FHIR © HL7.org  |  Server Home  |  XIG Home  |  Server Source  |  FHIR  

FHIR IG Statistics: Requirements/CMHAFFR2-AST.1

Packagehl7.fhir.uv.cmhaffr2
TypeRequirements
IdCMHAFFR2-AST.1
FHIR VersionR5
Sourcehttp://hl7.org/fhir/uv/cmhaffr2/https://build.fhir.org/ig/HL7/cmhaff-ig/Requirements-CMHAFFR2-AST.1.html
URLhttp://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-AST.1
Version2.0.1
Statusactive
Date2025-05-28T08:01:49+00:00
NameAST_1_App_and_Data_Removal
TitleAST.1 App and Data Removal (Header)
Realmuv
Authorityhl7

Resources that use this resource

No resources found

Resources that this resource uses

No resources found

Narrative

Note: links and images are rebased to the (stated) source

Statement N:
Criteria N:
AST.1#115 SHALL

An app Account Holder can remove an app from a mobile device at any time.
AST.1#116 SHALL

An app Account Holder is informed of the consequences of removing the app (e.g., loss of locally-stored data) from a smartphone and given an opportunity to confirm the removal of the app before the app is removed.
AST.1#117 SHALL

An app Account Holder can close an associated account or data store associated with the app.
AST.1#118 SHALL

An app Account Holder is informed of the consequences of deleting the account and is given an opportunity to confirm closing the account before it is closed.
AST.1#119 SHALL

The user shall be informed that data that was part of the account may have been transmitted to other systems, outside of the account itself, and may persist. For example, suppose the user collects device data in an app, and transmits that data to an EHR which stores it as PGHD. In this case, the user shall be informed that deleting the account may not delete the data that is now in the EHR.
AST.1#120 SHOULD

Before closing an app account, the account holder can download data generated by the account holder or a proxy subject of the account holder to a data set under the full control of the account holder (data portability).
AST.1#121 SHALL

[The device permits remote or external access to device data] Any PHI or PII stored on a device can be wiped remotely by the account holder without deleting the account which is related to the wiped data.
AST.1#122 SHOULD

Clear criteria are set and communicated to the user regarding the deletion of data, including automatic deletion if the user has not used the app for a specified period.

Source

{
  "resourceType": "Requirements",
  "id": "CMHAFFR2-AST.1",
  "meta": {
    "profile": [
      "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/FMHeader"
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "extension": [
    {
      "url": "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode": "mobile"
    }
  ],
  "url": "http://hl7.org/fhir/uv/cmhaffr2/Requirements/CMHAFFR2-AST.1",
  "version": "2.0.1",
  "name": "AST_1_App_and_Data_Removal",
  "title": "AST.1 App and Data Removal (Header)",
  "status": "active",
  "date": "2025-05-28T08:01:49+00:00",
  "publisher": "HL7 International / Mobile Health",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/mobile"
        }
      ]
    }
  ],
  "jurisdiction": [
    {
      "coding": [
        {
          "system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code": "001",
          "display": "World"
        }
      ]
    }
  ],
  "statement": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-115",
      "label": "AST.1#115",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "An app Account Holder can remove an app from a mobile device at any time."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-116",
      "label": "AST.1#116",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "An app Account Holder is informed of the consequences of removing the app (e.g., loss of locally-stored data) from a smartphone and given an opportunity to confirm the removal of the app before the app is removed."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-117",
      "label": "AST.1#117",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "An app Account Holder can close an associated account or data store associated with the app."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-118",
      "label": "AST.1#118",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "An app Account Holder is informed of the consequences of deleting the account and is given an opportunity to confirm closing the account before it is closed."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-119",
      "label": "AST.1#119",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "The user shall be informed that data that was part of the account may have been transmitted to other systems, outside of the account itself, and may persist. For example, suppose the user collects device data in an app, and transmits that data to an EHR which stores it as PGHD. In this case, the user shall be informed that deleting the account may not delete the data that is now in the EHR."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-120",
      "label": "AST.1#120",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": false,
      "requirement": "Before closing an app account, the account holder can download data generated by the account holder or a proxy subject of the account holder to a data set under the full control of the account holder (data portability)."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-121",
      "label": "AST.1#121",
      "conformance": [
        "SHALL"
      ],
      "conditionality": false,
      "requirement": "[The device permits remote or external access to device data] Any PHI or PII stored on a device can be wiped remotely by the account holder without deleting the account which is related to the wiped data."
    },
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/uv/cmhaffr2/StructureDefinition/requirements-dependent",
          "valueBoolean": false
        }
      ],
      "key": "CMHAFFR2-AST.1-122",
      "label": "AST.1#122",
      "conformance": [
        "SHOULD"
      ],
      "conditionality": false,
      "requirement": "Clear criteria are set and communicated to the user regarding the deletion of data, including automatic deletion if the user has not used the app for a specified period."
    }
  ]
}