ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build
Publish Box goes here
Active as of 2024-08-12 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="EHRSFMR2.1-AS.2.6"/>
<meta>
<profile value="http://hl7.org/ehrs/StructureDefinition/FMFunction"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Provide the ability to record and manage patient-specific privacy consent directive consistent with privacy policies.</p>
</div></span>
<span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>The system enables the management of information access to support privacy policies. These policies allow patients to stipulate specific privacy preferences as a privacy consent directive. The consent may be issued for a specific disclosure, for a period of time, or until it is explicitly revoked. This function depends on infrastructure to enforce the privacy consent and any associated privacy policies using a combination of access control, secure messaging, secure data routing, and data segmentation.</p>
</div></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#01</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to manage the privacy preferences of patients (e.g., opt-in with exceptions, opt-out with exceptions, opt-in, opt-out) in their privacy consent directive.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#02</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to capture the patient's preferences regarding providers who are permitted to access, or explicitly excluded from accessing, the patient's information.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#03</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to render disclosure events.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#04</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to render an accounting of any patient identifiable information disclosed to other providers.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#05</span>
</td>
<td style="padding-left: 4px;">
<span>MAY</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system MAY provide the ability to enter, import or receive information that documents the patient's expressed selection of privacy preferences related to the disclosure of information identified by its content type (e.g., related diagnosis or payment method), and a specific purpose.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#06</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to manage data visibility based on both privacy policy, and patient's privacy consent.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>AS.2.6#07</span>
</td>
<td style="padding-left: 4px;">
<span>MAY</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system MAY provide the ability to link to privacy consent management systems to access patients' privacy consent directives and digital certificates.</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<url value="http://hl7.org/ehrs/Requirements/EHRSFMR2.1-AS.2.6"/>
<version value="0.16.0"/>
<name value="AS_2_6_Manage_Patient_Privacy_Consent_Directives"/>
<title value="AS.2.6 Manage Patient Privacy Consent Directives (Function)"/>
<status value="active"/>
<date value="2024-08-12T10:56:01+00:00"/>
<publisher value="EHR WG"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/ehr"/>
</telecom>
</contact>
<description
value="Provide the ability to record and manage patient-specific privacy consent directive consistent with privacy policies."/>
<purpose
value="The system enables the management of information access to support privacy policies. These policies allow patients to stipulate specific privacy preferences as a privacy consent directive. The consent may be issued for a specific disclosure, for a period of time, or until it is explicitly revoked. This function depends on infrastructure to enforce the privacy consent and any associated privacy policies using a combination of access control, secure messaging, secure data routing, and data segmentation."/>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-01"/>
<label value="AS.2.6#01"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to manage the privacy preferences of patients (e.g., opt-in with exceptions, opt-out with exceptions, opt-in, opt-out) in their privacy consent directive."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-02"/>
<label value="AS.2.6#02"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to capture the patient's preferences regarding providers who are permitted to access, or explicitly excluded from accessing, the patient's information."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-03"/>
<label value="AS.2.6#03"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to render disclosure events."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-04"/>
<label value="AS.2.6#04"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to render an accounting of any patient identifiable information disclosed to other providers."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-05"/>
<label value="AS.2.6#05"/>
<conformance value="MAY"/>
<conditionality value="false"/>
<requirement
value="The system MAY provide the ability to enter, import or receive information that documents the patient's expressed selection of privacy preferences related to the disclosure of information identified by its content type (e.g., related diagnosis or payment method), and a specific purpose."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-06"/>
<label value="AS.2.6#06"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to manage data visibility based on both privacy policy, and patient's privacy consent."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-AS.2.6-07"/>
<label value="AS.2.6#07"/>
<conformance value="MAY"/>
<conditionality value="false"/>
<requirement
value="The system MAY provide the ability to link to privacy consent management systems to access patients' privacy consent directives and digital certificates."/>
</statement>
</Requirements>