HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

Requirements: TI.1.3 Entity Access Control (Function)

Page standards status: Informative
Statement N:

Manage access to PHR-S resources.

Description I:

To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.

Criteria N:
TI.1.3#01 SHALL

The system SHALL conform to function TI.1.1 (Entity Authentication).

TI.1.3#02 SHALL

The system SHALL conform to function TI.1.2 (Entity Authorization).

TI.1.3#03 dependent SHALL

The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#04 SHALL

The system SHALL manage the enforcement of authorizations to access PHR-S resources.

TI.1.3#05 dependent SHALL

The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.

TI.1.3#08 dependent SHOULD

The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#09 SHALL

The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).

TI.1.3#10 MAY

The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.

TI.1.3#11 MAY

The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.