HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot
HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
<Requirements xmlns="http://hl7.org/fhir">
<id value="PHRSFMR2-TI.1.6"/>
<meta>
<profile
value="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Secure all modes of PHR data exchange.</p>
</div></span>
<span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>Whenever an exchange of PHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations.</p>
</div></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#01</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL secure all modes of PHR data exchange.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#02</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL conform to function <a href="Requirements-PHRSFMR2-TI.1.7.html">TI.1.7</a> (Secure Data Routing).</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#03</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to de-identify data.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#04</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL encrypt and decrypt PHR data that is exchanged over a non-secure link.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#05</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<i>conditional</i>
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>IF encryption is used, THEN the system SHALL exchange data using recognized standards-based encryption mechanisms according to organizational policy, and/or jurisdictional law.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#06</span>
</td>
<td style="padding-left: 4px;">
<i>conditional</i>
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>IF the PHR-S is the recipient of a secure data exchange, THEN the system SHOULD provide the ability to transmit an acknowledgment of the receipt of the data.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.1.6#07</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL provide the ability to determine static or dynamic addresses for known and authorized sources and destinations.</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="ehr"/>
</extension>
<url value="http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.6"/>
<version value="2.0.1-ballot"/>
<name value="TI_1_6_Secure_Data_Exchange"/>
<title value="TI.1.6 Secure Data Exchange (Function)"/>
<status value="active"/>
<date value="2025-08-29T14:03:44+00:00"/>
<publisher value="EHR WG"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/ehr"/>
</telecom>
</contact>
<description value="Secure all modes of PHR data exchange."/>
<purpose
value="Whenever an exchange of PHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations."/>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-01"/>
<label value="TI.1.6#01"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL secure all modes of PHR data exchange."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-02"/>
<label value="TI.1.6#02"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL conform to function [TI.1.7](Requirements-PHRSFMR2-TI.1.7.html) (Secure Data Routing)."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-03"/>
<label value="TI.1.6#03"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to de-identify data."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-04"/>
<label value="TI.1.6#04"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL encrypt and decrypt PHR data that is exchanged over a non-secure link."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="PHRSFMR2-TI.1.6-05"/>
<label value="TI.1.6#05"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="IF encryption is used, THEN the system SHALL exchange data using recognized standards-based encryption mechanisms according to organizational policy, and/or jurisdictional law."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-06"/>
<label value="TI.1.6#06"/>
<conformance value="SHOULD"/>
<conditionality value="true"/>
<requirement
value="IF the PHR-S is the recipient of a secure data exchange, THEN the system SHOULD provide the ability to transmit an acknowledgment of the receipt of the data."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="PHRSFMR2-TI.1.6-07"/>
<label value="TI.1.6#07"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL provide the ability to determine static or dynamic addresses for known and authorized sources and destinations."/>
</statement>
</Requirements>