FHIR © HL7.org  |  Server Home  |  FHIR Server FHIR Server 3.4.11  |  FHIR Version n/a  User: [n/a]

Resource Requirements/FHIR Server from package hl7.ehrs.ehrsfmr21#current (47 ms)

Package hl7.ehrs.ehrsfmr21
Type Requirements
Id Id
FHIR Version R5
Source http://hl7.org/ehrs/https://build.fhir.org/ig/mvdzel/ehrsfm-fhir-r5/Requirements-EHRSFMR2.1-TI.1.8.html
Url http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.8
Version 2.1.0
Status active
Date 2024-11-26T16:30:50+00:00
Name TI_1_8_Patient_Privacy_and_Confidentiality
Title TI.1.8 Patient Privacy and Confidentiality (Function)
Experimental False
Realm uv
Authority hl7
Description Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.
Purpose Patients' privacy and the confidentiality of EHRs are violated if access to EHRs occurs without authorization. Violations or potential violations can impose tangible economic or social losses on affected patients, as well as less tangible feelings of vulnerability and pain. Fear of potential violations discourages patients from revealing sensitive personal information that may be relevant to diagnostic and treatment services. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions. Authorization to access the most sensitive parts of an EHR is most definitive if made by the explicit and specific consent of the patient. Please see the definition of masking in the glossary. Organizational practices related to privacy and security jurisdictional laws could be called into question during a legal proceeding. Adherence to applicable laws supports the credibility and trustworthiness of the organization.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found



Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.

Description I:

Patients' privacy and the confidentiality of EHRs are violated if access to EHRs occurs without authorization. Violations or potential violations can impose tangible economic or social losses on affected patients, as well as less tangible feelings of vulnerability and pain. Fear of potential violations discourages patients from revealing sensitive personal information that may be relevant to diagnostic and treatment services. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions. Authorization to access the most sensitive parts of an EHR is most definitive if made by the explicit and specific consent of the patient. Please see the definition of masking in the glossary.

Organizational practices related to privacy and security jurisdictional laws could be called into question during a legal proceeding. Adherence to applicable laws supports the credibility and trustworthiness of the organization.

Criteria N:
TI.1.8#01 dependent SHALL

The system SHALL provide the ability to maintain compliance with requirements for patient privacy and confidentiality according to scope of practice, organizational policy, and/or jurisdictional law (e.g., US HIPAA Privacy Rules, US Federal Conditions of Participation for Medicare/Medicaid Providers).

TI.1.8#02 SHALL

The system SHALL conform to function [[TI.1.1]] (Entity Authentication).

TI.1.8#03 SHALL

The system SHALL conform to function [[TI.1.2]] (Entity Authorization).

TI.1.8#04 SHALL

The system SHALL conform to function [[TI.1.3]] (Entity Access Control).

TI.1.8#05 SHALL

The system SHALL conform to function [[TI.1.5]] (Non-Repudiation).

TI.1.8#06 SHALL

The system SHALL conform to function [[TI.1.6]] (Secure Data Exchange).

TI.1.8#07 SHALL

The system SHALL conform to function [[TI.2]] (Audit).

TI.1.8#08 dependent SHALL

The system SHALL provide the ability to maintain varying levels of confidentiality according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.

TI.1.8#09 dependent SHALL

The system SHALL provide the ability to mask parts of the electronic health record (e.g., medications, conditions, sensitive documents) from disclosure according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.

TI.1.8#10 dependent SHALL

The system SHALL provide the ability to unmask (override a mask) in emergency or other specific situations in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.8#11 dependent SHOULD

The system SHOULD provide the ability to maintain indicators (flags) to health record users that content has been masked in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.8#12 conditional SHALL

IF the system allows a user to unmask (override a mask) in an emergency or other specific situation, THEN the system SHALL provide the ability to capture the reason for unmasking or overriding the mask.

TI.1.8#13 SHALL

The system SHALL provide the ability to manage patient consents to, or restrictions against, any access to data.

TI.1.8#14 dependent SHALL

The system SHALL provide the ability to manage a privacy policy according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.

TI.1.8#15 dependent SHALL

The system SHALL provide the ability to control access by specified user(s) to a particular patient health record either by inclusion or exclusion according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.


Source

{
  "resourceType" : "Requirements",
  "id" : "EHRSFMR2.1-TI.1.8",
  "meta" : {
    "profile" : [
      "http://hl7.org/ehrs/StructureDefinition/FMFunction"
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <span id=\"description\"><b>Statement <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b> <div><p>Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.</p>\n</div></span>\n\n \n <span id=\"purpose\"><b>Description <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Informative Content\" class=\"informative-flag\">I</a>:</b> <div><p>Patients' privacy and the confidentiality of EHRs are violated if access to EHRs occurs without authorization. Violations or potential violations can impose tangible economic or social losses on affected patients, as well as less tangible feelings of vulnerability and pain. Fear of potential violations discourages patients from revealing sensitive personal information that may be relevant to diagnostic and treatment services. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions. Authorization to access the most sensitive parts of an EHR is most definitive if made by the explicit and specific consent of the patient. Please see the definition of masking in the glossary.</p>\n<p>Organizational practices related to privacy and security jurisdictional laws could be called into question during a legal proceeding. Adherence to applicable laws supports the credibility and trustworthiness of the organization.</p>\n</div></span>\n \n\n \n\n \n <span id=\"requirements\"><b>Criteria <a href=\"https://hl7.org/fhir/versions.html#std-process\" title=\"Normative Content\" class=\"normative-flag\">N</a>:</b></span>\n \n <table id=\"statements\" class=\"grid dict\">\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#01</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to maintain compliance with requirements for patient privacy and confidentiality according to scope of practice, organizational policy, and/or jurisdictional law (e.g., US HIPAA Privacy Rules, US Federal Conditions of Participation for Medicare/Medicaid Providers).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#02</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.1]] (Entity Authentication).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#03</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.2]] (Entity Authorization).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#04</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.3]] (Entity Access Control).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#05</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.5]] (Non-Repudiation).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#06</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.1.6]] (Secure Data Exchange).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#07</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL conform to function [[TI.2]] (Audit).</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#08</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to maintain varying levels of confidentiality according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#09</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to mask parts of the electronic health record (e.g., medications, conditions, sensitive documents) from disclosure according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#10</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to unmask (override a mask) in emergency or other specific situations in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#11</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHOULD</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHOULD provide the ability to maintain indicators (flags) to health record users that content has been masked in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#12</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n <i>conditional</i>\n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>IF the system allows a user to unmask (override a mask) in an emergency or other specific situation, THEN the system SHALL provide the ability to capture the reason for unmasking or overriding the mask.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#13</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to manage patient consents to, or restrictions against, any access to data.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#14</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to manage a privacy policy according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n <tr>\n <td style=\"padding-left: 4px;\">\n \n <span>TI.1.8#15</span>\n \n </td>\n <td style=\"padding-left: 4px;\">\n \n <i>dependent</i>\n \n \n \n <span>SHALL</span>\n \n </td>\n <td style=\"padding-left: 4px;\" class=\"requirement\">\n \n <span><div><p>The system SHALL provide the ability to control access by specified user(s) to a particular patient health record either by inclusion or exclusion according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.</p>\n</div></span>\n \n \n </td>\n </tr>\n \n </table>\n</div>"
  },
  "url" : "http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.1.8",
  "version" : "2.1.0",
  "name" : "TI_1_8_Patient_Privacy_and_Confidentiality",
  "title" : "TI.1.8 Patient Privacy and Confidentiality (Function)",
  "status" : "active",
  "date" : "2024-11-26T16:30:50+00:00",
  "publisher" : "EHR WG",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description" : "Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "purpose" : "Patients' privacy and the confidentiality of EHRs are violated if access to EHRs occurs without authorization. Violations or potential violations can impose tangible economic or social losses on affected patients, as well as less tangible feelings of vulnerability and pain. Fear of potential violations discourages patients from revealing sensitive personal information that may be relevant to diagnostic and treatment services. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions. Authorization to access the most sensitive parts of an EHR is most definitive if made by the explicit and specific consent of the patient. Please see the definition of masking in the glossary.\n\nOrganizational practices related to privacy and security jurisdictional laws could be called into question during a legal proceeding. Adherence to applicable laws supports the credibility and trustworthiness of the organization.",
  "statement" : [
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-01",
      "label" : "TI.1.8#01",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to maintain compliance with requirements for patient privacy and confidentiality according to scope of practice, organizational policy, and/or jurisdictional law (e.g., US HIPAA Privacy Rules, US Federal Conditions of Participation for Medicare/Medicaid Providers).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#1"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-02",
      "label" : "TI.1.8#02",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.1]] (Entity Authentication).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#2"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-03",
      "label" : "TI.1.8#03",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.2]] (Entity Authorization).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#3"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-04",
      "label" : "TI.1.8#04",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.3]] (Entity Access Control).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#4"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-05",
      "label" : "TI.1.8#05",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.5]] (Non-Repudiation).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#5"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-06",
      "label" : "TI.1.8#06",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.1.6]] (Secure Data Exchange).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#6"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-07",
      "label" : "TI.1.8#07",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL conform to function [[TI.2]] (Audit).",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#7"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-08",
      "label" : "TI.1.8#08",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to maintain varying levels of confidentiality according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#8"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-09",
      "label" : "TI.1.8#09",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to mask parts of the electronic health record (e.g., medications, conditions, sensitive documents) from disclosure according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law.",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#9"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-10",
      "label" : "TI.1.8#10",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to unmask (override a mask) in emergency or other specific situations in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law.",
      "derivedFrom" : "EHR-S_FM_R1.1 IN.1.9#10"
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-11",
      "label" : "TI.1.8#11",
      "conformance" : [
        "SHOULD"
      ],
      "conditionality" : false,
      "requirement" : "The system SHOULD provide the ability to maintain indicators (flags) to health record users that content has been masked in accordance with users' role, and according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-12",
      "label" : "TI.1.8#12",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : true,
      "requirement" : "IF the system allows a user to unmask (override a mask) in an emergency or other specific situation, THEN the system SHALL provide the ability to capture the reason for unmasking or overriding the mask."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-13",
      "label" : "TI.1.8#13",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to manage patient consents to, or restrictions against, any access to data."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-14",
      "label" : "TI.1.8#14",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to manage a privacy policy according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/ehrs/StructureDefinition/requirements-dependent",
          "valueBoolean" : true
        }
      ],
      "key" : "EHRSFMR2.1-TI.1.8-15",
      "label" : "TI.1.8#15",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "The system SHALL provide the ability to control access by specified user(s) to a particular patient health record either by inclusion or exclusion according to patient preferences, user role, scope of practice, organizational policy, and/or jurisdictional law."
    }
  ]
}

XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.