Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

: APU.5 Data Authenticity, Provenance, and Associated Metadata (Header) - JSON Representation

Page standards status: Informative

Raw json | Download

{
  "resourceType" : "Requirements",
  "id" : "CMHAFFR2-APU.5",
  "meta" : {
    "profile" : [
      🔗 "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n    <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other\nlocations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity.</p>\n</div></span>\n\n    \n\n    \n    \n    \n\n    \n    <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n    \n    <table id=\"statements\" class=\"grid dict\">\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.5#89</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.5#90</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>[App itself originates data &lt;see ISO 21089 definition of “originate”&gt;] Customer has review option which includes the option to irreversibly destroy, reject or discard data.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.5#91</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHALL</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n        <tr>\n            <td style=\"padding-left: 4px;\">\n                \n                <span>APU.5#92</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\">\n                \n                \n                \n                <span>SHOULD</span>\n                \n            </td>\n            <td style=\"padding-left: 4px;\" class=\"requirement\">\n                \n                <span><div><p>[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data.</p>\n</div></span>\n                \n                \n            </td>\n        </tr>\n        \n    </table>\n</div>"
  },
  "extension" : [
    {
      "url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode" : "mobile"
    }
  ],
  "url" : "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.5",
  "version" : "2.0.1",
  "name" : "APU_5_Data_Authenticity__Provenance__and_Associated_Metadata",
  "title" : "APU.5 Data Authenticity, Provenance, and Associated Metadata (Header)",
  "status" : "active",
  "date" : "2025-05-28T08:01:49+00:00",
  "publisher" : "HL7 International / Mobile Health",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/mobile"
        }
      ]
    }
  ],
  "description" : "This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other\nlocations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "statement" : [
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.5-89",
      "label" : "APU.5#89",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.5-90",
      "label" : "APU.5#90",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "[App itself originates data <see ISO 21089 definition of “originate”>] Customer has review option which includes the option to irreversibly destroy, reject or discard data."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.5-91",
      "label" : "APU.5#91",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.5-92",
      "label" : "APU.5#92",
      "conformance" : [
        "SHOULD"
      ],
      "conditionality" : false,
      "requirement" : "[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data."
    }
  ]
}