Criteria N:
APU.5#89 SHALL

Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata.
APU.5#90 SHALL

[App itself originates data <see ISO 21089 definition of “originate”>] Customer has review option which includes the option to irreversibly destroy, reject or discard data.
APU.5#91 SHALL

[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through.
APU.5#92 SHOULD

[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data.
<status value="active"/> <date value="2026-03-20T11:58:09+00:00"/> <publisher value="HL7 International / Mobile Health"/> <contact> <telecom> <system value="url"/> <value value="http://www.hl7.org/Special/committees/mobile"/> </telecom> </contact> <description value="This category is about providing assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations. This category is about the attribution of sources of data (provenance) and assurance of data authenticity."/> <jurisdiction> <coding> <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/> <code value="001"/> <display value="World"/> </coding> </jurisdiction> <statement> <extension url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <key value="CMHAFFR2-APU.5-89"/> <label value="APU.5#89"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="Apps conform to Best Practices for Data Authenticity, Provenance, and Associated Metadata."/> </statement> <statement> <extension url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <key value="CMHAFFR2-APU.5-90"/> <label value="APU.5#90"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="[App itself originates data <see ISO 21089 definition of “originate”>] Customer has review option which includes the option to irreversibly destroy, reject or discard data."/> </statement> <statement> <extension url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <key value="CMHAFFR2-APU.5-91"/> <label value="APU.5#91"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="[App itself only receives data as a “pass through” and cannot store data] Customer has a review option to display the data prior to executing the pass-through which includes the option to irreversibly stop and block the pass-through."/> </statement> <statement> <extension url="http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <key value="CMHAFFR2-APU.5-92"/> <label value="APU.5#92"/> <conformance value="SHOULD"/> <conditionality value="false"/> <requirement value="[App itself receives data and stores it] Customer has a review option that permits only appending data and/or free text comments to received data as author while preserving the original received data intact with original provenance. User may comment that data are erroneous, but does not have the option to delete the original data."/> </statement> </Requirements>