Details
-
Change Request
-
Resolution: Persuasive
-
Medium
-
FHIR Data Segmentation for Privacy (FHIR)
-
0.3.0
-
Security
-
Background
-
-
Mohammad Jafari / Christopher Schaut: 4-0-1
-
Enhancement
-
Non-substantive
Description
last paragraph of section 1.2. This is not clear to me the message being sent. I will assert that the FHIR core says nothing like this, indeed the point of FHIR core is that it is policy-less. So I think the intention of this paragraph is to explain that policy and guidance are needed. That conformance claims to the DS4P IG impart some policy and behavior requirements like indicated in this paragraph. That imparting policy is indeed very important. I stress this, which is also stressed in the text you have quoted from the FHIR core security label page.
While stated with respect to FHIR content, thisAs quoted above from the FHIR Security Label Module caveat that, policies must be implemented, holds forotherlabeled contentas well: “The intent of a security label is that the recipient of resources or bundles with security tags is obligated to enforce the handling caveats of the tags and carry the security labels forward as appropriate.” And, regardless of the content syntax, “Security Labels enable more data to flow as they enable policy fragments to accompany the resource data.”
Attachments
Issue Links
- is voted on by
-
BALLOT-21419 Affirmative - John Moehrke : 2021-Sep-FHIR IG DS4P R1 STU
- Balloted