Details
-
Change Request
-
Resolution: Not Persuasive with Modification
-
Highest
-
FHIR Data Segmentation for Privacy (FHIR)
-
0.1 [deprecated]
-
Security
-
Detailed Specification [deprecated]
-
-
Mohammad Jafari / Trish Williams : 6-0-0
-
Clarification
-
Non-substantive
Description
The entire notion that through the act of receiving information, the receiver is therefore obligated to take additional action is flawed. It seems obvious that information should not be released until requirements to receive it are met OR that policy and/or legal obligations exist beyond the exchange of information. For example, the presence of a CPLYJPP code on a FHIR resource isn't the reason why a hospital must comply to "applicable jurisdictional privacy policies"! The hospital must comply becauses there are laws in place! Similarly, instead of the sender of data placing a "DEID" tag on a FHIR resource, the receiver should only have access to de-identified data.
Existing Wording:
https://www.hl7.org/fhir/v3/ObligationPolicy/vs.html Conveys the mandated workflow action that an information custodian, receiver, or user must perform.
Attachments
Issue Links
- is voted on by
-
BALLOT-13161 Negative - Christopher Schaut : 2020-May-DS4P R1 STU
- Balloted