| Package | hl7.fhir.uv.cmhaffr2 |
| Type | Requirements |
| Id | Id |
| FHIR Version | R5 |
| Source | http://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-APU.2.html |
| Url | http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.2 |
| Version | 2.0.1 |
| Status | active |
| Date | 2025-01-30T10:38:20+00:00 |
| Name | APU_2_User_Authorizations |
| Title | APU.2 User Authorizations (Header) |
| Experimental | False |
| Realm | uv |
| Authority | hl7 |
| Description | This category is about personal data collection and use, including access to device features, being understood and explicitly authorized (consented to) by the users of the app. |
No resources found
No resources found
Note: links and images are rebased to the (stated) source
Generated Narrative: Requirements CMHAFFR2-APU.2
| APU.2#66 | SHALL | Smartphone functionality and data sources may only be used when essential to perform specific functions of the app. This includes, but is not limited to, the use of: location services, camera, microphone, accelerometer and other sensors, contact lists, calendars. |
| APU.2#67 | SHALL | Before using select smartphone functions and data sources for the first time, app users are asked for permission to use these services and data sources. Permissions for each function, data source and user tracking activity controlled by the app can be individually specified by the user. |
| APU.2#68 | SHALL | Before exporting data from the smartphone, or from any device integrated with the smartphone, the app user is asked for permission to transmit the data with an explanation of what data is being transmitted, and to which recipients for what purposes (e.g., to servers of the app supplier, for backups, for big data analysis). Permission is requested before the first potential transmission of data. Permission is re-requested the first time any additional data elements are sent to an external data source when permission had previously been extended for a smaller set of data. Permission is not requested at every transmission, if the scope of exported data remains unchanged. |
| APU.2#69 | SHALL | [App requests permission to use data generated by the app after it is de-identified] Account holder is informed of who would have access to the de-identified data and for what purpose. |
| APU.2#70 | SHALL | [App requests permission to use data generated by the app after it is de-identified] Account holder is informed of the possibility that de-identified data can potentially be re-identified and steps the app sponsor takes to prevent re-identification. |
| APU.2#71 | SHALL | [User gives permission for data generated by the app to be de-identified and used] Data de-identification, at minimum, follows realm-specific rules (e.g., HIPAA safe-harbor in USA). |
| APU.2#72 | SHALL | [In-app payments exist]. In-app payments are not triggered in such a way that can expose healthcare-related information to payment organizations. |
| APU.2#73 | SHALL | [App uses in-app advertising]. Potential use of PHI or PII to personalize advertisements from the app shall be disclosed to the user, who shall be given the opportunity to consent or decline. |
| APU.2#74 | SHOULD | An app user can choose to permit some, but not all, requested data to be exported from a smartphone or associated device. The user is informed as to how the choice to limit data affects the functionality of the app. |
| APU.2#75 | SHOULD | [App user denies a permission requested by the app] The app user is informed of the consequence of not extending the permission and is given a second chance to extend a permission. |
| APU.2#76 | SHALL | [Data is shared with social networks] Data sharing can only commence after obtaining and recording explicit user consent.[1] |
FHIR{
"resourceType" : "Requirements",
"id" : "CMHAFFR2-APU.2",
"meta" : {
"profile" : [
"http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
]
},
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: Requirements CMHAFFR2-APU.2</b></p><a name=\"CMHAFFR2-APU.2\"> </a><a name=\"hcCMHAFFR2-APU.2\"> </a><a name=\"CMHAFFR2-APU.2-en-US\"> </a><table class=\"grid\"><tr><td><b><a name=\"CMHAFFR2-APU.2-66\"> </a></b>APU.2#66</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>Smartphone functionality and data sources may only be used when essential to perform specific functions of the app. This includes, but is not limited to, the use of: location services, camera, microphone, accelerometer and other sensors, contact lists, calendars.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-67\"> </a></b>APU.2#67</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>Before using select smartphone functions and data sources for the first time, app users are asked for permission to use these services and data sources. Permissions for each function, data source and user tracking activity controlled by the app can be individually specified by the user.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-68\"> </a></b>APU.2#68</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>Before exporting data from the smartphone, or from any device integrated with the smartphone, the app user is asked for permission to transmit the data with an explanation of what data is being transmitted, and to which recipients for what purposes (e.g., to servers of the app supplier, for backups, for big data analysis). Permission is requested before the first potential transmission of data. Permission is re-requested the first time any additional data elements are sent to an external data source when permission had previously been extended for a smaller set of data. Permission is not requested at every transmission, if the scope of exported data remains unchanged.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-69\"> </a></b>APU.2#69</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[App requests permission to use data generated by the app after it is de-identified] Account holder is informed of who would have access to the de-identified data and for what purpose.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-70\"> </a></b>APU.2#70</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[App requests permission to use data generated by the app after it is de-identified] Account holder is informed of the possibility that de-identified data can potentially be re-identified and steps the app sponsor takes to prevent re-identification.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-71\"> </a></b>APU.2#71</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[User gives permission for data generated by the app to be de-identified and used] Data de-identification, at minimum, follows realm-specific rules (e.g., HIPAA safe-harbor in USA).</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-72\"> </a></b>APU.2#72</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[In-app payments exist]. In-app payments are not triggered in such a way that can expose healthcare-related information to payment organizations.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-73\"> </a></b>APU.2#73</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[App uses in-app advertising]. Potential use of PHI or PII to personalize advertisements from the app shall be disclosed to the user, who shall be given the opportunity to consent or decline.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-74\"> </a></b>APU.2#74</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHOULD\">SHOULD</a></td><td><div><p>An app user can choose to permit some, but not all, requested data to be exported from a smartphone or associated device. The user is informed as to how the choice to limit data affects the functionality of the app.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-75\"> </a></b>APU.2#75</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHOULD\">SHOULD</a></td><td><div><p>[App user denies a permission requested by the app] The app user is informed of the consequence of not extending the permission and is given a second chance to extend a permission.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.2-76\"> </a></b>APU.2#76</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>[Data is shared with social networks] Data sharing can only commence after obtaining and recording explicit user consent.[1]</p>\n</div></td></tr></table></div>"
},
"url" : "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.2",
"version" : "2.0.1",
"name" : "APU_2_User_Authorizations",
"title" : "APU.2 User Authorizations (Header)",
"status" : "active",
"date" : "2025-01-30T10:38:20+00:00",
"publisher" : "HL7 International / Mobile Health",
"contact" : [
{
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/mobile"
}
]
}
],
"description" : "This category is about personal data collection and use, including access to device features, being understood and explicitly\nauthorized (consented to) by the users of the app.",
"jurisdiction" : [
{
"coding" : [
{
"system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code" : "001",
"display" : "World"
}
]
}
],
"statement" : [
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-66",
"label" : "APU.2#66",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Smartphone functionality and data sources may only be used when essential to perform specific functions of the app. This includes, but is not limited to, the use of: location services, camera, microphone, accelerometer and other sensors, contact lists, calendars."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-67",
"label" : "APU.2#67",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Before using select smartphone functions and data sources for the first time, app users are asked for permission to use these services and data sources. Permissions for each function, data source and user tracking activity controlled by the app can be individually specified by the user."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-68",
"label" : "APU.2#68",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Before exporting data from the smartphone, or from any device integrated with the smartphone, the app user is asked for permission to transmit the data with an explanation of what data is being transmitted, and to which recipients for what purposes (e.g., to servers of the app supplier, for backups, for big data analysis). Permission is requested before the first potential transmission of data. Permission is re-requested the first time any additional data elements are sent to an external data source when permission had previously been extended for a smaller set of data. Permission is not requested at every transmission, if the scope of exported data remains unchanged."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-69",
"label" : "APU.2#69",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[App requests permission to use data generated by the app after it is de-identified] Account holder is informed of who would have access to the de-identified data and for what purpose."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-70",
"label" : "APU.2#70",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[App requests permission to use data generated by the app after it is de-identified] Account holder is informed of the possibility that de-identified data can potentially be re-identified and steps the app sponsor takes to prevent re-identification."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-71",
"label" : "APU.2#71",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[User gives permission for data generated by the app to be de-identified and used] Data de-identification, at minimum, follows realm-specific rules (e.g., HIPAA safe-harbor in USA)."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-72",
"label" : "APU.2#72",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[In-app payments exist]. In-app payments are not triggered in such a way that can expose healthcare-related information to payment organizations."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-73",
"label" : "APU.2#73",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[App uses in-app advertising]. Potential use of PHI or PII to personalize advertisements from the app shall be disclosed to the user, who shall be given the opportunity to consent or decline."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-74",
"label" : "APU.2#74",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "An app user can choose to permit some, but not all, requested data to be exported from a smartphone or associated device. The user is informed as to how the choice to limit data affects the functionality of the app."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-75",
"label" : "APU.2#75",
"conformance" : [
"SHOULD"
],
"conditionality" : false,
"requirement" : "[App user denies a permission requested by the app] The app user is informed of the consequence of not extending the permission and is given a second chance to extend a permission."
},
{
"extension" : [
{
"url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean" : false
}
],
"key" : "CMHAFFR2-APU.2-76",
"label" : "APU.2#76",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "[Data is shared with social networks] Data sharing can only commence after obtaining and recording explicit user consent.[1]"
}
]
}
XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.