Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-40090

Alignment with FHIR DS4P IG needed - Use of Masked from the HL7 V3-ActCode is supported for data hidden due to security or privacy reason

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium

    Description

      This sentence reads as if masking data is discouraged. Implementations should have policy in place to handle data security.

      "In situations where the specific piece of data is hidden due to a security or privacy reason, using a code from the DataAbsentReason Code System such as masked may exceed the data receiver’s access rights to know and should be avoided."

       Please revise sentence to support existing implementations. Suggestion: 

      "In situations where the specific piece of data is hidden due to a security or privacy reason, using a code from the DataAbsentReason Code System such as masked may exceed the data receiver’s access rights to know. However, masking data should be handled based on implemented policies." 

      Rationale:

      The Healthcare Privacy and Security Classification Systems (HCS) supports masking data. 

      HL7 FHIR security labels supports the use of Masking data based on Policy (Security label metadata that segments an IT resource by conveying a mandate, obligation, requirement, rule, or expectation relating to its privacy.)

      HL7 FHIR DS4P supports masking data - http://hl7.org/fhir/security-labels.html#core 

      Please see - https://terminology.hl7.org/ValueSet-v3-ActPolicyType.html 

      Attachments

        Activity

          People

            Unassigned Unassigned
            emmanurse Emma Jones
            Emma Jones
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: