Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-28066

The HL7 CDA DS4P IG restricts the value set for the security labels to "N,R, and VR".

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Low Low
    • FHIR Data Segmentation for Privacy (FHIR)
    • 0.1 [deprecated]
    • Security
    • Home
    • 2.1.1.1
    • Hide

      We had added comments to explain that the DS4P CDA IG is constrained to the "Basic Confidentiality" value set, which includes a subset of the full Confidentiality code system, and that this constraint does not apply to the use of Confidentiality code values used in either HL7 Version 2 or FHIR. Therefore, the DS4P CDA IG will not be able to support security labels with Confidentiality codes "U" (unrestricted), "L" (low), and "M" (moderate).

      Show
      We had added comments to explain that the DS4P CDA IG is constrained to the "Basic Confidentiality" value set, which includes a subset of the full Confidentiality code system, and that this constraint does not apply to the use of Confidentiality code values used in either HL7 Version 2 or FHIR. Therefore, the DS4P CDA IG will not be able to support security labels with Confidentiality codes "U" (unrestricted), "L" (low), and "M" (moderate).
    • Mohammad Jafari/Kathleen Connor: 6-0-1
    • Clarification
    • Non-substantive

    Description

      The HL7 CDA DS4P IG restricts the value set for the security labels to "N,R, and VR". This guide specifies that it is using Security Labels in accordance with the HL7 Healthcare Privacy and Security Classification System (HCS), Release 1(HCS) and uses a privacy marking of "Moderate" as an example (Section 2.1.1.1). Please clarify how this DS4P FHIR IG is aligned with the CDA DS4P IG if the allowed values for the security labels are different. Same question applies to values of "Low" and "Unrestricted".

      Existing Wording:

      Information governed by privacy laws, which do not preempt HIPAA, such as protections under FTC, Workers Compensation, or Gramm-Leach-Bliley Act, will be assigned the Confidentiality tag M (moderate).

      Attachments

        Activity

          People

            Unassigned Unassigned
            norvis9 Nancy Orvis
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: