ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build
Publish Box goes here
Active as of 2024-08-12 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="EHRSFMR2.1-TI.2.1.2.9"/>
<meta>
<profile value="http://hl7.org/ehrs/StructureDefinition/FMFunction"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Manage Audit Trigger initiated to track user permissions (authorization).</p>
</div></span>
<span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>Capture user permissions (authorization), both routine and exceptional, including key metadata (who, what, when, where, why).</p>
</div></span>
<span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
<table id="statements" class="grid dict">
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#01</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL audit each occurrence when user permissions (authorizations) are granted, removed or updated.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#02</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture identity of the organization.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#03</span>
</td>
<td style="padding-left: 4px;">
<i>conditional</i>
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>IF known, THEN the system SHALL capture identity of the user.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#04</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture identity of the system.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#05</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture the event initiating audit trigger.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#06</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture the date and time of the event initiating audit trigger.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#07</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture identity of the location (i.e., network address).</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#08</span>
</td>
<td style="padding-left: 4px;">
<span>SHOULD</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHOULD capture the rationale for granting, removing or updating user permissions.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#09</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture identity of user to whom permissions apply.</p>
</div></span>
</td>
</tr>
<tr>
<td style="padding-left: 4px;">
<span>TI.2.1.2.9#10</span>
</td>
<td style="padding-left: 4px;">
<span>SHALL</span>
</td>
<td style="padding-left: 4px;" class="requirement">
<span><div><p>The system SHALL capture the new set of applicable user permissions (authorizations).</p>
</div></span>
</td>
</tr>
</table>
</div>
</text>
<url value="http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.2.1.2.9"/>
<version value="0.16.0"/>
<name
value="TI_2_1_2_9_User_Permissions__Authorization__Security_Audit_Trigger"/>
<title
value="TI.2.1.2.9 User Permissions (Authorization) Security Audit Trigger (Function)"/>
<status value="active"/>
<date value="2024-08-12T10:56:01+00:00"/>
<publisher value="EHR WG"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/ehr"/>
</telecom>
</contact>
<description
value="Manage Audit Trigger initiated to track user permissions (authorization)."/>
<purpose
value="Capture user permissions (authorization), both routine and exceptional, including key metadata (who, what, when, where, why)."/>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-01"/>
<label value="TI.2.1.2.9#01"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL audit each occurrence when user permissions (authorizations) are granted, removed or updated."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-02"/>
<label value="TI.2.1.2.9#02"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture identity of the organization."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-03"/>
<label value="TI.2.1.2.9#03"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="IF known, THEN the system SHALL capture identity of the user."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-04"/>
<label value="TI.2.1.2.9#04"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement value="The system SHALL capture identity of the system."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-05"/>
<label value="TI.2.1.2.9#05"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture the event initiating audit trigger."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-06"/>
<label value="TI.2.1.2.9#06"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture the date and time of the event initiating audit trigger."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-07"/>
<label value="TI.2.1.2.9#07"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture identity of the location (i.e., network address)."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-08"/>
<label value="TI.2.1.2.9#08"/>
<conformance value="SHOULD"/>
<conditionality value="false"/>
<requirement
value="The system SHOULD capture the rationale for granting, removing or updating user permissions."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-09"/>
<label value="TI.2.1.2.9#09"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture identity of user to whom permissions apply."/>
</statement>
<statement>
<extension
url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
<valueBoolean value="false"/>
</extension>
<key value="EHRSFMR2.1-TI.2.1.2.9-10"/>
<label value="TI.2.1.2.9#10"/>
<conformance value="SHALL"/>
<conditionality value="false"/>
<requirement
value="The system SHALL capture the new set of applicable user permissions (authorizations)."/>
</statement>
</Requirements>