Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-25180

Add annotation extension to security labels

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive
    • Icon: Medium Medium
    • FHIR Core (FHIR)
    • STU3
    • FHIR Infrastructure
    • Schedule
    • Security Labels
    • Hide

      We believe that the use of this extension is complex enough that it should be define as part of an IG that can better describe its context and use.  Core extensions tend to be used for simple concepts that can easily be defined and understood by most people without a lot of explication.  Perhaps the DS4P would be a good candidate?

      Show
      We believe that the use of this extension is complex enough that it should be define as part of an IG that can better describe its context and use.  Core extensions tend to be used for simple concepts that can easily be defined and understood by most people without a lot of explication.  Perhaps the DS4P would be a good candidate?
    • Paul Church/Gino Canessa: 9-0-0

    Description

      Add an annotation extension on the Coding datatype, for use when the code is a PrivacyMark security label, e.g., for CUI or COPYMark, so that the author/designator of that PrivacyMark tag can be identified and so that the mandatory banner can be included. This annotation extension is only to be used in .meta.security. Discussion on this proposal are at https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/Proposed.20extension.20for.20CUI.20codes

      Example where more than one Privacy Mark must be concatenated. May only need the text value for the first Privacy Mark security label with implementation guidance, but showing in each of 3 [Apologies for scrambling the xml]:

      <Patient xmlns="http://hl7.org/fhir">

      <meta>

      <security>

      <extention url="http://hl7.org/fhir/StructureDefinition/coding-cui-annotation">

      <authorReference value="http://example.fhir.org/Organization/vha"

      <text>

      <text value="*CUI//SP-HLTH/HLTH/PRVCY*\r\n\r\n ([Veterans Health Administration, Washington, DC 20420](http://example.fhir.org/Organization/vha))"/>

      </text>

      </extension>

      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>

      <code value="CUIHLTH"/>

      <display value="CUI//HLTH"/>

      </security>

      <security>

      <extention url="http://hl7.org/fhir/StructureDefinition/coding-cui-annotation">

      <authorReference value="http://example.fhir.org/Organization/vha

      <text>

      <text value="*CUI//SP-HLTH/HLTH/PRVCY*\r\n\r\n ([Veterans Health Administration, Washington, DC 20420](http://example.fhir.org/Organization/vha))"/>

      </text>

      </extension>

      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>

      <code value="CUIPRVCY"/>

      <display value="CUI//PRVCY"/>

      </security>

      <security>

      <extention url="http://hl7.org/fhir/StructureDefinition/coding-cui-annotation">

      <authorReference value="http://example.fhir.org/Organization/vha

      <text>

      <text value="*CUI//SP-HLTH/HLTH/PRVCY*\r\n\r\n ([Veterans Health Administration, Washington, DC 20420](http://example.fhir.org/Organization/vha))"/>

      </text>

      </extension>

      <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>

      <code value="CUISP-HLTH"/>

      <display value="CUI//SP-HLTH"/>

      </security>

      <security>

      <system value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/>

      <code value="R"/>

      <display value="Restricted"/>

      </security>

      </meta>

      ... [snip] ...

      </Patient>

      Attachments

        Activity

          People

            john_moehrke John Moehrke
            k.connor Kathleen Connor
            Kathleen Connor
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: