| Package | hl7.fhir.uv.cmhaffr2 |
| Type | Requirements |
| Id | CMHAFFR2-APU.4 |
| FHIR Version | R5 |
| Source | http://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-APU.4.html |
| URL | http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4 |
| Version | 2.0.1 |
| Status | active |
| Date | 2025-05-28T08:01:49+00:00 |
| Name | APU_4_Security_for_Data_at_Rest_and_in_Transport |
| Title | APU.4 Security for Data at Rest and in Transport (Header) |
| Realm | uv |
| Authority | hl7 |
| Description | This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations. |
No resources found
No resources found
Note: links and images are rebased to the (stated) source
This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the consumer’s device(s) and other locations.
| APU.4#83 | SHALL |
PHI and PII stored on a smartphone is stored as encrypted values. |
| APU.4#84 | SHALL |
PHI and PII stored by the mobile app on any external server is stored as encrypted values. |
| APU.4#85 | SHALL |
Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app. |
| APU.4#86 | SHOULD |
Improve and/or upgrade encryption cipher and suites to match evolving best practices. |
| APU.4#87 | SHALL |
PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values. |
FHIR{
"resourceType": "Requirements",
"id": "CMHAFFR2-APU.4",
"meta": {
"profile": [
"http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
]
},
"text": {
"status": "extensions",
"div": "<!-- snip (see above) -->"
},
"extension": [
{
"url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode": "mobile"
}
],
"url": "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-APU.4",
"version": "2.0.1",
"name": "APU_4_Security_for_Data_at_Rest_and_in_Transport",
"title": "APU.4 Security for Data at Rest and in Transport (Header)",
"status": "active",
"date": "2025-05-28T08:01:49+00:00",
"publisher": "HL7 International / Mobile Health",
"contact": [
{
"telecom": [
{
"system": "url",
"value": "http://www.hl7.org/Special/committees/mobile"
}
]
}
],
"description": "This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s\ndevices or elsewhere (e.g., in cloud-based servers for an app). It also provides assurance that consumer data is secure when it is moved between the\nconsumer’s device(s) and other locations.",
"jurisdiction": [
{
"coding": [
{
"system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code": "001",
"display": "World"
}
]
}
],
"statement": [
{
"extension": [
{
"url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean": false
}
],
"key": "CMHAFFR2-APU.4-83",
"label": "APU.4#83",
"conformance": [
"SHALL"
],
"conditionality": false,
"requirement": "PHI and PII stored on a smartphone is stored as encrypted values."
},
{
"extension": [
{
"url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean": false
}
],
"key": "CMHAFFR2-APU.4-84",
"label": "APU.4#84",
"conformance": [
"SHALL"
],
"conditionality": false,
"requirement": "PHI and PII stored by the mobile app on any external server is stored as encrypted values."
},
{
"extension": [
{
"url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean": false
}
],
"key": "CMHAFFR2-APU.4-85",
"label": "APU.4#85",
"conformance": [
"SHALL"
],
"conditionality": false,
"requirement": "Unless PHI and PII has been transmitted to a data set maintained by a Health Plan or Health Provider, the account holder can delete information collected through the app, including data generated by a device associated with the app."
},
{
"extension": [
{
"url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean": false
}
],
"key": "CMHAFFR2-APU.4-86",
"label": "APU.4#86",
"conformance": [
"SHOULD"
],
"conditionality": false,
"requirement": "Improve and/or upgrade encryption cipher and suites to match evolving best practices."
},
{
"extension": [
{
"url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
"valueBoolean": false
}
],
"key": "CMHAFFR2-APU.4-87",
"label": "APU.4#87",
"conformance": [
"SHALL"
],
"conditionality": false,
"requirement": "PHI and PII transmitted between an app and an external data source, including data generated through a device associated with the app, are transmitted as encrypted values."
}
]
}