Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions
| Page standards status: Informative |
{
"resourceType" : "Requirements",
"id" : "CMHAFFR2-APU.10",
"meta" : {
"profile" : [
🔗 "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
]
},
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>This category is about auditing, which is a mechanism for user and system accountability. Important events, such as logins and access to\nparticular functions and data, are recorded and can be used to detect instances of non-compliant behavior and to facilitate detection of improper\ncreation, access, modification, and deletion of personal health information. Any information technology including consumer health apps should follow\nbest practices in managing an audit trail. The audit trail should maintain a record of users who have accessed what data, from where, and when. Audit\nlogs should also record any attempts to access the system from an unauthorized terminal; expired usernames or passwords that try to access the\nsystem, unusual numbers of authentication attempts, and violations of an organizations security policy.</p>\n</div></span>\n\n \n\n \n \n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.10#111</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>[User authentication is required to access app] User authentication attempts, both successful and unsuccessful, generate an audit record.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.10#112</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>User permissions to access, or the revocation of access, regarding smartphone/tablet device capabilities for use by the app (e.g., use of camera, location services) generate an audit record.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.10#113</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>[App uses external devices or data sources for data collection] Pairing a device or data repository external to the app, which supplies data used by the app, generates an audit record.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.10#114</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>[App allows for the export of data to a data repository external to the app] Any export of data from the app generates an audit record.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "mobile"
}
],
"url" : "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.10",
"version" : "2.0.1",
"name" : "APU_10_Audit",
"title" : "APU.10 Audit (Header)",
"status" : "active",
"date" : "2025-05-28T08:01:49+00:00",
"publisher" : "HL7 International / Mobile Health",
"contact" : [
{
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/mobile"
}
]
}
],
"description" : "This category is about auditing, which is a mechanism for user and system accountability. Important events, such as logins and access to\nparticular functions and data, are recorded and can be used to detect instances of non-compliant behavior and to facilitate detection of improper\ncreation, access, modification, and deletion of personal health information. Any information technology including consumer health apps should follow\nbest practices in managing an audit trail. The audit trail should maintain a record of users who have accessed what data, from where, and when. Audit\nlogs should also record any attempts to access the system from an unauthorized terminal; expired usernames or passwords that try to access the\nsystem, unusual numbers of authentication attempts, and violations of an organizations security policy.",
"jurisdiction" : [
{
"coding" : [
{
"system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code" : "001",
"display" : "World"
}
]
}
],
"statement" : [
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.10-111",
"label" : "APU.10#111",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[User authentication is required to access app] User authentication attempts, both successful and unsuccessful, generate an audit record."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.10-112",
"label" : "APU.10#112",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "User permissions to access, or the revocation of access, regarding smartphone/tablet device capabilities for use by the app (e.g., use of camera, location services) generate an audit record."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.10-113",
"label" : "APU.10#113",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[App uses external devices or data sources for data collection] Pairing a device or data repository external to the app, which supplies data used by the app, generates an audit record."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.10-114",
"label" : "APU.10#114",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[App allows for the export of data to a data repository external to the app] Any export of data from the app generates an audit record."
}
]
}
IG © 2025 HL7 International / Mobile Health. Package hl7.fhir.uv.cmhaffr2#2.0.1 based on FHIR 5.0.0. Generated 2025-05-28
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change