Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

: APU.4 Security for Data at Rest and in Transport (Header) - TTL Representation

Page standards status: Informative

Raw ttl | Download


@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

# - resource -------------------------------------------------------------------

 a fhir:Requirements ;
  fhir:nodeRole fhir:treeRoot ;
  fhir:id [ fhir:v "CMHAFFR2-APU.4"] ; # 
  fhir:meta [
    ( fhir:profile [
fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"^^xsd:anyURI ;
fhir:link <http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader>     ] )
  ] ; # 
  fhir:text [
fhir:status [ fhir:v "extensions" ] ;
fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n    <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.</p>\n</div></span>\n\n    \n\n    \n    \n    \n\n    \n    <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n    \n    <table id=\"statements\" class=\"grid dict\">\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.4#83</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>PHI and PII stored on a smartphone is stored as encrypted values.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.4#84</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>PHI and PII stored by the mobile app on any external server is stored as encrypted values.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.4#85</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.4#86</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHOULD</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>Improve and/or upgrade encryption cipher and suites to match evolving best practices.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.4#87</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n    </table>\n</div>"^^rdf:XMLLiteral
  ] ; # 
  fhir:extension ( [
fhir:url [ fhir:v "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg"^^xsd:anyURI ] ;
fhir:value [
a fhir:code ;
fhir:v "mobile"     ]
  ] ) ; # 
  fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4"^^xsd:anyURI] ; # 
  fhir:version [ fhir:v "2.0.1"] ; # 
  fhir:name [ fhir:v "APU_4_Security_for_Data_at_Rest_and_in_Transport"] ; # 
  fhir:title [ fhir:v "APU.4 Security for Data at Rest and in Transport (Header)"] ; # 
  fhir:status [ fhir:v "active"] ; # 
  fhir:date [ fhir:v "2025-05-28T08:01:49+00:00"^^xsd:dateTime] ; # 
  fhir:publisher [ fhir:v "HL7 International / Mobile Health"] ; # 
  fhir:contact ( [
    ( fhir:telecom [
fhir:system [ fhir:v "url" ] ;
fhir:value [ fhir:v "http://www.hl7.org/Special/committees/mobile" ]     ] )
  ] ) ; # 
  fhir:description [ fhir:v "This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations."] ; # 
  fhir:jurisdiction ( [
    ( fhir:coding [
fhir:system [ fhir:v "http://unstats.un.org/unsd/methods/m49/m49.htm"^^xsd:anyURI ] ;
fhir:code [ fhir:v "001" ] ;
fhir:display [ fhir:v "World" ]     ] )
  ] ) ; # 
  fhir:statement ( [
    ( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false       ]     ] ) ;
fhir:key [ fhir:v "CMHAFFR2-APU.4-83" ] ;
fhir:label [ fhir:v "APU.4#83" ] ;
    ( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "PHI and PII stored on a smartphone is stored as encrypted values." ]
  ] [
    ( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false       ]     ] ) ;
fhir:key [ fhir:v "CMHAFFR2-APU.4-84" ] ;
fhir:label [ fhir:v "APU.4#84" ] ;
    ( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "PHI and PII stored by the mobile app on any external server is stored as encrypted values." ]
  ] [
    ( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false       ]     ] ) ;
fhir:key [ fhir:v "CMHAFFR2-APU.4-85" ] ;
fhir:label [ fhir:v "APU.4#85" ] ;
    ( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app." ]
  ] [
    ( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false       ]     ] ) ;
fhir:key [ fhir:v "CMHAFFR2-APU.4-86" ] ;
fhir:label [ fhir:v "APU.4#86" ] ;
    ( fhir:conformance [ fhir:v "SHOULD" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "Improve and/or upgrade encryption cipher and suites to match evolving best practices." ]
  ] [
    ( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false       ]     ] ) ;
fhir:key [ fhir:v "CMHAFFR2-APU.4-87" ] ;
fhir:label [ fhir:v "APU.4#87" ] ;
    ( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values." ]
  ] ) . #