S.4.1.2 Manage De-Identified Data Request Process (Function) - HL7 Personal Health Record System Functional Model, Release 2 v2.0.1-ballot

HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

Requirements: S.4.1.2 Manage De-Identified Data Request Process (Function)

Page standards status: Informative

Statement N:

Provide PHR Account Holder data in a manner that meets local requirements for de-identification.

Description I:

When the PHR Account Holder desires to share his/her information in a de-identified state, the PHR Account Holder can export the data in a fashion that meets requirements for de-identification in that locale or realm.

Example(s): If a person wants to participate in a study that will utilize de-identified data, then the system should provide the ability to de-identify this data according to the requirements of the study.

In Germany, when a PHR Account Holder’s subscription is cancelled, the PHR data may be maintained. But if the data is maintained, it must be maintained in a de-identified state or be pseudonymized (similar to the limited data set in the U.S. Privacy Rule).

Criteria N:

S.4.1.2#01

SHOULD

The system SHOULD provide the ability for the PHR Account Holder to de-identify his or her information as needed to meet the requirements of a study or other request.

S.4.1.2#02

SHOULD

The system SHOULD capture the source and date of a request for de-identified data.

S.4.1.2#03

SHOULD

The system SHOULD provide the ability to capture the date of transmission, data transmitted, and the target of the de-identified data.

S.4.1.2#04

SHOULD

The system SHOULD provide the ability to capture confirmation of the target’s receipt of the data.

S.4.1.2#05

SHOULD

The system SHOULD provide the ability to render the history of data transmissions.

S.4.1.2#06

dependent SHOULD

The system SHOULD provide the ability to de-identify data according to organizational policy and/or jurisdictional law.

<prev

top

next>

IG © 2023 EHR WG. Package hl7.ehrs.uv.phrsfmr2#2.0.1-ballot based on FHIR 5.0.0. Generated 2025-08-29
Links: Table of Contents | QA Report | Version History | | Propose a change