| Package | hl7.ehrs.uv.phrsfmr2 |
| Type | Requirements |
| Id | Id |
| FHIR Version | R5 |
| Source | http://hl7.org/ehrs/uv/phrsfmr2/https://build.fhir.org/ig/HL7/phrsfm-ig/Requirements-PHRSFMR2-TI.1.3.html |
| Url | http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.3 |
| Version | 2.0.1-ballot |
| Status | active |
| Date | 2025-04-03T15:15:30+00:00 |
| Name | TI_1_3_Entity_Access_Control |
| Title | TI.1.3 Entity Access Control (Function) |
| Experimental | False |
| Authority | hl7 |
| Description | Manage access to PHR-S resources. |
| Purpose | To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations. |
No resources found
No resources found
Note: links and images are rebased to the (stated) source
Manage access to PHR-S resources.
To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.
| TI.1.3#01 | SHALL |
The system SHALL conform to function TI.1.1 (Entity Authentication). |
| TI.1.3#02 | SHALL |
The system SHALL conform to function TI.1.2 (Entity Authorization). |
| TI.1.3#03 | dependent SHALL |
The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law. |
| TI.1.3#04 | SHALL |
The system SHALL manage the enforcement of authorizations to access PHR-S resources. |
| TI.1.3#05 | dependent SHALL |
The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law. |
| TI.1.3#08 | dependent SHOULD |
The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law. |
| TI.1.3#09 | SHALL |
The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics). |
| TI.1.3#10 | MAY |
The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories. |
| TI.1.3#11 | MAY |
The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories. |
FHIR{
"resourceType" : "Requirements",
"id" : "PHRSFMR2-TI.1.3",
"meta" : {
"profile" : [
"http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"
]
},
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>Manage access to PHR-S resources.</p>\n</div></span>\n\n \n <span id=\"purpose\"><b>Description <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Informative Content\" class=\"informative-flag\">I</a>:</b> <div><p>To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.</p>\n</div></span>\n \n\n \n <span id=\"actors\"><b>Actors:</b><br/> ehr</span>\n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#01</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function <a href=\"Requirements-PHRSFMR2-TI.1.1.html\">TI.1.1</a> (Entity Authentication).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#02</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function <a href=\"Requirements-PHRSFMR2-TI.1.2.html\">TI.1.2</a> (Entity Authorization).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#03</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#04</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL manage the enforcement of authorizations to access PHR-S resources.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#05</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#08</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHOULD</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#09</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#10</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#11</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "ehr"
}
],
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.3",
"version" : "2.0.1-ballot",
"name" : "TI_1_3_Entity_Access_Control",
"title" : "TI.1.3 Entity Access Control (Function)",
"status" : "active",
"date" : "2025-04-03T15:15:30+00:00",
"publisher" : "EHR WG",
"contact" : [
{
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/ehr"
}
]
}
],
"description" : "Manage access to PHR-S resources.",
"purpose" : "To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.",
"statement" : [
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-01",
"label" : "TI.1.3#01",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL conform to function [TI.1.1](Requirements-PHRSFMR2-TI.1.1.html) (Entity Authentication)."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-02",
"label" : "TI.1.3#02",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL conform to function [TI.1.2](Requirements-PHRSFMR2-TI.1.2.html) (Entity Authorization)."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : true
}
],
"key" : "PHRSFMR2-TI.1.3-03",
"label" : "TI.1.3#03",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-04",
"label" : "TI.1.3#04",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL manage the enforcement of authorizations to access PHR-S resources."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : true
}
],
"key" : "PHRSFMR2-TI.1.3-05",
"label" : "TI.1.3#05",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : true
}
],
"key" : "PHRSFMR2-TI.1.3-08",
"label" : "TI.1.3#08",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-09",
"label" : "TI.1.3#09",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics)."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-10",
"label" : "TI.1.3#10",
"conformance" : [
"MAY"
],
"conditionality" : false,
"requirement" : "The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories."
},
{
"extension" : [
{
"url" : "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "PHRSFMR2-TI.1.3-11",
"label" : "TI.1.3#11",
"conformance" : [
"MAY"
],
"conditionality" : false,
"requirement" : "The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories."
}
]
}
XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.