HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot
HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
Manage set(s) of PHR-S access control permissions.
Entities are authorized to use components of a PHR-S in accordance with their scope of practice within local policy or legal jurisdiction. Authorization rules provide a proper framework for establishing access permissions and privileges for the use of a PHR system, based on user, role or context. A combination of these authorization categories may be applied to control access to PHR-S resources (i.e., functions or data), including at the operating system level.
TI.1.2#01 | dependent SHALL |
The system SHALL provide the ability to manage sets of access-control permissions granted to an entity (e.g., user, application, device) based on identity, role, and/or context according to scope of practice, organizational policy, and/or jurisdictional law. |
TI.1.2#02 | SHALL |
The system SHALL conform to function TI.2 (Audit) to audit authorization actions as security events. |
TI.1.2#03 | dependent SHALL |
The system SHALL provide the ability to manage roles (e.g., clinician versus administrator) and contexts (e.g., legal requirements versus emergency situations) for authorization according to scope of practice, organizational policy, and/or jurisdictional law. |
TI.1.2#04 | SHALL |
The system SHALL maintain a revision history of all entity record modifications. |
TI.1.2#05 | dependent MAY |
The system MAY provide the ability to manage authorizations for the use of portable media in according to scope of practice, organizational policy, and/or jurisdictional law. |