity codes are used to bind information to an Act.confidentialityCode according to local sensitivity policy so that those confidentiality codes can then govern its handling across enterprises. Internally to a policy domain, however, local policies guide the access control system on how end users in that policy domain are able to use information tagged with these sensitivity values.
  _EntitySensitivityPolicyType	EntityInformationSensitivityPolicy	Types of sensitivity policies that may apply to a sensitive attribute on an Entity. Usage Note: EntitySensitivity codes are used to convey a policy that is applicable to sensitive information conveyed by an entity attribute. May be used to bind a Role.confidentialityCode associated with an Entity per organizational policy. Role.confidentialityCode is defined in the RIM as "an indication of the appropriate disclosure of information about this Role with respect to the playing Entity."
  _InformationSensitivityPolicy	InformationSensitivityPolicy	A mandate, obligation, requirement, rule, or expectation characterizing the value or importance of a resource and may include its vulnerability. (Based on ISO7498-2:1989. Note: The vulnerability of personally identifiable sensitive information may be based on concerns that the unauthorized disclosure may result in social stigmatization or discrimination.) Description: Types of Sensitivity policy that apply to Acts or Roles. A sensitivity policy is adopted by an enterprise or group of enterprises (a 'policy domain') through a formal data use agreement that stipulates the value, importance, and vulnerability of information. A sensitivity code representing a sensitivity policy may be associated with criteria such as categories of information or sets of information identifiers (e.g. a value set of clinical codes or branch in a code system hierarchy). These criteria may in turn be used for the Policy Decision Point in a Security Engine. A sensitivity code may be used to set the confidentiality code used on information about Acts and Roles to trigger the security mechanisms required to control how security principals (i.e., a person, a machine, a software application) may act on the information (e.g. collection, access, use, or disclosure). Sensitivity codes are never assigned to the transport or business envelope containing patient specific information being exchanged outside of a policy domain as this would disclose the information intended to be protected by the policy. When sensitive information is exchanged with others outside of a policy domain, the confidentiality code on the transport or business envelope conveys the receiver's responsibilities and indicates the how the information is to be safeguarded without unauthorized disclosure of the sensitive information. This ensures that sensitive information is treated by receivers as the sender intends, accomplishing interoperability without point to point negotiations. Usage Note: Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements. For example, an employee's sensitivity code would make little sense for use outside of a policy domain. 'Taboo' would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply. Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable InformationSensitivityPolicy Act.code may be useful in some scenarios if used in combination with a sensitivity identifier and/or Act.title.
  _RoleInformationSensitivityPolicy	RoleInformationSensitivityPolicy	Types of sensitivity policies that apply to Roles. Usage Notes: RoleSensitivity codes are used to bind information to a Role.confidentialityCode per organizational policy. Role.confidentialityCode is defined in the RIM as "an indication of the appropriate disclosure of information about this Role with respect to the playing Entity."

• Include these codes as defined in http://hl7.org/fhir/v3/Confidentiality version 📍1.0.2

  Code	Display	Definition
  B	business	Description: Since the service class can represent knowledge structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to flag those items as of business level confidentiality. However, no patient related information may ever be of this confidentiality level. Deprecation Comment: Replced by ActCode.B
  C	celebrity	Description: Celebrities are people of public interest (VIP) including employees, whose information require special protection. Deprecation Comment:Replced by ActCode.CEL
  D	clinician	Description: Only clinicians may see this item, billing and administration persons can not access this item without special permission. Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode
  ETH	substance abuse related	Description: Alcohol/drug-abuse related item Deprecation Comment:Replced by ActCode.ETH
  HIV	HIV related	Description: HIV and AIDS related item Deprecation Comment:Replced by ActCode.HIV
  I	individual	Description: Access only to individual persons who are mentioned explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code). Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode
  PSY	psychiatry relate	Description: Psychiatry related item Deprecation Comment:Replced by ActCode.PSY
  S	sensitive	Description: Information for which the patient seeks heightened confidentiality. Sensitive information is not to be shared with family members. Information reported by the patient about family members is sensitive by default. Flag can be set or cleared on patient's request. Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode
  SDV	sexual and domestic violence related	Description: Sexual assault / domestic violence related item Deprecation Comment:Replced by ActCode.SDV
  T	taboo	Description: Information not to be disclosed or discussed with patient except through physician assigned to patient in this case. This is usually a temporary constraint only, example use is a new fatal diagnosis or finding, such as malignancy or HIV. Deprecation Note:Replced by ActCode.TBOO
  _Confidentiality	Confidentiality	A specializable code and its leaf codes used in Confidentiality value sets to value the Act.Confidentiality and Role.Confidentiality attribute in accordance with the definition for concept domain "Confidentiality".
  _ConfidentialityByAccessKind	ConfidentialityByAccessKind	Description: By accessing subject / role and relationship based rights (These concepts are mutually exclusive, one and only one is required for a valid confidentiality coding.) Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode
  _ConfidentialityByInfoType	ConfidentialityByInfoType	Description: By information type, only for service catalog entries (multiples allowed). Not to be used with actual patient data! Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode
  _ConfidentialityModifiers	ConfidentialityModifiers	Description: Modifiers of role based access rights (multiple allowed) Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode

• Include these codes as defined in http://hl7.org/fhir/v3/ObservationValue version 📍1.0.2

  Code	Display	Definition
  _SECALTINTOBV	alteration integrity	Abstract security metadata observation values used to indicate mechanism used for authorized alteration of an IT resource (data, information object, service, or system capability)
  _SECDATINTOBV	data integrity	Abstract security observation values used to indicate data integrity metadata. Examples: Codes conveying the mechanism used to preserve the accuracy and consistency of an IT resource such as a digital signature and a cryptographic hash function.
  _SECINTCONOBV	integrity confidence	Abstract security observation value used to indicate integrity confidence metadata. Examples: Codes conveying the level of reliability and trustworthiness of an IT resource.
  _SECINTPRVABOBV	provenance asserted by	Abstract security provenance metadata observation value used to indicate the entity that asserted an IT resource (data, information object, service, or system capability). Examples: Codes conveying the provenance metadata about the entity asserting the resource.
  _SECINTPRVOBV	provenance	Abstract security metadata observation value used to indicate the provenance of an IT resource (data, information object, service, or system capability). Examples: Codes conveying the provenance metadata about the entity reporting an IT resource.
  _SECINTPRVRBOBV	provenance reported by	Abstract security provenance metadata observation value used to indicate the entity that reported the resource (data, information object, service, or system capability). Examples: Codes conveying the provenance metadata about the entity reporting an IT resource.

This value set expansion contains 24 concepts.