HL7 Personal Health Record System Functional Model, Release 2
2.0.1 - Normative

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

Requirements: TI.1.6 Secure Data Exchange (Function)

Official URL: http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.6 Version: 2.0.1
Standards status: Normative Computable Name: TI_1_6_Secure_Data_Exchange

Secure all modes of PHR data exchange.

Description I: Whenever an exchange of PHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations.
Criteria N:
TI.1.6#01 SHALL The system SHALL secure all modes of PHR data exchange.
TI.1.6#02 SHALL The system SHALL conform to function [TI.1.7](Requirements-PHRSFMR2-TI.1.7.html) (Secure Data Routing).
TI.1.6#03 SHOULD The system SHOULD provide the ability to de-identify data.
TI.1.6#04 SHALL The system SHALL encrypt and decrypt PHR data that is exchanged over a non-secure link.
TI.1.6#05 SHALL conditional IF encryption is used, THEN the system SHALL exchange data using recognized standards-based encryption mechanisms according to organizational policy, and/or jurisdictional law.
TI.1.6#06 SHOULD conditional IF the PHR-S is the recipient of a secure data exchange, THEN the system SHOULD provide the ability to transmit an acknowledgment of the receipt of the data.
TI.1.6#07 SHALL The system SHALL provide the ability to determine static or dynamic addresses for known and authorized sources and destinations.