The system SHALL conform to function TI.1.1 (Entity Authentication).

The system SHALL conform to function TI.1.2 (Entity Authorization).

The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHALL manage the enforcement of authorizations to access PHR-S resources.

The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.

The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).

The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.

The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.