Proposed Wording: Add something like: "In case a resource is deleted., a record of Provenance will attest to that change. Only authorized systems/user (i.e. the system/user responsible for its "authorship" according the related "Provenance" record) will be allowed to "delete".

Comment:

This operation needs additional explicit caveats to protect unauthorized "delete" especially if the resource is expected to be remove. The only record of its existence should be "Provenance.

We need to explain precisely how the security guidance should be applied to this *specific" operation including the use of Consent and Provenance to make access control decisions. (http://hl7.org/fhir/2015May/security.html) including consent to make sure only authorized systems an users are viewing, changing, updating, or reviewing the update history of a resource.