FHIR © HL7.org  |  Server Home  |  XIG Home  |  Server Source  |  FHIR  

FHIR IG Statistics: Requirements/CMHAFFR2-APU.4

Packagehl7.fhir.uv.cmhaffr2
TypeRequirements
IdCMHAFFR2-APU.4
FHIR VersionR5
Sourcehttp://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-APU.4.html
URLhttp://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4
Version2.0.1
Statusactive
Date2025-05-28T08:01:49+00:00
NameAPU_4_Security_for_Data_at_Rest_and_in_Transport
TitleAPU.4 Security for Data at Rest and in Transport (Header)
Realmuv
Authorityhl7
DescriptionThis category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations.

Resources that use this resource

No resources found


Resources that this resource uses

No resources found


Narrative

Note: links and images are rebased to the (stated) source

Statement N:

This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations.

Criteria N:
APU.4#83 SHALL

PHI and PII stored on a smartphone is stored as encrypted values.

APU.4#84 SHALL

PHI and PII stored by the mobile app on any external server is stored as encrypted values.

APU.4#85 SHALL

Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app.

APU.4#86 SHOULD

Improve and/or upgrade encryption cipher and suites to match evolving best practices.

APU.4#87 SHALL

PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values.


Source

{
  "resourceType": "Requirements",
  "id": "CMHAFFR2-APU.4",
  "meta": {
    "profile": [
      "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "mobile"
    }
  ],
  "url": "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4",
  "version": "2.0.1",
  "name": "APU_4_Security_for_Data_at_Rest_and_in_Transport",
  "title": "APU.4 Security for Data at Rest and in Transport (Header)",
  "status": "active",
  "date": "2025-05-28T08:01:49+00:00",
  "publisher": "HL7 International / Mobile Health",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/mobile"
        }
      ]
    }
  ],
  "description": "This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.",
  "jurisdiction": [
    {
      "coding": [
        {
          "system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code": "001",
          "display": "World"
        }
      ]
    }
  ],
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.4-83",
      "label": "APU.4#83",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "PHI and PII stored on a smartphone is stored as encrypted values."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.4-84",
      "label": "APU.4#84",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "PHI and PII stored by the mobile app on any external server is stored as encrypted values."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.4-85",
      "label": "APU.4#85",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.4-86",
      "label": "APU.4#86",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": false,
      "requirement": "Improve and/or upgrade encryption cipher and suites to match evolving best practices."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-APU.4-87",
      "label": "APU.4#87",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values."
    }
  ]
}