Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

: APU.1 Authentication (Header) - XML Representation

Page standards status: Informative

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="CMHAFFR2-APU.1"/>
  <meta>
    <profile
             value="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"/>
  </meta>
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
    <span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>This category is about the system protecting against unauthorized access (e.g., by persons other than the consumer).</p>
</div></span>

    
    <span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>The functionality of an app, its sponsorship, and linkages to external data sources all affect the security, privacy and data controls which are established to ensure safe and effective use. In this section, conformance criteria point to issues which can be addressed through a range of options, and as such implementers should consider not only the conformance criteria but the discussion regarding applicability to the exemplary use cases.</p>
</div></span>
    

    
    
    

    
    <span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
    
    <table id="statements" class="grid dict">
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#58</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The identity of an app user is authenticated prior to any access of PHI or PII.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#59</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The app user is authorized to access a feature of the app before that feature or any associated PHI or PII is displayed. Authorization may be internal to the app or derived from an external source.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#60</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>At the request of an app user, the app terminates such that access to PHI or PII requires a new, successful authentication attempt.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#61</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[Other external HIT system (e.g., EHR) is a system actor] Verify a subject’s association with their real-world identity, establishing that a subject is who they claim to be (identity proofing).</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#62</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The EHR authorizes an app user’s access to app features when these features are supported by data provided by or written to the EHR.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#63</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[PII or PHI are displayed] The app terminates the app or makes PHI or PII invisible after a period of time of user inactivity as described in the app’s Terms of Use. This feature is sometimes called “inactivity timeout” “Session timeout” or “automatic logoff.” The determination to include this feature within an app is made as part of the overall risk analysis regarding the sensitivity of data provided by or through the app.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#64</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[Passwords are stored on the device] passwords are encrypted and never displayed as plaintext.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.1#65</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[Access to account exposes Protected Health Information (PHI) or PII] The user is given an option to utilize strong authentication methods (e.g., multi-factor authentication and/or biometrics) in addition to passwords. Before selection of this option, the mechanism for authentication is clearly described and/or demonstrated to the user. This capability may apply to an app itself, and also to the pairing of the app with a device.</p>
</div></span>
                
                
            </td>
        </tr>
        
    </table>
</div>
  </text>
  <extension
             url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
    <valueCode value="mobile"/>
  </extension>
  <url value="http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.1"/>
  <version value="2.0.1"/>
  <name value="APU_1_Authentication"/>
  <title value="APU.1 Authentication (Header)"/>
  <status value="active"/>
  <date value="2025-05-28T08:01:49+00:00"/>
  <publisher value="HL7 International / Mobile Health"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/mobile"/>
    </telecom>
  </contact>
  <description
               value="This category is about the system protecting against unauthorized access (e.g., by persons other than the consumer)."/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
      <display value="World"/>
    </coding>
  </jurisdiction>
  <purpose
           value="The functionality of an app, its sponsorship, and linkages to external data sources all affect the security, privacy and data controls which are established to ensure safe and effective use. In this section, conformance criteria point to issues which can be addressed through a range of options, and as such implementers should consider not only the conformance criteria but the discussion regarding applicability to the exemplary use cases."/>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-58"/>
    <label value="APU.1#58"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The identity of an app user is authenticated prior to any access of PHI or PII."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-59"/>
    <label value="APU.1#59"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The app user is authorized to access a feature of the app before that feature or any associated PHI or PII is displayed. Authorization may be internal to the app or derived from an external source."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-60"/>
    <label value="APU.1#60"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="At the request of an app user, the app terminates such that access to PHI or PII requires a new, successful authentication attempt."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-61"/>
    <label value="APU.1#61"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[Other external HIT system (e.g., EHR) is a system actor] Verify a subject’s association with their real-world identity, establishing that a subject is who they claim to be (identity proofing)."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-62"/>
    <label value="APU.1#62"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The EHR authorizes an app user’s access to app features when these features are supported by data provided by or written to the EHR."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-63"/>
    <label value="APU.1#63"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[PII or PHI are displayed] The app terminates the app or makes PHI or PII invisible after a period of time of user inactivity as described in the app’s Terms of Use. This feature is sometimes called “inactivity timeout” “Session timeout” or “automatic logoff.” The determination to include this feature within an app is made as part of the overall risk analysis regarding the sensitivity of data provided by or through the app."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-64"/>
    <label value="APU.1#64"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[Passwords are stored on the device] passwords are encrypted and never displayed as plaintext."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.1-65"/>
    <label value="APU.1#65"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[Access to account exposes Protected Health Information (PHI) or PII] The user is given an option to utilize strong authentication methods (e.g., multi-factor authentication and/or biometrics) in addition to passwords. Before selection of this option, the mechanism for authentication is clearly described and/or demonstrated to the user. This capability may apply to an app itself, and also to the pairing of the app with a device."/>
  </statement>
</Requirements>