XIG: Requirements/EHRSFMR2-TI.1.6

FHIR © HL7.org | Server Home | XIG Home | Server Source | FHIR

FHIR IG Statistics: Requirements/EHRSFMR2-TI.1.6

Package	hl7.ehrs.uv.ehrsfmr2
Type	Requirements
Id	EHRSFMR2-TI.1.6
FHIR Version	R5
Source	http://hl7.org/ehrs/uv/ehrsfmr2/https://build.fhir.org/ig/mvdzel/ehrsfm-fhir-r5/Requirements-EHRSFMR2-TI.1.6.html
URL	http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.1.6
Version	2.1.1-ballot
Status	active
Date	2025-05-13T15:11:00+00:00
Name	TI_1_6_Secure_Data_Exchange
Title	TI.1.6 Secure Data Exchange (Function)
Realm	uv
Authority	hl7
Description	Secure all modes of EHR data exchange.
Purpose	Whenever an exchange of EHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations.

Resources that use this resource

No resources found

Resources that this resource uses

No resources found

Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Secure all modes of EHR data exchange.

Description I:

Whenever an exchange of EHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations.

Actors:
ehr Criteria N:

TI.1.6#01

SHALL

The system SHALL secure all modes of EHR data exchange.

TI.1.6#02

SHALL

The system SHALL conform to function TI.1.7 (Secure Data Routing).

TI.1.6#03

SHOULD

The system SHOULD provide the ability to de-identify data.

TI.1.6#04

SHALL

The system SHALL encrypt and decrypt EHR data that is exchanged over a non-secure link.

TI.1.6#05

dependent conditional SHALL

IF encryption is used, THEN the system SHALL exchange data using recognized standards-based encryption mechanisms according to organizational policy, and/or jurisdictional law.

TI.1.6#06

conditional SHOULD

IF the EHR-S is the recipient of a secure data exchange, THEN the system SHOULD provide the ability to transmit an acknowledgment of the receipt of the data.

TI.1.6#07

SHALL

The system SHALL provide the ability to determine static or dynamic addresses for known and authorized sources and destinations.

Source

{
  "resourceType": "Requirements",
  "id": "EHRSFMR2-TI.1.6",
  "meta": {
    "profile": [
      "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/FMFunction"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "ehr"
    }
  ],
  "url": "http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.1.6",
  "version": "2.1.1-ballot",
  "name": "TI_1_6_Secure_Data_Exchange",
  "title": "TI.1.6 Secure Data Exchange (Function)",
  "status": "active",
  "date": "2025-05-13T15:11:00+00:00",
  "publisher": "HL7 International / Electronic Health Records",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description": "Secure all modes of EHR data exchange.",
  "jurisdiction": [
    {
      "coding": [
        {
          "system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code": "001",
          "display": "World"
        }
      ]
    }
  ],
  "purpose": "Whenever an exchange of EHR information occurs, it requires appropriate security and privacy considerations, including data obfuscation as well as both destination and source authentication when necessary. For example, it may be necessary to encrypt data sent to remote or external destinations.",
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-01",
      "label": "TI.1.6#01",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL secure all modes of EHR data exchange.",
      "derivedFrom": "EHR-S_FM_R1.1 IN.1.6#1"
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-02",
      "label": "TI.1.6#02",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL conform to function [TI.1.7](Requirements-EHRSFMR2-TI.1.7.html) (Secure Data Routing).",
      "derivedFrom": "EHR-S_FM_R1.1 IN.1.6#2"
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-03",
      "label": "TI.1.6#03",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": false,
      "requirement": "The system SHOULD provide the ability to de-identify data.",
      "derivedFrom": "EHR-S_FM_R1.1 IN.1.6#3"
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-04",
      "label": "TI.1.6#04",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL encrypt and decrypt EHR data that is exchanged over a non-secure link.",
      "derivedFrom": "EHR-S_FM_R1.1 IN.1.6#4"
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "EHRSFMR2-TI.1.6-05",
      "label": "TI.1.6#05",
      "conformance": [
        "SHALL"
      ],
      "conditionality": true,
      "requirement": "IF encryption is used, THEN the system SHALL exchange data using recognized standards-based encryption mechanisms according to organizational policy, and/or jurisdictional law.",
      "derivedFrom": "EHR-S_FM_R1.1 IN.1.6#5"
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-06",
      "label": "TI.1.6#06",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": true,
      "requirement": "IF the EHR-S is the recipient of a secure data exchange, THEN the system SHOULD provide the ability to transmit an acknowledgment of the receipt of the data."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "EHRSFMR2-TI.1.6-07",
      "label": "TI.1.6#07",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL provide the ability to determine static or dynamic addresses for known and authorized sources and destinations."
    }
  ]
}