HL7_IG_DS4P_R1_CH1_CONTENT

cda Privacy Annotation

[Organizer: templateId 2.16.840.1.113883.3.3251.1.4]

The CDA privacy annotation is a set of security observations that allow for
          specific  privacy metadata to be identified and assigned to any entry in a
          document if that entry  overrides or constrains in any way the overall
          confidentiality of the document or section  or specifies. For instance if a
          document is identified as "Restricted"  but a specific entry is
          of "Normal" confidentiality, a specific  SecurityObservation
          will be used to set the confidentiality of that entry to
          "Normal". Similarly if an entry has additional security handling
          or  obligations, they may be added using this template to the appropriate
          entry.    The privacy annotation may contain up to three security
          observations to  represent confidentiality, purpose of use, obligation, and
          refrain policies. Privacy annotations are applied by the senders and processed by the
          receiver(s) of the information.

  1. SHALL contain exactly one [1..1] templateId ( CONF-DS4P-4 ) such that it
    1. SHALL contain exactly one [1..1] @root="2.16.840.1.113883.3.3251.1.4"
  2. SHALL contain exactly one [1..1] @classCode="CLUSTER" (CodeSystem: 2.16.840.1.113883.5.6 HL7ActClass) (CONF:16829)
    • This is a fixed class code for all privacy annotation sets.

  3. SHALL contain exactly one [1..1] @moodCode="EVN" Event (CodeSystem: 2.16.840.1.113883.5.1001 HL7ActMood) (CONF:16830)
    • "DEF" is the default since this is a privacy annotation definition
                  applied to a clinical statement in a section entry.

  4. SHALL contain [1..1] component (CONF:16796)
    • The privacy annotation may contain up to three security observations to represent
                  confidentiality, purpose of use, obligation, and refrain policies. The confidentiality
                  is a mandatory component of the PrivacyAnnotation. The confidentialityCode shall be
                  assigned by the provider or system in accordance with jurisdictional , and
                  organizational policy. To support scenarios within the use case, there will need to be
                  some level of organizational policy hierarchy or a policy catalog at some point in the
                  future that would specify how a system would assign confidentiality codes to particular
                  data.   Prior to any disclosure, the sending system shall be capable of
                  executing stored procedures based upon request type, destination authorizations,
                  environmental factors and confidentiality codes to perform privacy enhancing functions
                  of marking, masking, redaction, anonymization and application of handling
                instructions

    1. Contains exactly one [1..1] cda Confidentiality Security Observation (templateId: 2.16.840.1.113883.3.445.12)
  5. MAY contain [0..*] component (CONF:9053)
    • Zero or more obligation policies may be specified for specific clinical statement in
                  a PrivacyAnnotation.

    1. Contains exactly one [1..1] cda Obligation Policy Security Observation (templateId: 2.16.840.1.113883.3.445.14)
  6. MAY contain [0..*] component (CONF:14889)
    • Zero or more refrain policies may be specified for specific clinical statement in a
                  PrivacyAnnotation.

    1. Contains exactly one [1..1] cda Refrain Policy Security Observation (templateId: 2.16.840.1.113883.3.445.23)
  7. MAY contain [0..*] component (CONF:14890)
    • Zero or more purpose of use qualifiers may be specified for specific clinical
                  statement in a PrivacyAnnotation.

    1. Contains exactly one [1..1] cda Purpose Of Use Security Observation (templateId: 2.16.840.1.113883.3.445.22)
  8. SHALL contain exactly one [1..1] statusCode (CONF:9054)/@code="active" Active (CodeSystem: 2.16.840.1.113883.5.14 ActStatus) (CONF:16831)
    • Default "active" status.

cda Privacy Annotation example

    
     <organizer classCode="CLUSTER" moodCode="EVN">
        <!-- Privacy Annotations are organized using template "2.16.840.1.113883.3.3251.1.4" -->
        <templateId root="2.16.840.1.113883.3.3251.1.4"
            assigningAuthorityName="HL7 Security"/>
        <statusCode code="active"/>
        <component typeCode="COMP">
            
        </component>
        <component typeCode="COMP">
            <observation classCode="OBS" moodCode="EVN">
                <!-- Security Observation -->
                <templateId root="2.16.840.1.113883.3.445.21"
                    assigningAuthorityName="HL7 CBCC"/>
                <!--  Obligation Policy Code template -->
                <templateId root="2.16.840.1.113883.3.445.14"
                    assigningAuthorityName="HL7 CBCC"/>
                <code code="SECCONOBS" codeSystem="2.16.840.1.113883.1.11.20457"
                    displayName="Security Classification"
                    codeSystemName="HL7 SecurityObservationTypeCodeSystem"/>
                <!-- Value set constraint "2.16.840.1.113883.1.11.20445" -->
                <value xsi:type="CE" code="ENCRYPT"
                    codeSystem="2.16.840.1.113883.5.1063"
                    codeSystemName="SecurityObservationValueCodeSystem"
                    displayName="Encrypt information">
                    <originalText>Information must be encrypted</originalText>
                </value>
            </observation>
        </component>
        <component typeCode="COMP">
            <observation classCode="OBS" moodCode="EVN">
                <!-- Security Observation -->
                <templateId root="2.16.840.1.113883.3.445.21"
                    assigningAuthorityName="HL7 CBCC"/>
                <!--  Refrain Policy Code template -->
                <templateId root="2.16.840.1.113883.3.445.23"
                    assigningAuthorityName="HL7 CBCC"/>
                <code code="SECCONOBS" codeSystem="2.16.840.1.113883.1.11.20457"
                    displayName="Security Classification"
                    codeSystemName="HL7 SecurityObservationTypeCodeSystem"/>
                <!-- Value set constraint "2.16.840.1.113883.1.11.20446" -->
                <value xsi:type="CE" code="NORDSLCD"
                    codeSystem="2.16.840.1.113883.5.1063"
                    codeSystemName="SecurityObservationValueCodeSystem"
                    displayName="Prohibition on redisclosure without patient consent directive">
                    <originalText>Prohibition on redisclosure without patient
                        consent directive</originalText>
                </value>
            </observation>
        </component>
        <component typeCode="COMP">
            <observation classCode="OBS" moodCode="EVN">
                <!-- Security Observation -->
                <templateId root="2.16.840.1.113883.3.445.21"
                    assigningAuthorityName="HL7 CBCC"/>
                <!--  Purpose Of Use Code template -->
                <templateId root="2.16.840.1.113883.3.445.22"
                    assigningAuthorityName="HL7 CBCC"/>
                <code code="SECCONOBS" codeSystem="2.16.840.1.113883.1.11.20457"
                    displayName="Security Classification"
                    codeSystemName="HL7 SecurityObservationTypeCodeSystem"/>
                <!-- Value set constraint "2.16.840.1.113883.1.11.20448" -->
                <value xsi:type="CE" code="TREAT"
                    codeSystem="2.16.840.1.113883.5.1063"
                    codeSystemName="SecurityObservationValueCodeSystem"
                    displayName="Treatment">
                    <originalText>Information intended for
                        treatment</originalText>
                </value>
            </observation>
        </component>
    </organizer>