ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build
ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build
Publish Box goes here
| Active as of 2024-08-12 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="EHRSFMR2.1-POP.8"/>
<meta>
<profile value="http://hl7.org/ehrs/StructureDefinition/FMFunction"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Provide patient data in a manner that meets applicable requirements for de-identification.</p>
</div></span>
<span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>When an internal or external party requests patient data and that party requests de-identified data (or is not entitled to identified patient information, either by law or custom), the user can export the data in a fashion that meets the requirements for de-identification in that locale or realm.</p>
<p>An auditable record of these requests and associated exports may be maintained by the system. This record could be implemented in any way that would allow the who, what, why and when of a request and export to be recoverable for review.</p>
<p>A random re-identification key may be added to the data, to support re-identification for the purpose of alerting providers of potential patient safety issues. For example, if it is discovered that a patient is at risk for a major cardiac event, the provider could be notified of this risk, allowing the provider to identify the patient from the random key.</p>
</div></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>POP.8#01</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL conform to function [[TI.1.8]] (Patient Privacy and Confidentiality) when managing de-identified views of data according to scope of practice, organizational policy, and/or jurisdictional law.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>POP.8#02</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to de-identify extracted information.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>POP.8#03</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability for authorized users to tag data for de-identification according to scope of practice, organizational policy, and/or jurisdictional law.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>POP.8#04</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability for authorized users to transmit de-identified data to authorized recipients according to scope of practice, organizational policy, and/or jurisdictional law.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>POP.8#05</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to transmit a re-identification key to recipients of de-identified data according to scope of practice, organizational policy, and/or jurisdictional law.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>POP.8#06</span>
</td>
<td style="padding-left: 4px;">
<i>dependent</i>
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD provide the ability to edit discrete patient identifiers from all reports containing data on multiple patients according to scope of practice, organizational policy, and/or jurisdictional law (e.g., replace "John Smith" with "***").</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<url value="http://hl7.org/ehrs/Requirements/EHRSFMR2.1-POP.8"/>
<version value="0.16.0"/>
<name value="POP_8_De_Identified_Data_Request_Management"/>
<title value="POP.8 De-Identified Data Request Management (Function)"/>
<status value="active"/>
<date value="2024-08-12T10:56:01+00:00"/>
<publisher value="EHR WG"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/ehr"/>
</telecom>
</contact>
<description
value="Provide patient data in a manner that meets applicable requirements for de-identification."/>
<purpose
value="When an internal or external party requests patient data and that party requests de-identified data (or is not entitled to identified patient information, either by law or custom), the user can export the data in a fashion that meets the requirements for de-identification in that locale or realm.
An auditable record of these requests and associated exports may be maintained by the system. This record could be implemented in any way that would allow the who, what, why and when of a request and export to be recoverable for review.
A random re-identification key may be added to the data, to support re-identification for the purpose of alerting providers of potential patient safety issues. For example, if it is discovered that a patient is at risk for a major cardiac event, the provider could be notified of this risk, allowing the provider to identify the patient from the random key."/>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="EHRSFMR2.1-POP.8-01"/>
<label value="POP.8#01"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL conform to function [[TI.1.8]] (Patient Privacy and Confidentiality) when managing de-identified views of data according to scope of practice, organizational policy, and/or jurisdictional law."/>
<derivedFrom value="EHR-S_FM_R1.1 S.1.5#1"/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-POP.8-02"/>
<label value="POP.8#02"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to de-identify extracted information."/>
<derivedFrom value="EHR-S_FM_R1.1 S.1.5#2"/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="EHRSFMR2.1-POP.8-03"/>
<label value="POP.8#03"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability for authorized users to tag data for de-identification according to scope of practice, organizational policy, and/or jurisdictional law."/>
<derivedFrom value="PHFP S.1.5#3"/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="EHRSFMR2.1-POP.8-04"/>
<label value="POP.8#04"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability for authorized users to transmit de-identified data to authorized recipients according to scope of practice, organizational policy, and/or jurisdictional law."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="EHRSFMR2.1-POP.8-05"/>
<label value="POP.8#05"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to transmit a re-identification key to recipients of de-identified data according to scope of practice, organizational policy, and/or jurisdictional law."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="true"/>
</extension>
<key value="EHRSFMR2.1-POP.8-06"/>
<label value="POP.8#06"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD provide the ability to edit discrete patient identifiers from all reports containing data on multiple patients according to scope of practice, organizational policy, and/or jurisdictional law (e.g., replace "John Smith" with "***")."/>
</statement>
</Requirements>