Extensions for Using Data Elements from FHIR STU3 in FHIR R4B
0.1.0 - STU
Extensions for Using Data Elements from FHIR STU3 in FHIR R4B
0.1.0 - STU
Extensions for Using Data Elements from FHIR STU3 in FHIR R4B - Downloaded Version null See the Directory of published versions
| Official URL: http://hl7.org/fhir/uv/xver/ValueSet/R3-v3-ConfidentialityClassification-for-R4B | Version: 0.1.0 | |||
| Standards status: Trial-use | Maturity Level: 2 | Responsible: Structured Documents | Computable Name: R3V3ConfidentialityClassificationForR4B | |
This cross-version ValueSet represents content from http://hl7.org/fhir/ValueSet/v3-ConfidentialityClassification|2014-03-26 for use in FHIR R4B.
This value set is part of the cross-version definitions generated to enable use of the
value set http://hl7.org/fhir/ValueSet/v3-ConfidentialityClassification|2014-03-26 as defined in FHIR STU3
in FHIR R4B.
The source value set is bound to the following FHIR STU3 elements:
Composition.confidentiality as RequiredAcross FHIR versions, the value set has been mapped as:
http://hl7.org/fhir/ValueSet/v3-ConfidentialityClassification|2014-03-26http://terminology.hl7.org/ValueSet/v3-ConfidentialityClassification|2014-03-26Note that all concepts are included in this cross-version definition because no concepts have compatible representations
Following are the generation technical comments:
All concepts in the comparison are listed as identical.
The source and target value sets have the same number of active concepts (6).
FHIR ValueSet http://hl7.org/fhir/ValueSet/v3-ConfidentialityClassification|2014-03-26, defined in FHIR STU3 does not have any mapping to FHIR R4B
References
This value set is not used here; it may be used elsewhere (e.g. specifications and/or implementations that use this content)
http://hl7.org/fhir/v3/Confidentiality version 📍2016-11-11| Code | Display | Definition |
| L | low | Definition: Privacy metadata indicating that the information has been de-identified, and there are mitigating circumstances that prevent re-identification, which minimize risk of harm from unauthorized disclosure. The information requires protection to maintain low sensitivity. Examples: Includes anonymized, pseudonymized, or non-personally identifiable information such as HIPAA limited data sets. Map: No clear map to ISO 13606-4 Sensitivity Level (1) Care Management: RECORD_COMPONENTs that might need to be accessed by a wide range of administrative staff to manage the subject of care's access to health services. Usage Note: This metadata indicates the receiver may have an obligation to comply with a data use agreement. |
| M | moderate | Definition: Privacy metadata indicating moderately sensitive information, which presents moderate risk of harm if disclosed without authorization. Examples: Includes allergies of non-sensitive nature used inform food service; health information a patient authorizes to be used for marketing, released to a bank for a health credit card or savings account; or information in personal health record systems that are not governed under health privacy laws. Map: Partial Map to ISO 13606-4 Sensitivity Level (2) Clinical Management: Less sensitive RECORD_COMPONENTs that might need to be accessed by a wider range of personnel not all of whom are actively caring for the patient (e.g. radiology staff). Usage Note: This metadata indicates that the receiver may be obligated to comply with the receiver's terms of use or privacy policies. |
| N | normal | Definition: Privacy metadata indicating that the information is typical, non-stigmatizing health information, which presents typical risk of harm if disclosed without authorization. Examples: In the US, this includes what HIPAA identifies as the minimum necessary protected health information (PHI) given a covered purpose of use (treatment, payment, or operations). Includes typical, non-stigmatizing health information disclosed in an application for health, workers compensation, disability, or life insurance. Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations. Usage Note: This metadata indicates that the receiver may be obligated to comply with applicable jurisdictional privacy law or disclosure authorization. |
| R | restricted | Privacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment. Examples: Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual, e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer. Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.. Usage Note: This metadata indicates that the receiver may be obligated to comply with applicable, prevailing (default) jurisdictional privacy law or disclosure authorization.. |
| U | unrestricted | Definition: Privacy metadata indicating that the information is not classified as sensitive. Examples: Includes publicly available information, e.g., business name, phone, email or physical address. Usage Note: This metadata indicates that the receiver has no obligation to consider additional policies when making access control decisions. Note that in some jurisdictions, personally identifiable information must be protected as confidential, so it would not be appropriate to assign a confidentiality code of "unrestricted" to that information even if it is publicly available. |
| V | very restricted | . Privacy metadata indicating that the information is extremely sensitive and likely stigmatizing health information that presents a very high risk if disclosed without authorization. This information must be kept in the highest confidence. Examples: Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under “legal lock� or attorney-client privilege Map: This metadata indicates that the receiver may not disclose this information except as directed by the information custodian, who may be the information subject. Usage Note: This metadata indicates that the receiver may not disclose this information except as directed by the information custodian, who may be the information subject. |
This value set expansion contains 6 concepts.
| System | Version | Code | Display | Definition | JSON | XML |
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | L | low | Definition: Privacy metadata indicating that the information has been de-identified, and there are mitigating circumstances that prevent re-identification, which minimize risk of harm from unauthorized disclosure. The information requires protection to maintain low sensitivity. | ||
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | M | moderate | Definition: Privacy metadata indicating moderately sensitive information, which presents moderate risk of harm if disclosed without authorization. | ||
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | N | normal | Definition: Privacy metadata indicating that the information is typical, non-stigmatizing health information, which presents typical risk of harm if disclosed without authorization. | ||
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | R | restricted | Privacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment. | ||
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | U | unrestricted | Definition: Privacy metadata indicating that the information is not classified as sensitive. | ||
http://hl7.org/fhir/v3/Confidentiality | 2016-11-11 | V | very restricted | . Privacy metadata indicating that the information is extremely sensitive and likely stigmatizing health information that presents a very high risk if disclosed without authorization. This information must be kept in the highest confidence. |
Explanation of the columns that may appear on this page:
| Level | A few code lists that FHIR defines are hierarchical - each code is assigned a level. In this scheme, some codes are under other codes, and imply that the code they are under also applies |
| System | The source of the definition of the code (when the value set draws in codes defined elsewhere) |
| Code | The code (used as the code in the resource instance) |
| Display | The display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application |
| Definition | An explanation of the meaning of the concept |
| Comments | Additional notes about how to use the code |
IG © 2025+ FHIR Infrastructure. Package hl7.fhir.uv.xver-r3.r4b#0.1.0 based on FHIR 4.3.0. Generated 2026-03-20
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change