XIG: Requirements/PHRSFMR2-TI.2

FHIR © HL7.org | Server Home | XIG Home | Server Source | FHIR

FHIR IG Statistics: Requirements/PHRSFMR2-TI.2

Package	hl7.ehrs.uv.phrsfmr2
Type	Requirements
Id	PHRSFMR2-TI.2
FHIR Version	R5
Source	http://hl7.org/ehrs/uv/phrsfmr2/https://build.fhir.org/ig/HL7/phrsfm-ig/Requirements-PHRSFMR2-TI.2.html
URL	http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.2
Version	2.0.1-ballot
Status	active
Date	2025-04-03T15:15:30+00:00
Name	TI_2_Audit
Title	TI.2 Audit (Function)
Authority	hl7
Description	Audit Key Record, Security, System and Clinical Events
Purpose	PHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations. Event details, including key metadata (who, what, when, where), are captured in an Audit Log. Audit Review functions allow various methods of critical event notification as well as routine log review. Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.

Resources that use this resource

No resources found

Resources that this resource uses

No resources found

Narrative

Note: links and images are rebased to the (stated) source

Statement N:

Audit Key Record, Security, System and Clinical Events

Description I:

PHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations.

Event details, including key metadata (who, what, when, where), are captured in an Audit Log.

Audit Review functions allow various methods of critical event notification as well as routine log review.

Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.

Actors:
ehr Criteria N:

TI.2#01

dependent SHALL

The system SHALL conform to function TI.1.3 (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law.

TI.2#02

dependent SHALL

The system SHALL conform to function TI.1.3 (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information).

Source

{
  "resourceType": "Requirements",
  "id": "PHRSFMR2-TI.2",
  "meta": {
    "profile": [
      "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/FMFunction"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "ehr"
    }
  ],
  "url": "http://hl7.org/ehrs/uv/phrsfmr2/Requirements/PHRSFMR2-TI.2",
  "version": "2.0.1-ballot",
  "name": "TI_2_Audit",
  "title": "TI.2 Audit (Function)",
  "status": "active",
  "date": "2025-04-03T15:15:30+00:00",
  "publisher": "EHR WG",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/ehr"
        }
      ]
    }
  ],
  "description": "Audit Key Record, Security, System and Clinical Events",
  "purpose": "PHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations.\r\n\r\nEvent details, including key metadata (who, what, when, where), are captured in an Audit Log.\r\n\r\nAudit Review functions allow various methods of critical event notification as well as routine log review.\r\n\r\nAudit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.",
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "PHRSFMR2-TI.2-01",
      "label": "TI.2#01",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL conform to function [TI.1.3](Requirements-PHRSFMR2-TI.1.3.html) (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/ehrs/uv/phrsfmr2/StructureDefinition/requirements-dependent",
          "valueBoolean": true
        }
      ],
      "key": "PHRSFMR2-TI.2-02",
      "label": "TI.2#02",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The system SHALL conform to function [TI.1.3](Requirements-PHRSFMR2-TI.1.3.html) (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information)."
    }
  ]
}