Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-33524

A uni-variate confidentiality scale does not reflect the contextual needs of healthcare

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive with Modification
    • Icon: Medium Medium
    • FHIR Data Segmentation for Privacy (FHIR)
    • current
    • Security
    • STU
    • (NA)
    • Hide

      It's not clear what the recipient should make of a a resource with multiple confidentiality labels and single-confidentiality label is a requirement that also applies in other similar DS4P IGs and related specifications.

      However, it is important to clarify that unlike sensitivity labels that are tied to the clinical content of a resource, confidentiality labels are context- and policy-dependent.

      Will add language to convey that assignment of confidentiality can (and in many cases should) take place in a context-dependent fashion, for example, on-the-fly and per-transaction as data is being released to a client.

      Show
      It's not clear what the recipient should make of a a resource with multiple confidentiality labels and single-confidentiality label is a requirement that also applies in other similar DS4P IGs and related specifications. However, it is important to clarify that unlike sensitivity labels that are tied to the clinical content of a resource, confidentiality labels are context- and policy-dependent. Will add language to convey that assignment of confidentiality can (and in many cases should) take place in a context-dependent fashion, for example, on-the-fly and per-transaction as data is being released to a client.
    • Mohammad Jafari/Brian Handspicker:7-0-0
    • Clarification
    • Non-substantive

    Description

      http://hl7.org/fhir/uv/security-label-ds4p/2021Sep/spec.html#security-classification requires that every decision be boiled down to a single confidentiality code. I don’t think this is desirable or accurate. Confidentiality of data is a contextual consideration, and not a flat marker. It changes depending on purpose or participantes in a data exchange.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            jmandel Josh Mandel
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: