United States Health Information Knowledgebase

 

You are viewing the Abridged Children's EHR Format.
To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.

Results 1-45 of 45
remove Filtering Topic Area on Security and Confidentiality
MS Excel
Download as an MS Excel spreadsheet.
[Download Excel ReaderExit Disclaimer]
PDF
Download as a PDF file.
[Download PDF ReaderExit Disclaimer]
MS Word
Download as an MS Word document.
[Download Word ReaderExit Disclaimer]
Remove All Filters

sort Req ID
sort Title
sort Release Package
Release Package(s) Selected
sort Description
sort Topic Area
Topic Area(s) Selected
sort Type
Type(s) Selected
sort Critical/Core
Critical/Core(s) Selected
Req-103Care Management2013 Format
Care Management functions are those directly used by providers as they deliver patient care and create an electronic health record. The Record Management (Req-106 functions address the mechanics of creating a...
Care Management functions are those directly used by providers as they deliver patient care and create an electronic health record. The Record Management (Req-106 functions address the mechanics of creating a health record and concepts such as a single logical health record, managing patient demographics, and managing externally generated (including patient originated health data. Thereafter, The additional Care Management functions follow a fairly typical flow of patient care activities and corresponding data, starting with managing the patient history and progressing through consents, assessments, care plans, orders, results etc.

Integral to these care management activities is an underlying system foundation that maintains the privacy, security, and integrity of the captured health information - the information infrastructure of the EHR-S. Throughout the DC functions, conformance criteria formalize the relationships to Information Infrastructure functions. Criteria that apply to all Care Management functions are listed in this header (see Conformance Clause page six for discussion of "inherited" conformance criteria

In the Direct Care functions there are times when actions/activities related to "patients" are also applicable to the patient representative. Therefore, in this section, the term "patient" could refer to the patient and/or the patient's personal representative (e.g. guardian, surrogate
Show Full Text
Activity Clearance, Birth Information, Child Abuse Reporting, Child Welfare, Children with Special Healthcare Needs, EPSDT, Genetic information, Growth Data, Immunizations,...
Activity Clearance, Birth Information, Child Abuse Reporting, Child Welfare, Children with Special Healthcare Needs, EPSDT, Genetic information, Growth Data, Immunizations, Medication Management, Newborn Screening, Parents and Guardians and Family Relationship Data, Patient Identifier, Patient Portals - PHR, Prenatal Screening, Primary Care Management, Quality Measures, Registry Linkages, Security and Confidentiality, Special Terminology and Information, Specialized Scales/Scoring, Well Child/Preventive Care
Show Full Text
Headerno
Req-249Health Record Output2013 Format
STATEMENT: Support the definition of the formal health record, a partial record for referral purposes, or sets of records for other necessary disclosure purposes.
DESCRIPTION: Provide hardcopy and electronic output that fully chronicles the healthcare...
STATEMENT: Support the definition of the formal health record, a partial record for referral purposes, or sets of records for other necessary disclosure purposes.
DESCRIPTION: Provide hardcopy and electronic output that fully chronicles the healthcare process, supports selection of specific sections of the health record, and allows healthcare organizations to define the report and/or documents that will comprise the formal health record for disclosure purposes. A mechanism should be provided for both chronological and specified record element output. This may include defined reporting groups (i.e. print sets For example: Print Set A = Patient Demographics, History & Physical, Consultation Reports, and Discharge Summaries. Print Set B = all information created by one caregiver. Print Set C = all information from a specified encounter. An auditable record of these requests and associated exports may be maintained by the system. This record could be implemented in any way that would allow the who, what, why and when of a request and export to be recoverable for review. The system has the capability of providing a report or accounting of disclosures by patient that meets in accordance with scope of practice, organizational policy and jurisdictional law.
Show Full Text
Immunizations, Patient Identifier, Registry Linkages, Security and Confidentiality, Well Child/Preventive CareFunctionno
Req-250Report Generation2013 Format
STATEMENT: Support the export of data or access to data necessary for report generation and ad hoc analysis.
DESCRIPTION: Providers and administrators need access to data in the EHR-S for the generation of both standard...
STATEMENT: Support the export of data or access to data necessary for report generation and ad hoc analysis.
DESCRIPTION: Providers and administrators need access to data in the EHR-S for the generation of both standard and ad hoc reports. These reports may be needed for clinical, administrative, and financial decision-making, as well as for patient use. Reports may be based on structured data and/or unstructured text from the patient's health record.
Show Full Text
Activity Clearance, Birth Information, EPSDT, Immunizations, Patient Identifier, Registry Linkages, Security and Confidentiality, Well Child/Preventive CareHeaderno
Req-256Manage Consents and Authorizations2013 Format
STATEMENT: Create, maintain, and verify patient decisions such as informed consent for treatment and authorization/consent for disclosure when required.
DESCRIPTION: Decisions are documented and include the extent of information, verification levels and exposition of treatment...
STATEMENT: Create, maintain, and verify patient decisions such as informed consent for treatment and authorization/consent for disclosure when required.
DESCRIPTION: Decisions are documented and include the extent of information, verification levels and exposition of treatment options. This documentation helps ensure that decisions made at the discretion of the patient, family, or other responsible party govern the actual care that is delivered or withheld.
Show Full Text
Children with Special Healthcare Needs, Parents and Guardians and Family Relationship Data, Primary Care Management, Security and Confidentiality, Special Terminology...
Children with Special Healthcare Needs, Parents and Guardians and Family Relationship Data, Primary Care Management, Security and Confidentiality, Special Terminology and Information
Show Full Text
Functionno
Req-268Manage Patient History2013 Format
STATEMENT: Capture and maintain medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient-reported or externally available patient clinical history.
DESCRIPTION: The history of the current illness and patient...
STATEMENT: Capture and maintain medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient-reported or externally available patient clinical history.
DESCRIPTION: The history of the current illness and patient historical data related to previous medical diagnoses, surgeries and other procedures performed on the patient, and relevant health conditions of family members is captured through such methods as patient reporting (for example interview, medical alert band or electronic or non-electronic historical data. This data may take the form of a pertinent positive such as: "The patient/family member has had..." or a pertinent negative such as "The patient/family member has not had..." When first seen by a health care provider, patients typically bring with them clinical information from past encounters. This and similar information is captured and presented alongside locally captured documentation and notes wherever appropriate.
Show Full Text
Birth Information, Child Abuse Reporting, Child Welfare, Genetic information, Parents and Guardians and Family Relationship Data, Patient Identifier, Prenatal Screening,...
Birth Information, Child Abuse Reporting, Child Welfare, Genetic information, Parents and Guardians and Family Relationship Data, Patient Identifier, Prenatal Screening, Primary Care Management, Security and Confidentiality, Specialized Scales/Scoring, Well Child/Preventive Care
Show Full Text
Functionno
Req-274Patient Privacy and Confidentiality2013 Format
STATEMENT: Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.
DESCRIPTION: Patients' privacy and the confidentiality of...
STATEMENT: Enable the enforcement of the applicable jurisdictional and organizational patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms.
DESCRIPTION: Patients' privacy and the confidentiality of EHRs are violated if access to EHRs occurs without authorization. Violations or potential violations can impose tangible economic or social losses on affected patients, as well as less tangible feelings of vulnerability and pain. Fear of potential violations discourages patients from revealing sensitive personal information that may be relevant to diagnostic and treatment services. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions. Authorization to access the most sensitive parts of an EHR is most definitive if made by the explicit and specific consent of the patient. Please see the definition of masking in the glossary.
Show Full Text
Patient Identifier, Prenatal Screening, Security and ConfidentialityFunctionno
Req-284Measurement, Analysis, Research and Reports2013 FormatSystem supports measurement, analysis, research and reports.
Activity Clearance, Birth Information, Children with Special Healthcare Needs, EPSDT, Growth Data, Immunizations, Patient Identifier, Primary Care Management, Quality Measures,...
Activity Clearance, Birth Information, Children with Special Healthcare Needs, EPSDT, Growth Data, Immunizations, Patient Identifier, Primary Care Management, Quality Measures, Registry Linkages, Security and Confidentiality, Well Child/Preventive Care
Show Full Text
Headerno
Req-287Preferences, Directives, Consents and Authorizations2013 FormatMaintain preferences, directives, consents and authorizations.
Children with Special Healthcare Needs, Parents and Guardians and Family Relationship Data, Primary Care Management, Security and Confidentiality, Special Terminology...
Children with Special Healthcare Needs, Parents and Guardians and Family Relationship Data, Primary Care Management, Security and Confidentiality, Special Terminology and Information
Show Full Text
Headerno
Req-294Security2013 Format
STATEMENT: Secure the access to an EHR-S and EHR information. Manage the sets of access control permissions granted within an EHR-S. Prevent unauthorized use of data, data loss, tampering and destruction.

DESCRIPTION: To enforce...
STATEMENT: Secure the access to an EHR-S and EHR information. Manage the sets of access control permissions granted within an EHR-S. Prevent unauthorized use of data, data loss, tampering and destruction.

DESCRIPTION: To enforce security, all EHR-S applications must adhere to the rules established to control access and protect the privacy of EHR information. Security measures assist in preventing unauthorized use of data and protect against loss, tampering and destruction. An EHR-S must be capable of including or interfacing with standards-conformant security services to ensure that any Principal (user, organization, device, application, component, or object accessing the system or its data is appropriately authenticated, authorized and audited in conformance with local and/or jurisdictional policies.

An EHR-S should support Chains of Trust in respect of authentication, authorization, and privilege management, either intrinsically or by interfacing with relevant external services.
Show Full Text
Child Welfare, Parents and Guardians and Family Relationship Data, Patient Identifier, Patient Portals - PHR, Prenatal Screening, School-Based Linkages, Security...
Child Welfare, Parents and Guardians and Family Relationship Data, Patient Identifier, Patient Portals - PHR, Prenatal Screening, School-Based Linkages, Security and Confidentiality
Show Full Text
Headerno
Req-549Define context for principal authorization2013 FormatThe system MAY provide the ability to define context for the purpose of principal authorization based on identity, role, work assignment, present condition, location, patient consent, or patient's present conditionSecurity and ConfidentialityNormative Statementsno
Req-550Support patient consent requirements based on law2013 FormatThe system SHOULD determine the need for minor patient consent based on determination of age of majority based on jurisdictional law.Security and ConfidentialityNormative Statementsno
Req-552Determine need for minor patient consent for outside access to content2013 FormatThe system MAY determine the need for minor patient consent to permit outside access to content based on determination of age of majority within a legal jurisdiction, possibly in combination with record content to be accessed.Security and ConfidentialityNormative Statementsno
Req-553Assign parts of the EHR to another patient identifier2013 FormatThe system SHOULD provide the ability to assign parts of the electronic health record to another patient identifier and delete them permanently from the former according to organizational policy or jurisdictional law relating to protections of birth records of adoptees.Patient Identifier, Security and ConfidentialityNormative Statementsno
Req-556Document authority for consent on behalf of minors2013 FormatThe system SHALL allow for documentation of authority of foster parents or custodians to give consent on behalf of a minor patient, including unlimited number of different foster parents or custodians.Parents and Guardians and Family Relationship Data, Security and ConfidentialityNormative Statementsno
Req-557Document time restrictions on authority for consent on behalf of patient2013 FormatThe system SHALL provide the ability to document any time restrictions on the patient's guardian, foster parent or custodian's level of authority to make decisions on behalf of the patient.Parents and Guardians and Family Relationship Data, Security and ConfidentialityNormative Statementsno
Req-558Ability to document limitations on the patient's parents' level of authority2013 FormatThe system SHALL provide the ability to document limitations on the patient's parents' level of authority to make decisions on behalf of the patient or access health information about the patient.Security and ConfidentialityNormative Statementsno
Req-559Ability to document parental (guardian) notification or permission2013 FormatThe system SHALL provide the ability to document parental (guardian notification or permission for consenting minors to receive some treatments as required by institutional policy or jurisdictional law.Security and ConfidentialityNormative Statementsno
Req-573Entity Authorization.2013 Format
STATEMENT: Manage the sets of access-control permissions granted to entities that use an EHR-S (EHR-S Users
Enable EHR-S security administrators to grant authorizations to users, for roles, and within contexts. A combination of these authorization...
STATEMENT: Manage the sets of access-control permissions granted to entities that use an EHR-S (EHR-S Users
Enable EHR-S security administrators to grant authorizations to users, for roles, and within contexts. A combination of these authorization categories may be applied to control access to EHR-S functions or data within an EHR-S, including at the application or the operating system level.

DESCRIPTION: EHR S Users are authorized to use the components of an EHR-S according to their identity, role, work-assignment, location and/or the patient's present condition and the EHR S User's scope of practice within a legal jurisdiction.
- User based authorization refers to the permissions granted or denied based on the identity of an individual. An example of User based authorization is a patient defined denial of access to all or part of a record to a particular party for privacy related reasons. Another user based authorization is for a tele-monitor device or robotic access to an EHR-S for prescribed directions and other input.
- Role based authorization refers to the responsibility or function performed in a particular operation or process. Example roles include: an application or device (tele-monitor or robotic or a nurse, dietician, administrator, legal guardian, and auditor.
- Context-based Authorization is defined by ISO 10181-3 Technical Framework for Access Control Standard as security-relevant properties of the context in which an access request occurs, explicitly time, location, route of access, and quality of authentication. For example, an EHR-S might only allow supervising providers' context authorization to attest to entries proposed by residents under their supervision.
In addition to the ISO standard, context authorization for an EHR-S is extended to satisfy special circumstances such as, work assignment, patient consents and authorizations, or other healthcare-related factors. A context-based example is a patient-granted authorization to a specific third party for a limited period to view specific EHR records.
Another example is a right granted for a limited period to view those, and only those, EHR records connected to a specific topic of investigation.
Show Full Text
Security and ConfidentialityFunctionno
Req-574Patient Access Management2013 Format
STATEMENT: Enable a healthcare delivery organization to allow and manage a patient's access to the patient's personal health information.
DESCRIPTION: A healthcare delivery organization will be able to manage a patient's ability to view his...
STATEMENT: Enable a healthcare delivery organization to allow and manage a patient's access to the patient's personal health information.
DESCRIPTION: A healthcare delivery organization will be able to manage a patient's ability to view his or her EHR based on scope of practice, organization policy or jurisdictional law. Typically, a patient has the right to view his or her EHR and the right to place restrictions on who can view parts or the whole of that EHR. For example, in some jurisdictions, minors have the right to restrict access to their data by parents/guardians.
One example of managing a patient's access to his or her data is by extending user access controls to patients.
Show Full Text
Patient Portals - PHR, School-Based Linkages, Security and ConfidentialityFunctionno
Req-590Document assent for patients unable to consent2013 Format
Lorem, ipsum, dolor, sit, amet, consectetur, adipiscing, elit, Ut, egestas, dolor, nec, ipsum, luctus, non, varius, felis, blandit, Quisque, facilisis, pellentesque, nisi, Sed, rutrum, sodales, nisl, Duis, mattis, ipsum, a, laoreet, pharetra, quam, eros, porta, nisl, eget, pellentesque, augue, purus, eu, nunc
You are viewing the Abridged Children's EHR Format. To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.
Security and ConfidentialityNormative Statementsno
Req-665Mask selected EHR data2013 Format
Lorem, ipsum, dolor, sit, amet, consectetur, adipiscing, elit, Ut, egestas, dolor, nec, ipsum, luctus, non, varius, felis, blandit, Quisque, facilisis, pellentesque, nisi, Sed, rutrum, sodales, nisl, Duis, mattis, ipsum, a, laoreet, pharetra, quam, eros, porta, nisl, eget, pellentesque, augue, purus, eu, nunc
You are viewing the Abridged Children's EHR Format. To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.
Security and ConfidentialityNormative Statementsyes
Req-671Define formal health record2013 Format
Lorem, ipsum, dolor, sit, amet, consectetur, adipiscing, elit, Ut, egestas, dolor, nec, ipsum, luctus, non, varius, felis, blandit, Quisque, facilisis, pellentesque, nisi, Sed, rutrum, sodales, nisl, Duis, mattis, ipsum, a, laoreet, pharetra, quam, eros, porta, nisl, eget, pellentesque, augue, purus, eu, nunc
You are viewing the Abridged Children's EHR Format. To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.
Security and ConfidentialityNormative Statementsno
Req-718Entity Access Control2013 Format
STATEMENT: Verify and enforce access control to all EHR-S components, EHR information and functions for end-users, applications, sites, etc., to prevent unauthorized use of a resource.
DESCRIPTION: Entity Access Control is a fundamental function of...
STATEMENT: Verify and enforce access control to all EHR-S components, EHR information and functions for end-users, applications, sites, etc., to prevent unauthorized use of a resource.
DESCRIPTION: Entity Access Control is a fundamental function of an EHR-S. To ensure that access is controlled, an EHR-S must perform authentication and authorization of users or applications for any operation that requires it and enforce the system and information access rules that have been defined.
Show Full Text
Child Welfare, Parents and Guardians and Family Relationship Data, Patient Portals - PHR, Security and ConfidentialityFunctionno
Req-1007Copy and paste selected information from another medical record/chart2013 Format
The System SHALL support copying of selected information from another chart to the child's chart. Examples include copying from either biologic parent for genetic information, or the maternal chart for prenatal information. This copying SHALL...
The System SHALL support copying of selected information from another chart to the child's chart. Examples include copying from either biologic parent for genetic information, or the maternal chart for prenatal information. This copying SHALL support suppression of the maternal identity in cases that require parental confidentiality (e.g. voluntary surrender for adoption, or removal from the mother's care for other reasons
Show Full Text
Birth Information, Genetic information, Patient Identifier, Prenatal Screening, Security and ConfidentialityNormative Statementsno
Req-1094Personal Health Record Access2013 Format
A personal health record (PHR for children is a significantly complex issue, but one that must have a perfunctory overview in the child EHR specifications. The PHR allows a person, in this case child or...
A personal health record (PHR for children is a significantly complex issue, but one that must have a perfunctory overview in the child EHR specifications. The PHR allows a person, in this case child or parent, to view their clinical history as aggregated from many sources and must be compliant with the appropriate statutes (federal, state and local In addition to the viewing of their history, users of a PHR can enter their own data as they deem pertinent. These data can range from social history to over the counter medications.

The PHR should be accessible by the child, parents, guardians, caregivers and other consumers to enable assessment of compliance with school or leisure activity requirements. This multiple person access requirements must be managed within legal and appropriate security constraints.
Show Full Text
Patient Portals - PHR, School-Based Linkages, Security and ConfidentialityFunctionno
Req-1095Transferrable access authority2013 FormatThe system SHALL provide a mechanism to enable access control that allows a transferrable access authority.Patient Portals - PHR, School-Based Linkages, Security and ConfidentialityNormative Statementsno
Req-1212Document decision-making authority of patient representative2013 Format
Lorem, ipsum, dolor, sit, amet, consectetur, adipiscing, elit, Ut, egestas, dolor, nec, ipsum, luctus, non, varius, felis, blandit, Quisque, facilisis, pellentesque, nisi, Sed, rutrum, sodales, nisl, Duis, mattis, ipsum, a, laoreet, pharetra, quam, eros, porta, nisl, eget, pellentesque, augue, purus, eu, nunc
You are viewing the Abridged Children's EHR Format. To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.
Security and ConfidentialityNormative Statementsno
Req-1244Legal confidentiality requirements for minors2013 FormatThe system SHALL enable users to implement all applicable confidentiality rules regarding health information of minors; note that these rules exist at more than one level, e.g., National and StateSecurity and ConfidentialityNormative Statementsno
Req-1245Multiple and flexible models of consent2013 FormatMultiple and flexible models of consentSecurity and ConfidentialityFunctionno
Req-1246Separate consent, assent and permission2013 FormatThe system SHALL support the recording of consent, assent, and permission as separate artifacts.Security and ConfidentialityNormative Statementsno
Req-1247Emergency consent documentation2013 FormatThe system SHALL record/document the appropriate data associated with emergency consent, i.e., consent when consent from parents or legal guardians cannot be obtained.Security and ConfidentialityNormative Statementsno
Req-1248Time stamp consent to guardianship2013 FormatThe system SHOULD record the date and time of consent to guardianship when transferred from biological relationship, e.g., mother, father, or kinships, foster or custodial care, or proxy.Security and ConfidentialityNormative Statementsno
Req-1249Problem-specific age of consent2013 FormatThe system SHALL record the age of consent for specific problems and/or diagnosis.Security and ConfidentialityNormative Statementsno
Req-1250Age of emancipation2013 FormatThe system SHOULD record the patient's age of emancipation.Security and ConfidentialityNormative Statementsno
Req-1251Education of adolescents regarding legal protections2013 FormatThe system SHOULD support documentation of adolescent's education regarding legal protections of health data for adolescents.Security and ConfidentialityNormative Statementsno
Req-1252User guidance based on age of consent2013 FormatThe system MAY provide user guidance based on patient age for consent and assent according to organizational policy or jurisdictional law.Security and ConfidentialityNormative Statementsno
Req-1253Adolescent permission for parental information access2013 FormatThe system SHOULD support the documentation of adolescent patient permission to release information to parents and/or guardians.Security and ConfidentialityNormative Statementsno
Req-1254Segmented access to information2013 FormatThe system SHALL have the ability to segment health care data and provide views of the record that correspond to granular authorizations as to data-type, user, and/or purpose, as provided by the parent/guardian and/or the minor, as relevant.Security and ConfidentialityNormative Statementsno
Req-2008Ability to document parental (guardian) notification or permission2015 Priority ListThe system shall provide the ability to document parental (guardian notification or permission for consenting minors to receive some treatments as required by institutional policy or jurisdictional law.Security and Confidentiality, Parents and Guardians and Family Relationship DataNormative Statementyes
Req-2026Transferrable access authority2015 Priority ListThe system shall provide a mechanism to enable access control that allows a transferrable access authority, e.g., to address change in guardian, child reaching age of maturity, etc..Patient Portals - PHR, Security and Confidentiality, School-Based LinkagesNormative Statementyes
Req-2030Document decision-making authority of patient representative2015 Priority List
Lorem, ipsum, dolor, sit, amet, consectetur, adipiscing, elit, Ut, egestas, dolor, nec, ipsum, luctus, non, varius, felis, blandit, Quisque, facilisis, pellentesque, nisi, Sed, rutrum, sodales, nisl, Duis, mattis, ipsum, a, laoreet, pharetra, quam, eros, porta, nisl, eget, pellentesque, augue, purus, eu, nunc
You are viewing the Abridged Children's EHR Format. To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.
Security and ConfidentialityNormative Statementyes
Req-2038Separate consent, assent and permission2015 Priority ListThe system shall support the recording of consent, assent, and permission as separate artifacts.Security and Confidentiality, Parents and Guardians and Family Relationship DataNormative Statementyes
Req-2039Problem-specific age of consent2015 Priority ListThe system shall provide the ability to access legal guidelines on consent requirements for reference, where available, and to record the age of consent for a specific treatment when these differ based on legal guidelines.Security and ConfidentialityNormative Statementyes
Req-2040Age of emancipation2015 Priority ListThe system shall provide the ability to record the patient's emancipated minor status.Security and ConfidentialityNormative Statementyes
Req-2041Segmented access to information2015 Priority ListThe system shall provide users the ability to segment health care data in order to keep information about minor consent services private and distinct from other content of the record, such that it is not exposed to parents/guardians without the minor’s authorization.Security and ConfidentialityNormative Statementyes
Scroll To Top