IHE Germany - Value Sets for XDS
0.3.14 - draft
IHE Germany - Value Sets for XDS
0.3.14 - draft
IHE Germany - Value Sets for XDS, published by IHE Deutschland e.V., Berlin, Deutschland. This guide is not an authorized publication; it is the continuous build for version 0.3.14 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE-Germany/ITI.XDS.VS/ and changes regularly. See the Directory of published versions
| Official URL: http://www.ihe-d.de/fhir/ValueSet/IHEXDSconfidentialityCode | Version: 4.0.0-alpha1 | |||
| Standards status: Draft | Maturity Level: 2 | Computable Name: IHEXDSconfidentialityCode | ||
| Other Identifiers: OID:1.2.276.0.76.11.33 (use: official, ), urn:ietf:rfc:3986#Uniform Resource Identifier (URI)#http://www.ihe-d.de/fhir/ValueSet/IHEXDSconfidentialityCode (use: secondary, ) | ||||
Copyright/Legal: IHE Deutschland e.V. |
||||
IHE XDS Confidentiality Code
References
Der Confidentiality Code drückt die Vertraulichkeitsstufe des Dokuments aus. Die Vertraulichkeitsstufe ist üblicherweise die Einschätzung des Autors oder des Einstellenden wie schützenswert das Dokument ist. Die Einschätzung des Autors oder Erstellers sollte erhalten bleiben, auch wenn die des Betroffenen (d.h. des Patienten) davon abweicht. Das heißt, dass man dem Dokument mehrere ConfidentialityCodes zuordnen können sollte. Dies unterstützt IHE XDS auch. Daher enthält das deutsche Value Set neben Codes der Autoreneinschätzung explizite Codes zur Betroffeneneinschätzung, die aus einem separaten, dediziertem Codesystem stammen. Die Einschätzung des Autors wird durch Codes des HL7-Codesystems Confidentiality ausgedrückt. Die Einschätzung des Betroffenen kann über das neue, von der Arbeitsgruppe definierte Codesystem "1.3.6.1.4.1.19376.3.276.1.5.10 - Betroffeneneinschätzung der Vertraulichkeitsstufe" ausgedrückt werden. Jedes Dokument sollte eine Autoreneinschätzung haben. Die Betroffeneneinschätzung sollte zusätzlich verwendet werden, wenn der Patient explizit eine dementsprechende Entscheidung getroffen hat. Für vom Patienten erstellte oder eingestellte Dokumente sollte immer sowohl die Autoreneinschätzung wie auch die Betroffeneneinschätzung verwendet werden. Der Confidentiality Code ist ein wichtiges - jedoch nicht das einzige - Signal für das Berechtigungssystem um den Zugriff auf das Dokument zu regeln. Die hier vorgeschlagenen Werte implizieren kein spezifisches Berechtigungssystem. Zwei Affinity Domains können beide die hier vorgeschlagenen Codes verwenden, jedoch vollkommen unterschiedliche Berechtigungsentscheidungen treffen. Während zum Beispiel in der ersten Affinity Domain eingeschränkte Dokumente nur für den Hausarzt sichtbar sind, könnte die andere Affinity Domain eingeschränkte Dokumente nur für Fachärzte mit einer zum practiceSettingCode passenden authorSpecialty sichtbar machen. Die Interpretation des Confidentiality Codes ist somit Aufgabe des Berechtigungssystems. IHE XDS unterstützt die Verwendung von mehreren Confidentiality Codes für ein Dokument. Damit lässt sich zum Beispiel der von HL7 entwickelte Mechanismus für Security und Privacy Tags ("HL7 Healthcare Privacy and Security Classification System - HCS") umsetzen. Das hier vorgestellte Value Set lässt sich vollständig mit HCS kombinieren.
Generated Narrative: ValueSet IHEXDSconfidentialityCode
This value set includes codes based on the following rules:
http://www.ihe-d.de/fhir/CodeSystem/Vertraulichkeitenhttp://terminology.hl7.org/CodeSystem/v3-Confidentiality
| Code | Display | Definition |
| N | normal | Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a considerable risk of harm to an individual's reputation and sense of privacy. *Usage Note:* The level of protection afforded normatively confidential information is dictated by the prevailing normative privacy policies, which are intended to engender patient trust in their healthcare providers. Privacy policies mandating normative levels of protection, which preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment). Confidentiality code total order hierarchy: Normal (N) is less protective than *V* and *R*, and subsumes all other protection levels (i.e., *M, L, and U*). **Map:**Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care when purpose of use is treatment: Default for normal clinical care access (i.e., most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations. **Examples:** n the US, this includes what HIPAA identifies as protected health information (PHI) under 45 CFR Section 160.103. |
| R | restricted | Privacy metadata indicating the level of protection required to safeguard potentially stigmatizing information, which if disclosed without authorization, would present a high risk of harm to an individual's reputation and sense of privacy. *Usage Note:* The level of protection afforded restricted confidential information is dictated by specially protective organizational or jurisdictional privacy policies, including at an authorized individual's request, intended to engender patient trust in providers of sensitive services. Privacy policies mandating additional levels of protection by restricting information access preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment). Confidentiality code total order hierarchy: Restricted (R) is less protective than *V*, and subsumes all other protection levels (i.e., *N, M, L, and U*). **Examples:** Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual (e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer). |
| V | very restricted | Privacy metadata indicating the level of protection required under atypical cicumstances to safeguard potentially damaging or harmful information, which if disclosed without authorization, would (1) present an extremely high risk of harm to an individual's reputation, sense of privacy, and possibly safety; or (2) impact an individual's or organization's legal matters. *Usage Note:* The level of protection afforded very restricted confidential information is dictated by specially protective privacy or legal policies intended to ensure that under atypical circumstances additional protections limit access to only those with a high 'need to know' and the information is kept in highest confidence.. Privacy and legal policies mandating the highest level of protection by stringently restricting information access, preempt less protective privacy policies when the information is used in the delivery and management of healthcare including legal proceedings related to healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment but only under limited circumstances). Confidentiality code total order hierarchy: Very Restricted (V) is the highest protection level and subsumes all other protection levels s (i.e., *R, N, M, L, and UI*). **Examples:** Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under a legal hold or attorney-client privilege. |
Generated Narrative: ValueSet
Expansion performed internally based on:
This value set contains 6 concepts
| Code | System | Display (de-DE) | Definition |
| PN | http://www.ihe-d.de/fhir/CodeSystem/Vertraulichkeiten | Aus Sicht der Betroffenen sind die Daten nicht sensibler als andere Gesundheitsdaten und können daher nach den gleichen Regeln benutzt werden | |
| PR | http://www.ihe-d.de/fhir/CodeSystem/Vertraulichkeiten | Aus Sicht der Betroffenen sind die Daten sensibel genug, dass für sie besondere Zugriffsregelungen gelten sollen, die den Kreis der Zugriffsberechtigten signifikant einschränken. | |
| PV | http://www.ihe-d.de/fhir/CodeSystem/Vertraulichkeiten | Aus Sicht der Betroffenen sind die Daten so sensibel, dass sie für praktisch niemanden außer ihr selbst sichtbar sein sollten. | |
| N | http://terminology.hl7.org/CodeSystem/v3-Confidentiality | normal | Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a considerable risk of harm to an individual's reputation and sense of privacy. Usage Note: The level of protection afforded normatively confidential information is dictated by the prevailing normative privacy policies, which are intended to engender patient trust in their healthcare providers. Privacy policies mandating normative levels of protection, which preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment). Confidentiality code total order hierarchy: Normal (N) is less protective than V and R, and subsumes all other protection levels (i.e., M, L, and U). **Map:**Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care when purpose of use is treatment: Default for normal clinical care access (i.e., most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations. Examples: n the US, this includes what HIPAA identifies as protected health information (PHI) under 45 CFR Section 160.103. |
| R | http://terminology.hl7.org/CodeSystem/v3-Confidentiality | restricted | Privacy metadata indicating the level of protection required to safeguard potentially stigmatizing information, which if disclosed without authorization, would present a high risk of harm to an individual's reputation and sense of privacy. Usage Note: The level of protection afforded restricted confidential information is dictated by specially protective organizational or jurisdictional privacy policies, including at an authorized individual's request, intended to engender patient trust in providers of sensitive services. Privacy policies mandating additional levels of protection by restricting information access preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment). Confidentiality code total order hierarchy: Restricted (R) is less protective than V, and subsumes all other protection levels (i.e., N, M, L, and U). Examples: Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual (e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer). |
| V | http://terminology.hl7.org/CodeSystem/v3-Confidentiality | very restricted | Privacy metadata indicating the level of protection required under atypical cicumstances to safeguard potentially damaging or harmful information, which if disclosed without authorization, would (1) present an extremely high risk of harm to an individual's reputation, sense of privacy, and possibly safety; or (2) impact an individual's or organization's legal matters. Usage Note: The level of protection afforded very restricted confidential information is dictated by specially protective privacy or legal policies intended to ensure that under atypical circumstances additional protections limit access to only those with a high 'need to know' and the information is kept in highest confidence.. Privacy and legal policies mandating the highest level of protection by stringently restricting information access, preempt less protective privacy policies when the information is used in the delivery and management of healthcare including legal proceedings related to healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment but only under limited circumstances). Confidentiality code total order hierarchy: Very Restricted (V) is the highest protection level and subsumes all other protection levels s (i.e., R, N, M, L, and UI). Examples: Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under a legal hold or attorney-client privilege. |
Explanation of the columns that may appear on this page:
| Level | A few code lists that FHIR defines are hierarchical - each code is assigned a level. In this scheme, some codes are under other codes, and imply that the code they are under also applies |
| System | The source of the definition of the code (when the value set draws in codes defined elsewhere) |
| Code | The code (used as the code in the resource instance) |
| Display | The display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application |
| Definition | An explanation of the meaning of the concept |
| Comments | Additional notes about how to use the code |