cda Confidentiality Security Observation

[Observation: templateId 2.16.840.1.113883.3.445.12]

This template is constrains the Security Observation to specify a
          "confidentiality code". This template reuses the SecurityObservation
          implementing the HL7 Healthcare Security Classification (HCS) standard.

Contained By Contains
Privacy Annotation Template  
  1. SHALL contain exactly one [1..1] templateId ( CONF-CD-12 ) such that it
    1. SHALL contain exactly one [1..1] @root="2.16.840.1.113883.3.445.12"
  2. SHALL conform to cda Security Observation template (templateId: 2.16.840.1.113883.3.445.21) (CONF:16824)
  3. SHALL contain exactly one [1..1] code (CONF:14841)/@code="SECCLASSOBS" Security Category (CodeSystem: 2.16.840.1.113883.1.11.20457 SecurityObservationTypeCodeSystem) (CONF:14888)
    • Type of security metadata observation made about the category of an IT resource
                  (data, information object, service, or system capability), which may be used to make
                  access control decisions. Security category metadata is defined by ISO/IEC
                  2382-8:1998(E/F)/ T-REC-X.812-1995 as: "A non hierarchical grouping of
                  sensitive information used to control access to data more finely than with hierarchical
                  security classification alone."    Rationale: A security
                  category observation supports requirement to specify the type of IT resource to
                  facilitate application of appropriate levels of information security according to a
                  range of levels of impact or consequences that might result from the unauthorized
                  disclosure, modification, or use of the information or information system. A resource is
                  assigned to a specific category of information (e.g., privacy, medical, proprietary,
                  financial, investigative, contractor sensitive, security management) defined by an
                  organization or in some instances, by a specific law, Executive Order, directive,
                  policy, or regulation. [FIPS 199]

  4. SHALL contain exactly one [1..1] value (CONF:9074), where the @code SHALL be selected from (CodeSystem: 2.16.840.1.113883.5.25 ConfidentialityCode) (CONF:16825)
    • This value is extended beyond the BasicConfidentialityKind to allow for all the
                  codes associated with confidentiality levels.

cda Confidentiality Security Observation example

    observation classCode="OBS" moodCode="EVN">
    <!-- Security Observation -->
    <templateId root="2.16.840.1.113883.3.445.21"
        assigningAuthorityName="HL7 CBCC"/>
    <!--  Confidentiality Code template -->
    <templateId root="2.16.840.1.113883.3.445.12"
        assigningAuthorityName="HL7 CBCC"/>
    <!-- Confidentiality Security Observation - the only mandatory element of a Privacy Annotation -->
    <code code="SECCLASSOBS"
        displayName="Security Classification"
        codeSystemName="HL7 SecurityObservationTypeCodeSystem"/>
    <!-- value set constrained to "2.16.840.1.113883.1.11.16926" -->
    <value xsi:type="CE" code="R"
        <originalText>Restricted Confidentiality</originalText>