FHIR © HL7.org  |  Server Home  |  FHIR Server FHIR Server 3.4.11  |  FHIR Version n/a  User: [n/a]

Resource Requirements/FHIR Server from package hl7.ehrs.ehrsfmr21#current (31 ms)

Package hl7.ehrs.ehrsfmr21
Type Requirements
Id Id
FHIR Version R5
Source http://hl7.org/ehrs/https://build.fhir.org/ig/mvdzel/ehrsfm-fhir-r5/Requirements-EHRSFMR2.1-TI.1.3.html
Url http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.3
Version 2.1.0
Status active
Date 2024-11-26T16:30:50+00:00
Name TI_1_3_Entity_Access_Control
Title TI.1.3 Entity Access Control (Function)
Experimental False
Realm uv
Authority hl7
Description Manage access to EHR-S resources.
Purpose To ensure access is controlled, an EHR-S must authenticate and check authorization of entities for appropriate operations.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found



Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Manage access to EHR-S resources.

Description I:

To ensure access is controlled, an EHR-S must authenticate and check authorization of entities for appropriate operations.

Criteria N:
TI.1.3#01 SHALL

The system SHALL conform to function [[TI.1.1]] (Entity Authentication).

TI.1.3#02 SHALL

The system SHALL conform to function [[TI.1.2]] (Entity Authorization).

TI.1.3#03 dependent SHALL

The system SHALL provide the ability to manage system and data access rules for all EHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#04 SHALL

The system SHALL manage the enforcement of authorizations to access EHR-S resources.

TI.1.3#05 dependent SHALL

The system SHALL control access to EHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.

TI.1.3#06 dependent SHOULD

The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#07 SHALL

The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).

TI.1.3#08 MAY

The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.

TI.1.3#09 MAY

The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.


Source

{
  "resourceType" : "Requirements",
  "id" : "EHRSFMR2.1-TI.1.3",
  "meta" : {
    "profile" : [
      "http://hl7.org/ehrs/StructureDefinition/FMFunction"
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>Manage access to EHR-S resources.</p>\n</div></span>\n\n \n <span id=\"purpose\"><b>Description <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Informative Content\" class=\"informative-flag\">I</a>:</b> <div><p>To ensure access is controlled, an EHR-S must authenticate and check authorization of entities for appropriate operations.</p>\n</div></span>\n \n\n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#01</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.1]] (Entity Authentication).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#02</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.2]] (Entity Authorization).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#03</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to manage system and data access rules for all EHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#04</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL manage the enforcement of authorizations to access EHR-S resources.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#05</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control access to EHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#06</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHOULD</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#07</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#08</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.3#09</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>MAY</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
  },
  "url" : "http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.3",
  "version" : "2.1.0",
  "name" : "TI_1_3_Entity_Access_Control",
  "title" : "TI.1.3 Entity Access Control (Function)",
  "status" : "active",
  "date" : "2024-11-26T16:30:50+00:00",
  "publisher" : "EHR WG",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description" : "Manage access to EHR-S resources.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "purpose" : "To ensure access is controlled, an EHR-S must authenticate and check authorization of entities for appropriate operations.",
  "statement" : [
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-01",
      "label" : "TI.1.3#01",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.1]] (Entity Authentication).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.3#1"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-02",
      "label" : "TI.1.3#02",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.2]] (Entity Authorization).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.3#2"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-03",
      "label" : "TI.1.3#03",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to manage system and data access rules for all EHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.3#3"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-04",
      "label" : "TI.1.3#04",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL manage the enforcement of authorizations to access EHR-S resources.",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.3#4"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-05",
      "label" : "TI.1.3#05",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL control access to EHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-06",
      "label" : "TI.1.3#06",
      "conformance" : [
        "SHOULD"
      ],
      "conditionality" : false,
      "requirement" : "The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-07",
      "label" : "TI.1.3#07",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics)."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-08",
      "label" : "TI.1.3#08",
      "conformance" : [
        "MAY"
      ],
      "conditionality" : false,
      "requirement" : "The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.3-09",
      "label" : "TI.1.3#09",
      "conformance" : [
        "MAY"
      ],
      "conditionality" : false,
      "requirement" : "The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories."
    }
  ]
}

XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.