Consumer Mobile Health Application Functional Framework, Release 2
2.0.1 - CI build International flag

Consumer Mobile Health Application Functional Framework, Release 2, published by HL7 International / Mobile Health. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/cmhaff-ig/ and changes regularly. See the Directory of published versions

: APU.5 Data Authenticity, Provenance, and Associated Metadata (Header) - XML Representation

Page standards status: Informative

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="CMHAFFR2-APU.5"/>
  <meta>
    <profile
             value="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"/>
  </meta>
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
    <span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other
locations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity.</p>
</div></span>

    

    
    
    

    
    <span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
    
    <table id="statements" class="grid dict">
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.5#89</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.5#90</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[App itself originates data &lt;see ISO 21089 definition of “originate”&gt;] Customer has review option which includes the option to irreversibly destroy, reject or discard data.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.5#91</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>APU.5#92</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHOULD</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data.</p>
</div></span>
                
                
            </td>
        </tr>
        
    </table>
</div>
  </text>
  <extension
             url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
    <valueCode value="mobile"/>
  </extension>
  <url value="http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.5"/>
  <version value="2.0.1"/>
  <name value="APU_5_Data_Authenticity__Provenance__and_Associated_Metadata"/>
  <title
         value="APU.5 Data Authenticity, Provenance, and Associated Metadata (Header)"/>
  <status value="active"/>
  <date value="2025-05-28T08:01:49+00:00"/>
  <publisher value="HL7 International / Mobile Health"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/mobile"/>
    </telecom>
  </contact>
  <description
               value="This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other
locations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity."/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
      <display value="World"/>
    </coding>
  </jurisdiction>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.5-89"/>
    <label value="APU.5#89"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.5-90"/>
    <label value="APU.5#90"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[App itself originates data &lt;see ISO 21089 definition of “originate”&gt;] Customer has review option which includes the option to irreversibly destroy, reject or discard data."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.5-91"/>
    <label value="APU.5#91"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="CMHAFFR2-APU.5-92"/>
    <label value="APU.5#92"/>
    <conformance value="SHOULD"/>
    <conditionality value="false"/>
    <requirement
                 value="[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data."/>
  </statement>
</Requirements>