FHIR © HL7.org  |  Server Home  |  XIG Home  |  Server Source  |  FHIR  

FHIR IG Statistics: Requirements/CMHAFFR2-APU.10

Packagehl7.fhir.uv.cmhaffr2
TypeRequirements
IdCMHAFFR2-APU.10
FHIR VersionR5
Sourcehttp://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-APU.10.html
URLhttp://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.10
Version2.0.1
Statusactive
Date2025-05-28T08:01:49+00:00
NameAPU_10_Audit
TitleAPU.10 Audit (Header)
Realmuv
Authorityhl7
DescriptionThis category is about auditing, which is a mechanism for user and system accountability. Important events, such as logins and access to particular functions and data, are recorded and can be used to detect instances of non-compliant behavior and to facilitate detection of improper creation, access, modification, and deletion of personal health information. Any information technology including consumer health apps should follow best practices in managing an audit trail. The audit trail should maintain a record of users who have accessed what data, from where, and when. Audit logs should also record any attempts to access the system from an unauthorized terminal; expired usernames or passwords that try to access the system, unusual numbers of authentication attempts, and violations of an organizations security policy.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found


Narrative

Note: links and images are rebased to the (stated) source

Statement N:

This category is about auditing, which is a mechanism for user and system accountability. Important events, such as logins and access to particular functions and data, are recorded and can be used to detect instances of non-compliant behavior and to facilitate detection of improper creation, access, modification, and deletion of personal health information. Any information technology including consumer health apps should follow best practices in managing an audit trail. The audit trail should maintain a record of users who have accessed what data, from where, and when. Audit logs should also record any attempts to access the system from an unauthorized terminal; expired usernames or passwords that try to access the system, unusual numbers of authentication attempts, and violations of an organizations security policy.

Criteria N:
APU.10#111 SHALL

[User authentication is required to access app] User authentication attempts, both successful and unsuccessful, generate an audit record.

APU.10#112 SHALL

User permissions to access, or the revocation of access, regarding smartphone/tablet device capabilities for use by the app (e.g., use of camera, location services) generate an audit record.

APU.10#113 SHALL

[App uses external devices or data sources for data collection] Pairing a device or data repository external to the app, which supplies data used by the app, generates an audit record.

APU.10#114 SHALL

[App allows for the export of data to a data repository external to the app] Any export of data from the app generates an audit record.


Source

{
  "resourceType": "Requirements",
  "id": "CMHAFFR2-APU.10",
  "meta": {
    "profile": [
      "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "mobile"
    }
  ],
  "url": "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.10",
  "version": "2.0.1",
  "name": "APU_10_Audit",
  "title": "APU.10 Audit (Header)",
  "status": "active",
  "date": "2025-05-28T08:01:49+00:00",
  "publisher": "HL7 International / Mobile Health",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/mobile"
        }
      ]
    }
  ],
  "description": "This category is about auditing, which is a mechanism for user and system accountability. Important events, such as logins and access to\nparticular functions and data, are recorded and can be used to detect instances of non-compliant behavior and to facilitate detection of improper\ncreation, access, modification, and deletion of personal health information. Any information technology including consumer health apps should follow\nbest practices in managing an audit trail. The audit trail should maintain a record of users who have accessed what data, from where, and when. Audit\nlogs should also record any attempts to access the system from an unauthorized terminal; expired usernames or passwords that try to access the\nsystem, unusual numbers of authentication attempts, and violations of an organizations security policy.",
  "jurisdiction": [
    {
      "coding": [
        {
          "system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code": "001",
          "display": "World"
        }
      ]
    }
  ],
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.10-111",
      "label": "APU.10#111",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "[User authentication is required to access app] User authentication attempts, both successful and unsuccessful, generate an audit record."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.10-112",
      "label": "APU.10#112",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "User permissions to access, or the revocation of access, regarding smartphone/tablet device capabilities for use by the app (e.g., use of camera, location services) generate an audit record."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.10-113",
      "label": "APU.10#113",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "[App uses external devices or data sources for data collection] Pairing a device or data repository external to the app, which supplies data used by the app, generates an audit record."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.10-114",
      "label": "APU.10#114",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "[App allows for the export of data to a data repository external to the app] Any export of data from the app generates an audit record."
    }
  ]
}