CDA, FHIR, and HL7 V2 use the same Confidentiality code system, so the same definitions apply in all syntax. So "N" in a CDA means the same as "N" in V2. CDA uses the limited "Basic" Confidentiality value set (VR, R, and N), so policies with M, L, and U could not be represented in CDA. How to does an "assigner" classify the confidentiality level of protection of healthcare information? Answering this question is the main purpose of this IG, and we will amplify that discussion with the following if it is missing: Answer: By parsing the potential risk of harm, which may result from unauthorized collection, access, use, or disclosure of information in accordance with applicable policy. The definition of HL7 Confidentiality codes are based on variance from “normative” level of confidentiality protection as a metric for differentiating the hierarchical demarcations of this multi-level security model. That hierarchical order pivots on the "normative" level of confidentiality protection that prevails in a jurisdiction regardless of the realm. In the US, the norm for confidentiality of information shared in the delivery of healthcare is HIPAA. Other US laws relating to health information preempt HIPAA by either increasing or decreasing the level of confidentiality afforded governed information. For example, in the US, secondary uses of healthcare information by research, public health, banks, workers compensation, disability and property and casualty insurers, employers have specific confidentiality requirements for collection, access, use, and disclosure within their policy domains, which are different from and less stringent than HIPAA confidentiality protections. This level of confidentiality protection is "moderate" to facilitate sharing of health information to accomplish business purposes, which may not engender the level of trust required for the delivery of healthcare. In contrast, for information deemed to present a potentially higher risk of harm if shared without authorization, the governing policy may require a higher level of confidentiality protection. This is often true of information that could result in discrimination or stigmatization detrimental to encouraging patients to seek care. Such information is referred to as "specially protected" or "additionally protected". In addition to the confidentiality tag "R" (restricted), security labels for such policies include one or more sensitivity tags representing the type of protected information. Sensitivity tag indicates that only entities with the "need to know" this information in order to provide healthcare should be authorized to collect, access, or use. Disclosure of sensitive information under these policies may require patient consent, and often dictate controls over custodian and receiver uses, obligations, and prohibited actions. Description for all 6 Confidentiality Codes Security labels with a Confidentiality code "U" (unrestricted) convey policies that do not limit the use of healthcare information except as stipulated in contract, e.g., a social media platform's privacy policies or terms of service, or where the use may be deemed, for example, as discriminatory, harassment, or defamation of character under law. • Unrestricted: The “unrestricted” confidentiality code conveys the level of confidentiality protection that applies to sensitive and non-sensitive information that has been disclosed with few or no restrictions on its use as may be stipulated contractually between the data subject and a data user (e.g., via terms of service or data user privacy policies such as disclosure for marketing purposes or on social media); or policies that limit uses which may be deemed as discriminatory, harassment, or defamation of character • Low: The “low” confidentiality code conveys the level of confidentiality protection that applies to sensitive and non-sensitive information, which has been altered in such a way as to minimize the need for confidentiality protections with some residual risks associated with re-linking. • Moderate: The “moderate” confidentiality code conveys a tailored level of the “normative” confidentiality protection applied to healthcare information when a data subject authorizes disclosure for purposes of secondary use outside the context of healthcare delivery, e.g., for research, benefit determination such as Social Security Administration (SSA), personal health record systems/apps, banking, life or property and casualty insurance, employment, and marketing where other privacy laws apply specifically to those activities. • Normal: The “normal” confidentiality code conveys that the "normative" level of confidentiality protection afforded healthcare information related to the provision of healthcare that prevail in a policy domain, e.g., as required in the US under the HIPAA Privacy and Security Rules, and in the EU under GDPR. Such privacy policies are designed to mitigate the risk of unauthorized disclosure while ensuring the healthcare information may be shared among care givers and for healthcare payment and operations to meet the needs of patients. Within a policy domain, the “norm” for health information confidentiality protection acts as a pivot between lower and higher levels of health information protection on the confidentiality scale. • Restricted: The “restricted” confidentiality code conveys a more stringent level of confidentiality protection applied when a narrower policy domain preempts the “normative” level of protection in a wider policy domain (e.g., HIPAA in US, GDPR in EU) of sensitive information within the context of healthcare delivery. Examples include State behavioral health, reproductive health, minors’ health, and HIV laws; Medicaid Confidentiality; Title 38 Section 7332; and 42 CFR Part 2. • Very Restricted: The “very restricted” confidentiality code conveys the most stringent level of confidentiality applied to healthcare information, when an ad hoc and unpredictable risk arises, which raises the level of protection beyond “normal” or “restricted” such as a legal hold or patient safety from imminent harm. Note that it is the unpredictability of these situations that makes computable determination difficult, unlike the other levels of confidentiality protection, where the context provides a computable indicator for assigning a confidentiality code.