FHIR Data Segmentation for Privacy, published by HL7 Security Working Group. This is not an authorized publication; it is the continuous build for version 1.0.0). This version is based on the current content of https://github.com/HL7/fhir-security-label-ds4p/ and changes regularly. See the Directory of published versions
Page standards status: Trial-use | Maturity Level: 2 |
<ValueSet xmlns="http://hl7.org/fhir">
<id value="valueset-security-label-mark"/>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><ul><li>Include these codes as defined in <a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html"><code>http://terminology.hl7.org/CodeSystem/v3-ActCode</code></a> version <code>2.0.0</code><table class="none"><tr><td style="white-space:nowrap"><b>Code</b></td><td><b>Display</b></td><td><b>Definition</b></td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-ConfidentialMark">ConfidentialMark</a></td><td>confidential mark</td><td>A displayed mark rendered as "Confidential", which indicates to end users that the electronic or hardcopy information they are viewing must be protected at a level of protection as dictated by applicable policy.<br/><br/>May be used to indicate proprietary or classified information that is, for example, business, intelligence, or project related, e.g., secret ingredients in a therapeutic substance; location of disaster health facilities and providers, or the name of a manufacturer or project contractor. Example use cases include a display to alert authorized business system users that they are viewing additionally protected proprietary and business confidential information deemed proprietary under an applicable jurisdictional or organizational policy.<br/><br/>*Usage Note:* <br/><br/>The ConfidentialMark (confidential mark) description is based on the HL7 Confidentiality Concept Domain: Types of privacy metadata classifying an IT resource (data, information object, service, or system capability) according to its level of sensitivity, which is based on an analysis of applicable privacy policies and the risk of financial, reputational, or other harm to an individual or entity that could result if made available or disclosed to unauthorized individuals, entities, or processes.<br/><br/>*Usage Note:* Confidentiality codes may be used in security labels and privacy markings to classify IT resources based on sensitivity to indicate the obligation of a custodian or receiver to ensure that the protected resource is not made available or disclosed to individuals, entities, or processes (security principals) unless authorized per applicable policies. Confidentiality codes may also be used in the clearances of initiators requesting access to protected resources.<br/><br/>Map: Definition aligns with ISO 7498-2:1989 - Confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.</td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-COPYMark">COPYMark</a></td><td>copy of original mark</td><td>A displayed mark indicating that the electronic or hardcopy information is a copy of an authoritative source for the information. The copy is not considered authoritative but is a duplicate of the authoritative content.<br/><br/>*Usage Note:* Applicable policy will dictate how the COPY mark will be displayed. Typical renderings include the marking appearing at the top or "banner" of electronic or hardcopy pages, or as watermarks set diagonally across each page.</td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-DeliverToAddresseeOnlyMark">DeliverToAddresseeOnlyMark</a></td><td>deliver only to addressee mark</td><td>A displayed mark on an electronic transmission or physical container such as an electronic transmittal wrapper, batch file, message header, or a physical envelop or package indicating that the contents, whether electronic or hardcopy information, must only be delivered to the authorized recipient(s) named in the address.<br/><br/>*Usage Note:* Required by US 32 CRF Part 2002 for container storing or transmitting CUI.</td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-RedisclosureProhibitionMark">RedisclosureProhibitionMark</a></td><td>prohibition against redisclosure mark</td><td>A displayed mark rendered to end users as a prescribed text warning that the electronic or hardcopy information shall not be further disclosed without consent of the subject of the information. For example, in order to warn a recipient of 42 CFR Part 2 information of the redisclosure restrictions, the rule mandates that end users receive a written prohibition against redisclosure unless authorized by patient consent or otherwise permitted by Part 2. See 42 CFR § 2.32 Prohibition on re-disclosure. (a)Notice to accompany disclosure. Each disclosure made with the patient's written consent must be accompanied by one of the following written statements: (1) This information has been disclosed to you from records protected by federal confidentiality rules ( 42 CFR part 2). The federal rules prohibit you from making any further disclosure of information in this record that identifies a patient as having or having had a substance use disorder either directly, by reference to publicly available information, or through verification of such identification by another person unless further disclosure is expressly permitted by the written consent of the individual whose information is being disclosed or as otherwise permitted by 42 CFR part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose (see § 2.31). The federal rules restrict any use of the information to investigate or prosecute with regard to a crime any patient with a substance use disorder, except as provided at §§ 2.12(c)(5) and 2.65; or (2) 42 CFR part 2 prohibits unauthorized disclosure of these records. https://www.law.cornell.edu/cfr/text/42/2.32<br/><br/>*Usage Note:* Example of marking requirement from SAMHSA FAQ Response to question 13:<br/><br/>Would a logon or splash page notification on an HIO’s portal that contains the Part 2 notice prohibiting redisclosure be sufficient to meet Part 2’s requirement that disclosures made with patient consent be accompanied by such a statement?<br/><br/>No. Part 2 requires each disclosure made with written patient consent to be accompanied by a written statement that the information disclosed is protected by federal law and that the recipient cannot make any further disclosure of it unless permitted by the regulations (42 CFR § 2.32). A logon page is the page where a user logs onto a computer system; a splash page is an introductory page to a web site. A logon or splash page notification on a HIO's portal including the statement as required by § 2.32 would not be sufficient notification regarding prohibitions on redisclosure since it would not accompany a specific disclosure. The notification must be tied to the Part 2 information being disclosed in order to ensure that the recipient of that information knows that specific information is protected by Part 2 and cannot be redisclosed except as authorized by the express written consent of the person to whom it pertains or as otherwise permitted by Part 2. https://www.samhsa.gov/about-us/who-we-are/laws-regulations/confidentiality-regulations-faqs</td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-RestrictedConfidentialityMark">RestrictedConfidentialityMark</a></td><td>restricted confidentiality mark</td><td>A displayed mark rendered to end users as "Restricted Confidentiality", which indicates that the electronic or hardcopy information they are viewing, must be protected at a restricted level of confidentiality protection as defined by HL7 Confidentiality code "R" (restricted). Examples: Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. Use cases include a display to alert authorized EHR users that they are viewing additionally protected health information deemed sensitive by an applicable jurisdictional, organizational, or personal privacy policy.<br/><br/>*Usage Note:* The definition is based on HL7 Confidentiality code "R" (restricted), which is described as:<br/><br/>Privacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment. Foundational definitions of Confidentiality: From HL7 Confidentiality Concept Domain: Types of privacy metadata classifying an IT resource (data, information object, service, or system capability) according to its level of sensitivity, which is based on an analysis of applicable privacy policies and the risk of financial, reputational, or other harm to an individual or entity that could result if made available or disclosed to unauthorized individuals, entities, or processes.<br/><br/>Usage Note from HL7 Confidentiality code "R": Confidentiality codes may be used in security labels and privacy markings to classify IT resources based on sensitivity to indicate the obligation of a custodian or receiver to ensure that the protected resource is not made available or disclosed to individuals, entities, or processes (security principals) unless authorized per applicable policies. Confidentiality codes may also be used in the clearances of initiators requesting access to protected resources.<br/><br/>This metadata indicates that the receiver may be obligated to comply with applicable, prevailing (default) jurisdictional privacy law or disclosure authorization.<br/><br/>Map: Definition aligns with ISO 7498-2:1989 - Confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.</td></tr><tr><td><a href="http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-DRAFTMark">DRAFTMark</a></td><td>draft mark</td><td>A displayed mark indicating that the electronic or hard-copy information is still under development and is not yet considered to be ready for normal use.</td></tr></table></li></ul></div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">
<valueInteger value="2"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="sec"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
<valueCode value="trial-use"/>
</extension>
<url
value="http://hl7.org/fhir/uv/security-label-ds4p/ValueSet/valueset-security-label-mark"/>
<version value="1.0.0"/>
<name value="ValueSetSecurityLabelMark"/>
<title value="Security Label Mark ValueSet"/>
<status value="draft"/>
<experimental value="false"/>
<date value="2020-03-30"/>
<publisher value="HL7 Security Working Group"/>
<contact>
<name value="HL7 Security Working Group"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/secure/index.cfm"/>
</telecom>
<telecom>
<system value="email"/>
<value value="security-cc@lists.hl7.org"/>
</telecom>
</contact>
<description
value="Security label metadata that may be used to 'segment' an IT resource by conveying a displayed mark, required to be rendered to indicate that the electronic or hardcopy information is protected at the level of the subset of CUI for which the authorizing law, regulation, or Government-wide policy does not set out specific handling or dissemination controls."/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
<display value="World"/>
</coding>
</jurisdiction>
<compose>
<include>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>
<version value="2.0.0"/>
<concept>
<code value="ConfidentialMark"/>
<display value="confidential mark"/>
</concept>
<concept>
<code value="COPYMark"/>
<display value="copy of original mark"/>
</concept>
<concept>
<code value="DeliverToAddresseeOnlyMark"/>
<display value="deliver only to addressee mark"/>
</concept>
<concept>
<code value="RedisclosureProhibitionMark"/>
<display value="prohibition against redisclosure mark"/>
</concept>
<concept>
<code value="RestrictedConfidentialityMark"/>
<display value="restricted confidentiality mark"/>
</concept>
<concept>
<code value="DRAFTMark"/>
<display value="draft mark"/>
</concept>
</include>
</compose>
</ValueSet>
IG © 2023+ HL7 Security Working Group. Package hl7.fhir.uv.security-label-ds4p#1.0.0 based on FHIR 4.0.1. Generated 2023-04-17
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change