This value set includes codes based on the following rules:

• Include these codes as defined in http://hl7.org/fhir/v3/ActCode version 📍2016-11-11

  Code	Display	Definition
  AOD	accounting of disclosure	Custodian system must make available to an information subject upon request an accounting of certain disclosures of the individual’s protected health information over a period of time. Policy may dictate that the accounting include information about the information disclosed, the date of disclosure, the identification of the receiver, the purpose of the disclosure, the time in which the disclosing entity must provide a response and the time period for which accountings of disclosure can be requested.
  AUDIT	audit	Custodian system must monitor systems to ensure that all users are authorized to operate on information objects.
  AUDTR	audit trail	Custodian system must monitor and maintain retrievable log for each user and operation on information.
  CPLYCC	comply with confidentiality code	Custodian security system must retrieve, evaluate, and comply with the information handling directions of the Confidentiality Code associated with an information target.
  CPLYCD	comply with consent directive	Custodian security system must retrieve, evaluate, and comply with applicable information subject consent directives.
  CPLYJPP	comply with jurisdictional privacy policy	Custodian security system must retrieve, evaluate, and comply with applicable jurisdictional privacy policies associated with the target information.
  CPLYOPP	comply with organizational privacy policy	Custodian security system must retrieve, evaluate, and comply with applicable organizational privacy policies associated with the target information.
  CPLYOSP	comply with organizational security policy	Custodian security system must retrieve, evaluate, and comply with the organizational security policies associated with the target information.
  CPLYPOL	comply with policy	Custodian security system must retrieve, evaluate, and comply with applicable policies associated with the target information.
  DECLASSIFYLABEL	declassify security label	Custodian security system must declassify information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as unclassified in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
  DELAU	delete after use	Custodian system must remove target information from access after use.
  DOWNGRDLABEL	downgrade security label	Custodian security system must downgrade information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as classified at a less protected level in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
  DRIVLABEL	derive security label	Custodian security system must assign and bind security labels derived from compilations of information by aggregation or disaggregation in order to classify information compiled in the information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.
  ENCRYPT	encrypt	Custodian system must render information unreadable by algorithmically transforming plaintext into ciphertext. Usage Notes: A mathematical transposition of a file or data stream so that it cannot be deciphered at the receiving end without the proper key. Encryption is a security feature that assures that only the parties who are supposed to be participating in a videoconference or data transfer are able to do so. It can include a password, public and private keys, or a complex combination of all. (Per Infoway.)
  ENCRYPTR	encrypt at rest	Custodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext when "at rest" or in storage.
  ENCRYPTT	encrypt in transit	Custodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext while "in transit" or being transported by any means.
  ENCRYPTU	encrypt in use	Custodian system must render information unreadable and unusable by algorithmically transforming plaintext into ciphertext while in use such that operations permitted on the target information are limited by the license granted to the end user.
  HUAPRV	human approval	Custodian system must require human review and approval for permission requested.
  MINEC	minimum necessary	Custodian must limit access and disclosure to the minimum information required to support an authorized user's purpose of use. Usage Note: Limiting the information available for access and disclosure to that an authorized user or receiver "needs to know" in order to perform permitted workflow or purpose of use.
  ObligationPolicy	obligation policy	Conveys the mandated workflow action that an information custodian, receiver, or user must perform. Usage Notes: Per ISO 22600-2, ObligationPolicy instances 'are event-triggered and define actions to be performed by manager agent'. Per HL7 Composite Security and Privacy Domain Analysis Model: This value set refers to the action required to receive the permission specified in the privacy rule. Per OASIS XACML, an obligation is an operation specified in a policy or policy that is performed in conjunction with the enforcement of an access control decision.
  PERSISTLABEL	persist security label	Custodian security system must persist the binding of security labels to classify information received or imported by information systems under its control for collection, access, use and disclosure in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the assignment and binding.
  PRIVMARK	privacy mark	Custodian must create and/or maintain human readable security label tags as required by policy. Map: Aligns with ISO 22600-3 Section A.3.4.3 description of privacy mark: "If present, the privacy-mark is not used for access control. The content of the privacy-mark may be defined by the security policy in force (identified by the security-policy-identifier) which may define a list of values to be used. Alternately, the value may be determined by the originator of the security-label."
  REDACT	redact	Custodian system must remove information, which is not authorized to be access, used, or disclosed from records made available to otherwise authorized users.
  UPGRDLABEL	upgrade security label	Custodian security system must declassify information assigned security labels by instantiating a new version of the classified information so as to break the binding of the classifying security label when assigning a new security label that marks the information as classified at a more protected level in accordance with applicable jurisdictional privacy policies associated with the target information. The system must retain an immutable record of the previous assignment and binding.

• Include these codes as defined in http://hl7.org/fhir/v3/DataOperation version 📍2016-11-11

  Code	Display	Definition
  ABORT	abort	Description:Change the status of an object representing an Act to "aborted", i.e., terminated prior to the originally intended completion. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  ACTIVATE	activate	Description:Change the status of an object representing an Act to "active", i.e., so it can be performed or is being performed, for the first time. (Contrast with REACTIVATE.) For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  CANCEL	cancel	Description:Change the status of an object representing an Act to "cancelled", i.e., abandoned before activation. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  COMPLETE	complete	Description:Change the status of an object representing an Act to "completed", i.e., terminated normally after all of its constituents have been performed. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  EXECUTE	execute	Description:Fundamental operation in an IS that results only in initiating performance of a single or set of programs (i.e., software objects). Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
  HOLD	hold	Description:Change the status of an object representing an Act to "held", i.e., put aside an Act that is still in preparatory stages. No action can occur until the Act is released. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  JUMP	jump	Description:Change the status of an object representing an Act to a normal state. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  MODIFYSTATUS	modify status	Description:Change the status of an object representing an Act.
  OBSOLETE	obsolete	Description:Change the status of an object representing an Act to "obsolete" when it has been replaced by a new instance. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  OPERATE	operate	Description:Act on an object or objects.
  REACTIVATE	reactivate	Description:Change the status of a formerly active object representing an Act to "active", i.e., so it can again be performed or is being performed. (Contrast with ACTIVATE.) For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  READ	read	Description:Fundamental operation in an Information System (IS) that results only in the flow of information about an object to a subject. Note: The preceding definition is taken from the HL7 RBAC specification. There is no restriction on how the operation is invoked, e.g., via a user interface.
  RELEASE	release	Description:Change the status of an object representing an Act so it is no longer "held", i.e., allow action to occur. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  RESUME	resume	Description:Change the status of a suspended object representing an Act to "active", i.e., so it can be performed or is being performed. For an HL7 Act, the state transitions per the HL7 Reference Information Model.
  SUSPEND	suspend	Definition:Change the status of an object representing an Act to suspended, i.e., so it is temporarily not in service.

• Include these codes as defined in http://hl7.org/fhir/v3/DocumentCompletion version 📍2016-11-11

  Code	Display	Definition
  AU	authenticated	A completion status in which a document has been signed manually or electronically by one or more individuals who attest to its accuracy. No explicit determination is made that the assigned individual has performed the authentication. While the standard allows multiple instances of authentication, it would be typical to have a single instance of authentication, usually by the assigned individual.
  DI	dictated	A completion status in which information has been orally recorded but not yet transcribed.
  DO	documented	A completion status in which document content, other than dictation, has been received but has not been translated into the final electronic format. Examples include paper documents, whether hand-written or typewritten, and intermediate electronic forms, such as voice to text.
  IN	incomplete	A completion status in which information is known to be missing from a transcribed document.
  IP	in progress	A workflow status where the material has been assigned to personnel to perform the task of transcription. The document remains in this state until the document is transcribed.
  NU	nullified document	A completion status in which a document was created in error or was placed in the wrong chart. The document is no longer available.
  PA	pre-authenticated	A completion status in which a document is transcribed but not authenticated.
  UC	unsigned completed document	A completion status where the document is complete and there is no expectation that the document will be signed.

This value set expansion contains 47 concepts.

                       Usage Notes: A mathematical transposition of a file or data stream so that it cannot be deciphered at the receiving end without the proper key. Encryption is a security feature that assures that only the parties who are supposed to be participating in a videoconference or data transfer are able to do so. It can include a password, public and private keys, or a complex combination of all.  (Per Infoway.)

                       Usage Note: Limiting the information available for access and disclosure to that an authorized user or receiver "needs to know" in order to perform permitted workflow or purpose of use.

                       Usage Notes: Per ISO 22600-2, ObligationPolicy instances 'are event-triggered and define actions to be performed by manager agent'. Per HL7 Composite Security and Privacy Domain Analysis Model:  This value set refers to the action required to receive the permission specified in the privacy rule. Per OASIS XACML, an obligation is an operation specified in a policy or policy that is performed in conjunction with the enforcement of an access control decision.

                    Map:  Aligns with ISO 22600-3 Section A.3.4.3 description of privacy mark:  "If present, the privacy-mark is not used for access control. The content of the privacy-mark may be defined by the security policy in force (identified by the security-policy-identifier) which may define a list of values to be used. Alternately, the value may be determined by the originator of the security-label."