Existing Wording: Definition

A set of Security-Tag codes specifying the level of privacy/security of the Document.

Control 0..*

Binding HCS: Extensible: See http://hl7.org/fhir/vs/security-labels (Healthcare Privacy and Security Classification System)

Type CodeableConcept

Requirements

Use of the Health Care Privacy/Security Classification (HCS) system of security-tag use is recommended.

The confidentiality codes can carry multiple vocabulary items. HL7 has developed an understanding of security and privacy tags that might be desirable in a Document Sharing environment, called HL7 Healthcare Privacy and Security Classification System (HCS). The following specification is recommended but not mandated, as the vocabulary bindings are an administrative domain responsibility. The use of this method is up to the policy domain such as the XDS Affinity Domain or other Trust Domain where all parties including sender and recipients are trusted to appropriately tag and enforce. • [1…1] Confidentiality Security Classification Label Field • [0…] Sensitivity Security Category Label Field • [0…] Compartment Security Category Label Field • [0…] Integrity Security Category Label Field • [0…] Handling Caveat Security Category Field In the HL7 Healthcare Privacy and Security Classification System In the HL7 Healthcare Privacy and Security Classification (HCS) there are code systems specific to Confidentiality, Sensitivity, Integrity, and Handling Caveats. Some values would come from a local vocabulary as they are related to workflow roles and special projects.

Proposed Wording: Requirements - Use of the Health Care Privacy/Security Classification System (HCS) Security Classification Label is required and must be the same code that is required to be used on the header of the CDA Document being referenced. The Confidentiality codes that value the Security Classification Label are the complete hierarchical set of security classification levels ranging from the lowest non-classified level to the most classified level. These levels indicate the clearance or level of the "need to know" that an authorized requester must have in order to access this information.

Comments - Confidentiality codes convey security classifications used to permit or restrict access without revealing the specific sensitivities of the referenced document or other artifact. No other Security Labels should be used in this context including the Sensitivity, Compartment, Integrity, Handling Caveat Categories or the Privacy Policy codes as these reveal the security clearance attributes that a requester must be able to claim or they indicate the sensitivity of information that only authorized user are permitted to access.

Once access is granted to the reference document/artifact, an authorized user can access the other Security Labels used to convey governing privacy policies, information sensitivity, integrity of the information, and handling instructions such as permissible purposes of use, and any obligations or refrain policies with which the user must comply.

Requirements - Use of the Health Care Privacy/Security Classification System (HCS) Security Classification Label is required and must be the same code that is required to be used on the header of the CDA Document being referenced. The Confidentiality codes that value the Security Classification Label are the complete hierarchical set of security classification levels ranging from the lowest non-classified level to the most classified level. These levels indicate the clearance or level of the "need to know" that an authorized requester must have in order to access this information.

Comments - Confidentiality codes convey security classifications used to permit or restrict access without revealing the specific sensitivities of the referenced document or other artifact. No other Security Labels should be used in this context including the Sensitivity, Compartment, Integrity, Handling Caveat Categories or the Privacy Policy codes as these reveal the security clearance attributes that a requester must be able to claim or they indicate the sensitivity of information that only authorized user are permitted to access.

Once access is granted to the reference document/artifact, an authorized user can access the other Security Labels used to convey governing privacy policies, information sensitivity, integrity of the information, and handling instructions such as permissible purposes of use, and any obligations or refrain policies with which the user must comply.

Comment:

The DocumentReference.confidentiality element is munging the purpose of a confidentiality security label used in reference metadata with the use of security labels on referenced content for purposes of data segmentation, access control, receiver's policy compliance with permitted uses, and user's obligations,prohibitions, and privacy marking handling instructions.