2nd DSTU Draft For Comment

This page is part of the FHIR Specification (v0.4.0: DSTU 2 Draft). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

V3-InformationSensitivityPolicy.xml

Raw XML (canonical form)

Sensitivity codes are not useful for interoperability outside of a policy domain because sensitivity policies are typically localized and vary drastically across policy domains even for the same information category because of differing organizational business rules, security policies, and jurisdictional requirements. For example, an "employee" sensitivity code would make little sense for use outside of a policy domain. "Taboo" would rarely be useful outside of a policy domain unless there are jurisdictional requirements requiring that a provider disclose sensitive information to a patient directly. Sensitivity codes may be more appropriate in a legacy system's Master Files in order to notify those who access a patient's orders and observations about the sensitivity policies that apply. Newer systems may have a security engine that uses a sensitivity policy's criteria directly. The specializable Sensitivity Act.code may be useful in some scenarious if used in combination with a sensitivity identifier and/or Act.title. (OID = 2.16.840.1.113883.1.11.20428)

Raw XML

<ValueSet xmlns="http://hl7.org/fhir">
  <id value="v3-vs-InformationSensitivityPolicy"/>
  <meta>
    <lastUpdated value="2015-02-23T09:07:27.665+11:00"/>
    <profile value="http://hl7.org/fhir/Profile/valueset-shareable-definition"/>
  </meta>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml"><!-- Snipped for brevity --></div>
  </text>
  <extension url="http://hl7.org/fhir/ExtensionDefinition/valueset-oid">
    <valueUri value="urn:oid:2.16.840.1.113883.1.11.20428"/>
  </extension>
  <url value="http://hl7.org/fhir/v3/vs/InformationSensitivityPolicy"/>
  <version value="2014-03-26"/>
  <name value="InformationSensitivityPolicy"/>
  <publisher value="HL7 v3"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org"/>
    </telecom>
  </contact>
  <description value=" Sensitivity codes are not useful for interoperability outside of a policy domain because
      sensitivity policies are typically localized and vary drastically across policy domains
      even for the same information category because of differing organizational business rules,
      security policies, and jurisdictional requirements.  For example, an &quot;employee&quot;
      sensitivity code would make little sense for use outside of a policy domain.   &quot;Taboo&quot;
      would rarely be useful outside of a policy domain unless there are jurisdictional requirements
      requiring that a provider disclose sensitive information to a patient directly. Sensitivity
      codes may be more appropriate in a legacy system's Master Files in order to notify those
      who access a patient's orders and observations about the sensitivity policies that apply.
       Newer systems may have a security engine that uses a sensitivity policy's criteria directly.
      The specializable Sensitivity Act.code may be useful in some scenarious if used in combination
      with a sensitivity identifier and/or Act.title. (OID = 2.16.840.1.113883.1.11.20428)"/>
  <status value="active"/>
  <experimental value="false"/>
  <compose>
    <include>
      <system value="http://hl7.org/fhir/v3/ActCode"/>
      <filter>
        <property value="concept"/>
        <op value="is-a"/>
        <value value="_InformationSensitivityPolicy"/>
      </filter>
    </include>
  </compose>
</ValueSet>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.