Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions
| Page standards status: Informative |
{
"resourceType" : "Requirements",
"id" : "CMHAFFR2-APU.4",
"meta" : {
"profile" : [
🔗 "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
]
},
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.</p>\n</div></span>\n\n \n\n \n \n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.4#83</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>PHI and PII stored on a smartphone is stored as encrypted values.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.4#84</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>PHI and PII stored by the mobile app on any external server is stored as encrypted values.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.4#85</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.4#86</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHOULD</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>Improve and/or upgrade encryption cipher and suites to match evolving best practices.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>APU.4#87</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "mobile"
}
],
"url" : "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4",
"version" : "2.0.1",
"name" : "APU_4_Security_for_Data_at_Rest_and_in_Transport",
"title" : "APU.4 Security for Data at Rest and in Transport (Header)",
"status" : "active",
"date" : "2025-05-28T08:01:49+00:00",
"publisher" : "HL7 International / Mobile Health",
"contact" : [
{
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/mobile"
}
]
}
],
"description" : "This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.",
"jurisdiction" : [
{
"coding" : [
{
"system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code" : "001",
"display" : "World"
}
]
}
],
"statement" : [
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.4-83",
"label" : "APU.4#83",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "PHI and PII stored on a smartphone is stored as encrypted values."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.4-84",
"label" : "APU.4#84",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "PHI and PII stored by the mobile app on any external server is stored as encrypted values."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.4-85",
"label" : "APU.4#85",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.4-86",
"label" : "APU.4#86",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "Improve and/or upgrade encryption cipher and suites to match evolving best practices."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.4-87",
"label" : "APU.4#87",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values."
}
]
}
IG © 2025 HL7 International / Mobile Health. Package hl7.fhir.uv.cmhaffr2#2.0.1 based on FHIR 5.0.0. Generated 2025-05-28
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change