FHIR © HL7.org  |  Server Home  |  FHIR Server FHIR Server 3.4.11  |  FHIR Version n/a  User: [n/a]

Resource Requirements/FHIR Server from package hl7.ehrs.ehrsfmr21#current (47 ms)

Package hl7.ehrs.ehrsfmr21
Type Requirements
Id Id
FHIR Version R5
Source http://hl7.org/ehrs/https://build.fhir.org/ig/mvdzel/ehrsfm-fhir-r5/Requirements-EHRSFMR2.1-TI.1.1.html
Url http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.1
Version 2.1.0
Status active
Date 2024-11-26T16:30:50+00:00
Name TI_1_1_Entity_Authentication
Title TI.1.1 Entity Authentication (Function)
Experimental False
Realm uv
Authority hl7
Description Authenticate EHR-S users, and/or entities before allowing access.
Purpose All entities accessing the EHR-S are subject to authentication. Examples of entity authentication, with varying levels of authentication rigor, include: - username/password; - digital certificate; - secure token; - biometrics.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found



Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Authenticate EHR-S users, and/or entities before allowing access.

Description I:

All entities accessing the EHR-S are subject to authentication.

Examples of entity authentication, with varying levels of authentication rigor, include:

  • username/password;
  • digital certificate;
  • secure token;
  • biometrics.
Criteria N:
TI.1.1#01 dependent SHALL

The system SHALL authenticate entities (e.g., users, organizations, applications, components, objects, and/or devices) accessing EHR-S protected resources (e.g., functions and data) according to scope of practice, organizational policy, and/or jurisdictional law, using an authentication mechanism such as an accredited Standards Development Organization-approved authentication standard (e.g., SAML, WS-Trust, Kerberos), username/password, digital certificate, secure token, biometric, or hardware-specific addressing mechanism. (See also ISO 22600.)

TI.1.1#02 SHALL

The system SHALL manage authentication data/information securely (e.g., passwords or biometric data).

TI.1.1#03 dependent SHALL

The system SHALL maintain configurable conditions and rules which protect against invalid, possibly malicious, authentication attempts according to organizational policy, and/or jurisdictional law (e.g., consecutive invalid logon attempts).

TI.1.1#04 dependent conditional SHALL

IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain configurable timeframes (e.g., 180 days) for the reuse of passwords according to organizational policy, and/or jurisdictional law.

TI.1.1#05 dependent conditional SHALL

IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain a configurable limit on the reuse of recently used passwords (e.g., the last 5 passwords) according to organizational policy, and/or jurisdictional law.

TI.1.1#06 conditional SHALL

IF username/passwords are used to control access to the EHR-S, THEN the system SHALL maintain password strength rules (e.g., requiring a minimum number of characters and inclusion of alpha-numeric complexity).

TI.1.1#07 dependent conditional SHALL

IF passwords are used to control access to the system, THEN the system SHALL capture the password using obfuscation techniques (e.g., during user password entry) according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.1#08 conditional SHALL

IF passwords are used to control access to the EHR-S, THEN the system SHALL manage password reset as an administrative function.

TI.1.1#09 conditional SHALL

IF user passwords are initially set or later reset by an administrator, THEN the system SHALL provide the ability to update password at the next successful logon.

TI.1.1#10 SHALL

The system SHALL present limited feedback to the user during authentication.

TI.1.1#11 SHALL

The system SHALL provide the ability to enter case-insensitive 'usernames' that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).

TI.1.1#12 conditional SHALL

IF passwords are used, THEN the system SHALL provide the ability to enter case-sensitive passwords that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).


Source

{
  "resourceType" : "Requirements",
  "id" : "EHRSFMR2.1-TI.1.1",
  "meta" : {
    "profile" : [
      "http://hl7.org/ehrs/StructureDefinition/FMFunction"
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>Authenticate EHR-S users, and/or entities before allowing access.</p>\n</div></span>\n\n \n <span id=\"purpose\"><b>Description <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Informative Content\" class=\"informative-flag\">I</a>:</b> <div><p>All entities accessing the EHR-S are subject to authentication.</p>\n<p>Examples of entity authentication, with varying levels of authentication rigor, include:</p>\n<ul>\n<li>username/password;</li>\n<li>digital certificate;</li>\n<li>secure token;</li>\n<li>biometrics.</li>\n</ul>\n</div></span>\n \n\n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#01</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL authenticate entities (e.g., users, organizations, applications, components, objects, and/or devices) accessing EHR-S protected resources (e.g., functions and data) according to scope of practice, organizational policy, and/or jurisdictional law, using an authentication mechanism such as an accredited Standards Development Organization-approved authentication standard (e.g., SAML, WS-Trust, Kerberos), username/password, digital certificate, secure token, biometric, or hardware-specific addressing mechanism. (See also ISO 22600.)</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#02</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL manage authentication data/information securely (e.g., passwords or biometric data).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#03</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL maintain configurable conditions and rules which protect against invalid, possibly malicious, authentication attempts according to organizational policy, and/or jurisdictional law (e.g., consecutive invalid logon attempts).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#04</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain configurable timeframes (e.g., 180 days) for the reuse of passwords according to organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#05</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain a configurable limit on the reuse of recently used passwords (e.g., the last 5 passwords) according to organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#06</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF username/passwords are used to control access to the EHR-S, THEN the system SHALL maintain password strength rules (e.g., requiring a minimum number of characters and inclusion of alpha-numeric complexity).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#07</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF passwords are used to control access to the system, THEN the system SHALL capture the password using obfuscation techniques (e.g., during user password entry) according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#08</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF passwords are used to control access to the EHR-S, THEN the system SHALL manage password reset as an administrative function.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#09</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF user passwords are initially set or later reset by an administrator, THEN the system SHALL provide the ability to update password at the next successful logon.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#10</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL present limited feedback to the user during authentication.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#11</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to enter case-insensitive 'usernames' that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.1#12</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF passwords are used, THEN the system SHALL provide the ability to enter case-sensitive passwords that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
  },
  "url" : "http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.1",
  "version" : "2.1.0",
  "name" : "TI_1_1_Entity_Authentication",
  "title" : "TI.1.1 Entity Authentication (Function)",
  "status" : "active",
  "date" : "2024-11-26T16:30:50+00:00",
  "publisher" : "EHR WG",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description" : "Authenticate EHR-S users, and/or entities before allowing access.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "purpose" : "All entities accessing the EHR-S are subject to authentication.\n\nExamples of entity authentication, with varying levels of authentication rigor, include:\n- username/password;\n- digital certificate;\n- secure token;\n- biometrics.",
  "statement" : [
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-01",
      "label" : "TI.1.1#01",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL authenticate entities (e.g., users, organizations, applications, components, objects, and/or devices) accessing EHR-S protected resources (e.g., functions and data) according to scope of practice, organizational policy, and/or jurisdictional law, using an authentication mechanism such as an accredited Standards Development Organization-approved authentication standard (e.g., SAML, WS-Trust, Kerberos), username/password, digital certificate, secure token, biometric, or hardware-specific addressing mechanism. (See also ISO 22600.)",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.1#1"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-02",
      "label" : "TI.1.1#02",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL manage authentication data/information securely (e.g., passwords or biometric data)."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-03",
      "label" : "TI.1.1#03",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL maintain configurable conditions and rules which protect against invalid, possibly malicious, authentication attempts according to organizational policy, and/or jurisdictional law (e.g., consecutive invalid logon attempts).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.1#2"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-04",
      "label" : "TI.1.1#04",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain configurable timeframes (e.g., 180 days) for the reuse of passwords according to organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-05",
      "label" : "TI.1.1#05",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF passwords are used to control access to the EHR-S, THEN the system SHALL provide the ability to maintain a configurable limit on the reuse of recently used passwords (e.g., the last 5 passwords) according to organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-06",
      "label" : "TI.1.1#06",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF username/passwords are used to control access to the EHR-S, THEN the system SHALL maintain password strength rules (e.g., requiring a minimum number of characters and inclusion of alpha-numeric complexity)."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-07",
      "label" : "TI.1.1#07",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF passwords are used to control access to the system, THEN the system SHALL capture the password using obfuscation techniques (e.g., during user password entry) according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-08",
      "label" : "TI.1.1#08",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF passwords are used to control access to the EHR-S, THEN the system SHALL manage password reset as an administrative function."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-09",
      "label" : "TI.1.1#09",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF user passwords are initially set or later reset by an administrator, THEN the system SHALL provide the ability to update password at the next successful logon."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-10",
      "label" : "TI.1.1#10",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL present limited feedback to the user during authentication."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-11",
      "label" : "TI.1.1#11",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to enter case-insensitive 'usernames' that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII)."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.1-12",
      "label" : "TI.1.1#12",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF passwords are used, THEN the system SHALL provide the ability to enter case-sensitive passwords that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII)."
    }
  ]
}

XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.