Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build
Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
<Requirements xmlns="http://hl7.org/fhir">
<id value="CMHAFFR2-APU.5"/>
<meta>
<profile
value="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other
locations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity.</p>
</div></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>APU.5#89</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>APU.5#90</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>[App itself originates data <see ISO 21089 definition of “originateâ€>] Customer has review option which includes the option to irreversibly destroy, reject or discard data.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>APU.5#91</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>[App itself only receives data as a “pass through†and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>APU.5#92</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data.</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="mobile"/>
</extension>
<url value="http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.5"/>
<version value="2.0.1"/>
<name value="APU_5_Data_Authenticity__Provenance__and_Associated_Metadata"/>
<title
value="APU.5 Data Authenticity, Provenance, and Associated Metadata (Header)"/>
<status value="active"/>
<date value="2025-05-28T08:01:49+00:00"/>
<publisher value="HL7 International / Mobile Health"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/mobile"/>
</telecom>
</contact>
<description
value="This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other
locations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity."/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
<display value="World"/>
</coding>
</jurisdiction>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-APU.5-89"/>
<label value="APU.5#89"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-APU.5-90"/>
<label value="APU.5#90"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="[App itself originates data <see ISO 21089 definition of “originateâ€>] Customer has review option which includes the option to irreversibly destroy, reject or discard data."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-APU.5-91"/>
<label value="APU.5#91"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="[App itself only receives data as a “pass through†and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through."/>
</statement>
<statement>
<extension
url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="CMHAFFR2-APU.5-92"/>
<label value="APU.5#92"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data."/>
</statement>
</Requirements>