| Confidentiality [2.16.840.1.113883.5.25] Description: Definition: Privacy metadata indicating the sender's sensitivity classification, which is based on an analysis of applicable privacy policies and the risk of harm that could result from unauthorized disclosure. |
|||
| Lvl- Typ | Concept Code Head Code-defined Value Set |
Print Name | Definition, Properties, Relationships |
|---|---|---|---|
| 0-S | _Confidentiality | Confidentiality |
Definition: Definition: Privacy metadata indicating the sender's sensitivity classification, which is based on an analysis of applicable privacy policies and the risk of harm that could result from unauthorized disclosure. Map: Definition aligns with ISO 7498-2:1989 - Confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Usage Note:Confidentiality codes are used as metadata indicating the receiver responsibilities to ensure that the information is not made available or redisclosed to unauthorized individuals, entities, or processes (security principals) per applicable policies. Concept Relationships: |
| 1-L | . L | low |
Definition: Definition: Privacy metadata indicating that the information has been de-identified, and there are mitigating circumstances that prevent re-identification, which minimize risk of harm from unauthorized disclosure. The information requires protection to maintain low sensitivity. Examples: Includes anonymized, pseudonymized, or non-personally identifiable information such as HIPAA limited data sets. Map: No clear map to ISO 13606-4 Sensitivity Level (1) Care Management: RECORD_COMPONENTs that might need to be accessed by a wide range of administrative staff to manage the subject of care's access to health services. Usage Note: This metadata indicates the receiver may have an obligation to comply with a data use agreement. Concept Relationships: |
| 1-L | . M | moderate |
Definition: Definition: Privacy metadata indicating moderately sensitive information, which presents moderate risk of harm if disclosed without authorization. Examples: Includes allergies of non-sensitive nature used inform food service; health information a patient authorizes to be used for marketing, released to a bank for a health credit card or savings account; or information in personal health record systems that are not governed under health privacy laws. Map: Partial Map to ISO 13606-4 Sensitivity Level (2) Clinical Management: Less sensitive RECORD_COMPONENTs that might need to be accessed by a wider range of personnel not all of whom are actively caring for the patient (e.g. radiology staff). Usage Note: This metadata indicates that the receiver may be obligated to comply with the receiver's terms of use or privacy policies. Concept Relationships: |
| 1-L | . N | normal |
Definition: Definition: Privacy metadata indicating that the information is typical, non-stigmatizing health information, which presents typical risk of harm if disclosed without authorization. Examples: In the US, this includes what HIPAA identifies as the minimum necessary protected health information (PHI) given a covered purpose of use (treatment, payment, or operations). Includes typical, non-stigmatizing health information disclosed in an application for health, workers compensation, disability, or life insurance. Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations. Usage Note: This metadata indicates that the receiver may be obligated to comply with applicable jurisdictional privacy law or disclosure authorization. Concept Relationships: |
| 1-L | . R | restricted |
Definition: Description: Privacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be preempted by jurisdictional law, e.g., for public health reporting or emergency treatment. Concept Relationships: |
| 1-L | . U | unrestricted |
Definition: Definition: Privacy metadata indicating that the information is not classified as sensitive. Examples: Includes publicly available information, e.g., business name, phone, email or physical address. Usage Note: This metadata indicates that the receiver has no obligation to consider additional policies when making access control decisions. Note that in some jurisdictions, personally identifiable information must be protected as confidential, so it would not be appropriate to assign a confidentiality code of "unrestricted" to that information even if it is publicly available. Concept Relationships: |
| 1-L | . V | very restricted |
Definition: Very restricted access as declared by the Privacy Officer of the record holder. Concept Relationships: |
| 0-A | _ConfidentialityByAccessKind | ConfidentialityByAccessKind |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: By accessing subject / role and relationship based rights (These concepts are mutually exclusive, one and only one is required for a valid confidentiality coding.) Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 1-L | . B | business |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Since the service class can represent knowledge structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to flag those items as of business level confidentiality. However, no patient related information may ever be of this confidentiality level. Deprecation Comment: Replced by ActCode.B Concept Relationships: |
| 1-L | . D | clinician |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Only clinicians may see this item, billing and administration persons can not access this item without special permission. Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 1-L | . I | individual |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Access only to individual persons who are mentioned explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code). Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 0-A | _ConfidentialityByInfoType | ConfidentialityByInfoType |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: By information type, only for service catalog entries (multiples allowed). Not to be used with actual patient data! Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 1-L | . ETH | substance abuse related |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Alcohol/drug-abuse related item Deprecation Comment:Replced by ActCode.ETH Concept Relationships: |
| 1-L | . HIV | HIV related |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: HIV and AIDS related item Deprecation Comment:Replced by ActCode.HIV Concept Relationships: |
| 1-L | . PSY | psychiatry relate |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Psychiatry related item Deprecation Comment:Replced by ActCode.PSY Concept Relationships: |
| 1-L | . SDV | sexual and domestic violence related |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Sexual assault / domestic violence related item Deprecation Comment:Replced by ActCode.SDV Concept Relationships: |
| 0-A | _ConfidentialityModifiers v:ConfidentialityModifiers |
ConfidentialityModifiers |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Modifiers of role based access rights (multiple allowed) Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 1-L | . C | celebrity |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Celebrities are people of public interest (VIP) including employees, whose information require special protection. Deprecation Comment:Replced by ActCode.CEL Concept Relationships: |
| 1-L | . S | sensitive |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Deprecation Comment:Deprecated due to updated confidentiality codes under ActCode Concept Relationships: |
| 1-L | . T | taboo |
DEPRECATED from further use in HL7 designs, effective with Vocabulary release 1126-20111214. Definition: Description: Information not to be disclosed or discussed with patient except through physician assigned to patient in this case. This is usually a temporary constraint only, example use is a new fatal diagnosis or finding, such as malignancy or HIV. Deprecation Note:Replced by ActCode.TBOO Concept Relationships: |
Last Published: 20120401 3:17 PM
HL7® Version 3 Standard, © 2012 Health Level Seven® International. All Rights Reserved.
HL7 and Health Level Seven are registered trademarks of Health Level Seven International Reg. U.S. Pat & TM Off.
Use of these materials is governed by HL7 International's IP Compliance Policy.