FHIR © HL7.org  |  Server Home  |  XIG Home  |  Server Source  |  FHIR  

FHIR IG Statistics: Requirements/PHRSFMR2-TI.1.3

Packagehl7.ehrs.uv.phrsfmr2
TypeRequirements
IdPHRSFMR2-TI.1.3
FHIR VersionR5
Sourcehttp://hl7.org/ehrs/uv/phrsfmr2/https://build.fhir.org/ig/HL7/phrsfm-ig/Requirements-PHRSFMR2-TI.1.3.html
URLhttp://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.3
Version2.0.1-ballot
Statusactive
Date2025-04-03T15:15:30+00:00
NameTI_1_3_Entity_Access_Control
TitleTI.1.3 Entity Access Control (Function)
Authorityhl7
DescriptionManage access to PHR-S resources.
PurposeTo ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found


Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Manage access to PHR-S resources.

Description I:

To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.

Actors:
ehr
Criteria N:
TI.1.3#01 SHALL

The system SHALL conform to function TI.1.1 (Entity Authentication).

TI.1.3#02 SHALL

The system SHALL conform to function TI.1.2 (Entity Authorization).

TI.1.3#03 dependent SHALL

The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#04 SHALL

The system SHALL manage the enforcement of authorizations to access PHR-S resources.

TI.1.3#05 dependent SHALL

The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law.

TI.1.3#08 dependent SHOULD

The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law.

TI.1.3#09 SHALL

The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics).

TI.1.3#10 MAY

The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories.

TI.1.3#11 MAY

The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories.


Source

{
  "resourceType": "Requirements",
  "id": "PHRSFMR2-TI.1.3",
  "meta": {
    "profile": [
      "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "ehr"
    }
  ],
  "url": "http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.1.3",
  "version": "2.0.1-ballot",
  "name": "TI_1_3_Entity_Access_Control",
  "title": "TI.1.3 Entity Access Control (Function)",
  "status": "active",
  "date": "2025-04-03T15:15:30+00:00",
  "publisher": "EHR WG",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description": "Manage access to PHR-S resources.",
  "purpose": "To ensure access is controlled, a PHR-S must authenticate and check authorization of entities for appropriate operations.",
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-01",
      "label": "TI.1.3#01",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL conform to function [TI.1.1](Requirements-PHRSFMR2-TI.1.1.html) (Entity Authentication)."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-02",
      "label": "TI.1.3#02",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL conform to function [TI.1.2](Requirements-PHRSFMR2-TI.1.2.html) (Entity Authorization)."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "PHRSFMR2-TI.1.3-03",
      "label": "TI.1.3#03",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL provide the ability to manage system and data access rules for all PHR-S resources according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-04",
      "label": "TI.1.3#04",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL manage the enforcement of authorizations to access PHR-S resources."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "PHRSFMR2-TI.1.3-05",
      "label": "TI.1.3#05",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL control access to PHR-S resources after a configurable period of inactivity by terminating the session, or by initiating a session lock that remains in effect until the entity re-establishes access using appropriate identification and authentication procedures, according to organizational policy, and/or jurisdictional law."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "PHRSFMR2-TI.1.3-08",
      "label": "TI.1.3#08",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": false,
      "requirement": "The system SHOULD provide the ability to control-access to data, and/or functionality according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-09",
      "label": "TI.1.3#09",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL control-access to data, and/or functionality by using authentication mechanisms that comply with regulatory and policy guidelines (e.g.,by using a combination of Username and Password, Digital Certificates, Secure Tokens, and/or Biometrics)."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-10",
      "label": "TI.1.3#10",
      "conformance": [
        "MAY"
      ],
      "conditionality": false,
      "requirement": "The system MAY provide the ability to determine the identity of public health agencies for healthcare purposes through the use of internal, and/or external registry services or directories."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "PHRSFMR2-TI.1.3-11",
      "label": "TI.1.3#11",
      "conformance": [
        "MAY"
      ],
      "conditionality": false,
      "requirement": "The system MAY provide the ability to determine the identity of healthcare resources (e.g., Meal Delivery services for home-based patients) and devices (e.g., wheelchairs) for resource management purposes through the use of internal, and/or external registry services or directories."
    }
  ]
}