HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
# - resource -------------------------------------------------------------------
a fhir:Requirements ;
fhir:nodeRole fhir:treeRoot ;
fhir:id [ fhir:v "PHRSFMR2-TI.1.3"] ; #
fhir:meta [
( fhir:profile [
fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"^^xsd:anyURI ;
fhir:link <http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction> ] )
] ; #
fhir:text [
fhir:status [ fhir:v "extensions" ] ;
fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>Manage access to PHR-S resources.</p>\n</div></span>\n\n \n <span id=\"purpose\"><b>Description <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Informative Content\" class=\"informative-flag\">I</a>:</b> <div><p>To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.</p>\n</div></span>\n \n\n \n \n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#01</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function <a href=\"Requirements-PHRSFMR2-TI.1.1.html\">TI.1.1</a> (Entity Authentication).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#02</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function <a href=\"Requirements-PHRSFMR2-TI.1.2.html\">TI.1.2</a> (Entity Authorization).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#03</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#04</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL manage the enforcement of authorizations to access PHR-S resources.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#05</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#08</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHOULD</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#09</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#10</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#11</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"^^rdf:XMLLiteral
] ; #
fhir:extension ( [
fhir:url [ fhir:v "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg"^^xsd:anyURI ] ;
fhir:value [
a fhir:code ;
fhir:v "ehr" ]
] ) ; #
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.3"^^xsd:anyURI] ; #
fhir:version [ fhir:v "2.0.1-ballot"] ; #
fhir:name [ fhir:v "TI_1_3_Entity_Access_Control"] ; #
fhir:title [ fhir:v "TI.1.3 Entity Access Control (Function)"] ; #
fhir:status [ fhir:v "active"] ; #
fhir:date [ fhir:v "2025-08-29T14:03:44+00:00"^^xsd:dateTime] ; #
fhir:publisher [ fhir:v "EHR WG"] ; #
fhir:contact ( [
( fhir:telecom [
fhir:system [ fhir:v "url" ] ;
fhir:value [ fhir:v "http://www.hl7.org/Special/committees/ehr" ] ] )
] ) ; #
fhir:description [ fhir:v "Manage access to PHR-S resources."] ; #
fhir:purpose [ fhir:v "To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations."] ; #
fhir:statement ( [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-01" ] ;
fhir:label [ fhir:v "TI.1.3#01" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL conform to function [TI.1.1](Requirements-PHRSFMR2-TI.1.1.html) (Entity Authentication)." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-02" ] ;
fhir:label [ fhir:v "TI.1.3#02" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL conform to function [TI.1.2](Requirements-PHRSFMR2-TI.1.2.html) (Entity Authorization)." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v true ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-03" ] ;
fhir:label [ fhir:v "TI.1.3#03" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-04" ] ;
fhir:label [ fhir:v "TI.1.3#04" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL manage the enforcement of authorizations to access PHR-S resources." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v true ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-05" ] ;
fhir:label [ fhir:v "TI.1.3#05" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v true ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-08" ] ;
fhir:label [ fhir:v "TI.1.3#08" ] ;
( fhir:conformance [ fhir:v "SHOULD" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-09" ] ;
fhir:label [ fhir:v "TI.1.3#09" ] ;
( fhir:conformance [ fhir:v "SHALL" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics)." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-10" ] ;
fhir:label [ fhir:v "TI.1.3#10" ] ;
( fhir:conformance [ fhir:v "MAY" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories." ]
] [
( fhir:extension [
fhir:url [ fhir:v "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent"^^xsd:anyURI ] ;
fhir:value [
a fhir:boolean ;
fhir:v false ] ] ) ;
fhir:key [ fhir:v "PHRSFMR2-TI.1.3-11" ] ;
fhir:label [ fhir:v "TI.1.3#11" ] ;
( fhir:conformance [ fhir:v "MAY" ] ) ;
fhir:conditionality [ fhir:v false ] ;
fhir:requirement [ fhir:v "The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories." ]
] ) . #
IG © 2023 EHR WG. Package hl7.ehrs.uv.phrsfmr2#2.0.1-ballot based on FHIR 5.0.0. Generated 2025-08-29
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change