FHIR © HL7.org  |  Server Home  |  FHIR Server FHIR Server 3.4.11  |  FHIR Version n/a  User: [n/a]

Resource Requirements/FHIR Server from package hl7.fhir.uv.cmhaffr2#current (31 ms)

Package hl7.fhir.uv.cmhaffr2
Type Requirements
Id Id
FHIR Version R5
Source http://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-APU.4.html
Url http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4
Version 2.0.1
Status active
Date 2025-01-30T10:38:20+00:00
Name APU_4_Security_for_Data_at_Rest_and_in_Transport
Title APU.4 Security for Data at Rest and in Transport (Header)
Experimental False
Realm uv
Authority hl7
Description This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations.

Resources that use this resource

No resources found

Resources that this resource uses

No resources found

Narrative

Note: links and images are rebased to the (stated) source

Generated Narrative: Requirements CMHAFFR2-APU.4

APU.4#83SHALL

PHI and PII stored on a smartphone is stored as encrypted values.

APU.4#84SHALL

PHI and PII stored by the mobile app on any external server is stored as encrypted values.

APU.4#85SHALL

Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app.

APU.4#86SHOULD

Improve and/or upgrade encryption cipher and suites to match evolving best practices.

APU.4#87SHALL

PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values.

Source

{
  "resourceType" : "Requirements",
  "id" : "CMHAFFR2-APU.4",
  "meta" : {
    "profile" : [
      "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
    ]
  },
  "text" : {
    "status" : "generated",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: Requirements CMHAFFR2-APU.4</b></p><a name=\"CMHAFFR2-APU.4\"> </a><a name=\"hcCMHAFFR2-APU.4\"> </a><a name=\"CMHAFFR2-APU.4-en-US\"> </a><table class=\"grid\"><tr><td><b><a name=\"CMHAFFR2-APU.4-83\"> </a></b>APU.4#83</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>PHI and PII stored on a smartphone is stored as encrypted values.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.4-84\"> </a></b>APU.4#84</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>PHI and PII stored by the mobile app on any external server is stored as encrypted values.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.4-85\"> </a></b>APU.4#85</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.4-86\"> </a></b>APU.4#86</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHOULD\">SHOULD</a></td><td><div><p>Improve and/or upgrade encryption cipher and suites to match evolving best practices.</p>\n</div></td></tr><tr><td><b><a name=\"CMHAFFR2-APU.4-87\"> </a></b>APU.4#87</td><td><a href=\"http://hl7.org/fhir/R5/codesystem-conformance-expectation.html#conformance-expectation-SHALL\">SHALL</a></td><td><div><p>PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values.</p>\n</div></td></tr></table></div>"
  },
  "url" : "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4",
  "version" : "2.0.1",
  "name" : "APU_4_Security_for_Data_at_Rest_and_in_Transport",
  "title" : "APU.4 Security for Data at Rest and in Transport (Header)",
  "status" : "active",
  "date" : "2025-01-30T10:38:20+00:00",
  "publisher" : "HL7 International / Mobile Health",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/mobile"
        }
      ]
    }
  ],
  "description" : "This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "statement" : [
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.4-83",
      "label" : "APU.4#83",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "PHI and PII stored on a smartphone is stored as encrypted values."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.4-84",
      "label" : "APU.4#84",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "PHI and PII stored by the mobile app on any external server is stored as encrypted values."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.4-85",
      "label" : "APU.4#85",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.4-86",
      "label" : "APU.4#86",
      "conformance" : [
        "SHOULD"
      ],
      "conditionality" : false,
      "requirement" : "Improve and/or upgrade encryption cipher and suites to match evolving best practices."
    },
    {
      "extension" : [
        {
          "url" : "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean" : false
        }
      ],
      "key" : "CMHAFFR2-APU.4-87",
      "label" : "APU.4#87",
      "conformance" : [
        "SHALL"
      ],
      "conditionality" : false,
      "requirement" : "PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values."
    }
  ]
}

XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.