Details
-
Change Request
-
Resolution: Not Persuasive with Modification
-
Highest
-
US National Directory Attestation and Verification (FHIR)
-
1.0.0-ballot
-
Patient Administration
-
STU
-
Security
-
-
Bob Dieterle / Brian Postlethwaite: 9-0-0
-
Clarification
-
Non-substantive
Description
Change all SHOULDs in this paragraph to SHALLs. "National Healthcare Directory implementers SHOULD establish a risk analysis and management regime that conforms with HIPAA security regulatory requirements. In addition, implementers in the US Federal systems SHOULD conform with the risk management and mitigation requirements defined in NIST 800 series documents. This SHOULD include security category assignment in accordance with NIST 800-60 vol. 2 Appendix D.14. The coordination of risk management and the related security and privacy controls - policies, administrative practices, and technical controls - SHOULD be defined in the Business Associate Agreements."
Change SHOULD to SHALL in the following sentence "National Healthcare Directory actors SHOULD retain Provenance information using the FHIR Provenance resource."
These comments are applicable to all three Directory guides.
Attachments
Issue Links
- is duplicated by
-
FHIR-38272 change SHOULD to SHALL
-
- Duplicate
-
- is voted on by
-
BALLOT-39540 Negative - Celine Lefebvre : 2022-Sep-FHIR IG DIRECTORY-ATTESTATION R1 STU
- Closed