HL7 Terminology (THO)
5.5.0 - Publication International flag

This page is part of the HL7 Terminology (v5.5.0: Release) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

: Confidentiality - XML Representation

Active as of 2023-05-30

Raw xml | Download



<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="v3-Confidentiality"/>
  <language value="en"/>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><p><b>Properties</b></p><p><b>This code system  defines the following properties for its concepts</b></p><table class="grid"><tr><td><b>Code</b></td><td><b>URI</b></td><td><b>Type</b></td><td><b>Description</b></td></tr><tr><td>Specializes</td><td/><td>Coding</td><td>The child code is a more narrow version of the concept represented by the parent code.  I.e. Every child concept is also a valid parent concept.  Used to allow determination of subsumption.  Must be transitive, irreflexive, antisymmetric.</td></tr><tr><td>Generalizes</td><td/><td>Coding</td><td>Inverse of Specializes.  Only included as a derived relationship.</td></tr><tr><td>internalId</td><td>http://terminology.hl7.org/CodeSystem/utg-concept-properties#v3-internal-id</td><td>code</td><td>The internal identifier for the concept in the HL7 Access database repository.</td></tr><tr><td>status</td><td>http://hl7.org/fhir/concept-properties#status</td><td>code</td><td>A property that indicates the status of the concept. One of active, experimental, deprecated, or retired.</td></tr><tr><td>deprecationDate</td><td>http://hl7.org/fhir/concept-properties#deprecationDate</td><td>dateTime</td><td>The date at which a concept was deprecated. Concepts that are deprecated but not inactive can still be used, but their use is discouraged.</td></tr><tr><td>notSelectable</td><td>http://hl7.org/fhir/concept-properties#notSelectable</td><td>boolean</td><td>Indicates that the code is abstract - only intended to be used as a selector for other concepts</td></tr></table><p><b>Concepts</b></p><p>This case-sensitive code system <code>http://terminology.hl7.org/CodeSystem/v3-Confidentiality</code> defines the following codes in a Is-A heirarchy:</p><table class="codes"><tr><td><b>Lvl</b></td><td style="white-space:nowrap"><b>Code</b></td><td><b>Display</b></td><td><b>Definition</b></td><td><b>internalId</b></td><td><b>status</b></td><td><b>Not Selectable</b></td></tr><tr><td>1</td><td style="white-space:nowrap">_Confidentiality<a name="v3-Confidentiality-_Confidentiality"> </a></td><td>Confidentiality</td><td><div><p>A specializable code and its leaf codes used in Confidentiality value sets to value the Act.Confidentiality and Role.Confidentiality attribute in accordance with the definition for concept domain &quot;Confidentiality&quot;.</p>
</div></td><td>23320</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  L<a name="v3-Confidentiality-L"> </a></td><td>low</td><td><div><p>Privacy metadata indicating that a low level of protection is required to safeguard personal and healthcare information, which has been altered in such a way as to minimize the need for confidentiality protections with some residual risks associated with re-linking. The risk of harm to an individual's reputation and sense of privacy if disclosed without authorization is considered negligible, and mitigations are in place to address reidentification risk.</p>
<p><em>Usage Note:</em></p>
<p>The level of protection afforded anonymized and pseudonymized, and non-personally identifiable information (e.g., a limited data set) is dictated by privacy policies and data use agreements intended to engender trust that health information can be used and disclosed with little or no risk of re-identification.</p>
<p><strong>Example:</strong> Personal and healthcare information, which excludes 16 designated categories of direct identifiers in a HIPAA Limited Data Set. This information may be disclosed by HIPAA Covered Entities without patient authorization for a research, public health, and operations purposes if conditions are met, which includes obtaining a signed data use agreement from the recipient. See 45 CFR Section 164.514.</p>
<p>This metadata indicates that the receiver may have an obligation to comply with a data use agreement with the discloser. The discloser may have obligations to comply with policies dictating the methods for de-identification.</p>
<p>Confidentiality code total order hierarchy: Low (L) is less protective than <em>V, R, N,</em> and <em>M</em>, and subsumes <em>U</em>.</p>
</div></td><td>10234</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  M<a name="v3-Confidentiality-M"> </a></td><td>moderate</td><td><div><p>Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a moderate risk of harm to an individual's reputation and sense of privacy.</p>
<p><em>Usage Note:</em> The level of protection afforded moderately confidential information is dictated by privacy policies intended to engender trust in a service provider. May include publicly available information in jurisdictions that restrict uses of that information without the consent of the data subject.</p>
<p>Privacy policies mandating moderate levels of protection, which preempt less protective privacy policies. &quot;Moderate&quot; confidentiality policies differ from and would be preempted by the prevailing privacy policies mandating the normative level of protection for information used in the delivery and management of healthcare.</p>
<p>Confidentiality code total order hierarchy: Moderate (M) is less protective than <em>V, R, and N</em>, and subsumes all other protection levels (i.e., <em>L</em> and <em>U</em>).</p>
<p><strong>Examples:</strong> Includes personal and health information that an individual authorizes to be collected, accessed, used or disclosed to a bank for a health credit card or savings account; to health oversight authorities; to a hospital patient directory; to worker compensation, disability, property and casualty or life insurers; and to personal health record systems, consumer-controlled devices, social media accounts and online Apps; or for marketing purposes</p>
</div></td><td>23322</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  N<a name="v3-Confidentiality-N"> </a></td><td>normal</td><td><div><p>Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a considerable risk of harm to an individual's reputation and sense of privacy.</p>
<p><em>Usage Note:</em> The level of protection afforded normatively confidential information is dictated by the prevailing normative privacy policies, which are intended to engender patient trust in their healthcare providers.</p>
<p>Privacy policies mandating normative levels of protection, which preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment).</p>
<p>Confidentiality code total order hierarchy: Normal (N) is less protective than <em>V</em> and <em>R</em>, and subsumes all other protection levels (i.e., <em>M, L, and U</em>).</p>
<p>**Map:**Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care when purpose of use is treatment: Default for normal clinical care access (i.e., most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.</p>
<p><strong>Examples:</strong></p>
<p>n the US, this includes what HIPAA identifies as protected health information (PHI) under 45 CFR Section 160.103.</p>
</div></td><td>10230</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  R<a name="v3-Confidentiality-R"> </a></td><td>restricted</td><td><div><p>Privacy metadata indicating the level of protection required to safeguard potentially stigmatizing information, which if disclosed without authorization, would present a high risk of harm to an individual's reputation and sense of privacy.</p>
<p><em>Usage Note:</em> The level of protection afforded restricted confidential information is dictated by specially protective organizational or jurisdictional privacy policies, including at an authorized individual's request, intended to engender patient trust in providers of sensitive services.</p>
<p>Privacy policies mandating additional levels of protection by restricting information access preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment).</p>
<p>Confidentiality code total order hierarchy: Restricted (R) is less protective than <em>V</em>, and subsumes all other protection levels (i.e., <em>N, M, L, and U</em>).</p>
<p><strong>Examples:</strong></p>
<p>Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual (e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer).</p>
</div></td><td>10232</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  U<a name="v3-Confidentiality-U"> </a></td><td>unrestricted</td><td><div><p>Privacy metadata indicating that no level of protection is required to safeguard personal and healthcare information that has been disclosed by an authorized individual without restrictions on its use.</p>
<p><strong>Examples:</strong> Includes publicly available information e.g., business name, phone, email and physical address.</p>
<p><em>Usage Note:</em> The authorization to collect, access, use, and disclose this information may be stipulated in a contract of adhesion by a data user (e.g., via terms of service or data user privacy policies) in exchange for the data subject's use of a service.</p>
<p>This metadata indicates that the receiver has no obligation to consider privacy policies other than its own when making access control decisions.</p>
<p>This metadata indicates that the receiver has no obligation to consider privacy policies other than its own when making access control decisions.</p>
<p>Confidentiality code total order hierarchy: Unrestricted (U) is less protective than <em>V, R, N, M,</em> and <em>L</em>, and is the lowest protection levels.</p>
</div></td><td>23321</td><td>active</td><td/></tr><tr><td>2</td><td style="white-space:nowrap">  V<a name="v3-Confidentiality-V"> </a></td><td>very restricted</td><td><div><p>Privacy metadata indicating the level of protection required under atypical cicumstances to safeguard potentially damaging or harmful information, which if disclosed without authorization, would (1) present an extremely high risk of harm to an individual's reputation, sense of privacy, and possibly safety; or (2) impact an individual's or organization's legal matters.</p>
<p><em>Usage Note:</em> The level of protection afforded very restricted confidential information is dictated by specially protective privacy or legal policies intended to ensure that under atypical circumstances additional protections limit access to only those with a high 'need to know' and the information is kept in highest confidence..</p>
<p>Privacy and legal policies mandating the highest level of protection by stringently restricting information access, preempt less protective privacy policies when the information is used in the delivery and management of healthcare including legal proceedings related to healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment but only under limited circumstances).</p>
<p>Confidentiality code total order hierarchy: Very Restricted (V) is the highest protection level and subsumes all other protection levels s (i.e., <em>R, N, M, L, and UI</em>).</p>
<p><strong>Examples:</strong></p>
<p>Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under a legal hold or attorney-client privilege.</p>
</div></td><td>14799</td><td>active</td><td/></tr><tr style="background-color: #ffeeee"><td>1</td><td style="white-space:nowrap">_ConfidentialityByAccessKind<a name="v3-Confidentiality-_ConfidentialityByAccessKind"> </a></td><td>ConfidentialityByAccessKind</td><td><div><p><strong>Description:</strong> By accessing subject / role and relationship based rights (These concepts are mutually exclusive, one and only one is required for a valid confidentiality coding.)</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>21049</td><td>retired</td><td>true</td></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  B<a name="v3-Confidentiality-B"> </a></td><td>business</td><td><div><p><strong>Description:</strong> Since the service class can represent knowledge structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to flag those items as of business level confidentiality. However, no patient related information may ever be of this confidentiality level.</p>
<p><em>Deprecation Comment:</em> Replced by ActCode.B</p>
</div></td><td>10235</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  D<a name="v3-Confidentiality-D"> </a></td><td>clinician</td><td><div><p><strong>Description:</strong> Only clinicians may see this item, billing and administration persons can not access this item without special permission.</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>10231</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  I<a name="v3-Confidentiality-I"> </a></td><td>individual</td><td><div><p><strong>Description:</strong> Access only to individual persons who are mentioned explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code).</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>10233</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>1</td><td style="white-space:nowrap">_ConfidentialityByInfoType<a name="v3-Confidentiality-_ConfidentialityByInfoType"> </a></td><td>ConfidentialityByInfoType</td><td><div><p><strong>Description:</strong> By information type, only for service catalog entries (multiples allowed). Not to be used with actual patient data!</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>21050</td><td>retired</td><td>true</td></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  ETH<a name="v3-Confidentiality-ETH"> </a></td><td>substance abuse related</td><td><div><p><strong>Description:</strong> Alcohol/drug-abuse related item</p>
<p>*Deprecation Comment:*Replced by ActCode.ETH</p>
</div></td><td>10243</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  HIV<a name="v3-Confidentiality-HIV"> </a></td><td>HIV related</td><td><div><p><strong>Description:</strong> HIV and AIDS related item</p>
<p>*Deprecation Comment:*Replced by ActCode.HIV</p>
</div></td><td>10241</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  PSY<a name="v3-Confidentiality-PSY"> </a></td><td>psychiatry relate</td><td><div><p><strong>Description:</strong> Psychiatry related item</p>
<p>*Deprecation Comment:*Replced by ActCode.PSY</p>
</div></td><td>10242</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  SDV<a name="v3-Confidentiality-SDV"> </a></td><td>sexual and domestic violence related</td><td><div><p><strong>Description:</strong> Sexual assault / domestic violence related item</p>
<p>*Deprecation Comment:*Replced by ActCode.SDV</p>
</div></td><td>10244</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>1</td><td style="white-space:nowrap">_ConfidentialityModifiers<a name="v3-Confidentiality-_ConfidentialityModifiers"> </a></td><td>ConfidentialityModifiers</td><td><div><p><strong>Description:</strong> Modifiers of role based access rights (multiple allowed)</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>21051</td><td>retired</td><td>true</td></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  C<a name="v3-Confidentiality-C"> </a></td><td>celebrity</td><td><div><p><strong>Description:</strong> Celebrities are people of public interest (VIP) including employees, whose information require special protection.</p>
<p>*Deprecation Comment:*Replced by ActCode.CEL</p>
</div></td><td>10239</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  S<a name="v3-Confidentiality-S"> </a></td><td>sensitive</td><td><div><p><strong>Description:</strong></p>
<p>Information for which the patient seeks heightened confidentiality. Sensitive information is not to be shared with family members. Information reported by the patient about family members is sensitive by default. Flag can be set or cleared on patient's request.</p>
<p>*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode</p>
</div></td><td>10237</td><td>retired</td><td/></tr><tr style="background-color: #ffeeee"><td>2</td><td style="white-space:nowrap">  T<a name="v3-Confidentiality-T"> </a></td><td>taboo</td><td><div><p><strong>Description:</strong> Information not to be disclosed or discussed with patient except through physician assigned to patient in this case. This is usually a temporary constraint only, example use is a new fatal diagnosis or finding, such as malignancy or HIV.</p>
<p>*Deprecation Note:*Replced by ActCode.TBOO</p>
</div></td><td>10238</td><td>retired</td><td/></tr></table></div>
  </text>
  <url value="http://terminology.hl7.org/CodeSystem/v3-Confidentiality"/>
  <identifier>
    <system value="urn:ietf:rfc:3986"/>
    <value value="urn:oid:2.16.840.1.113883.5.25"/>
  </identifier>
  <version value="3.0.0"/>
  <name value="Confidentiality"/>
  <title value="Confidentiality"/>
  <status value="active"/>
  <experimental value="false"/>
  <date value="2023-05-30"/>
  <publisher value="Health Level Seven International"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://hl7.org"/>
    </telecom>
    <telecom>
      <system value="email"/>
      <value value="hq@HL7.org"/>
    </telecom>
  </contact>
  <description
               value="A set of codes specifying the security classification of acts and roles in accordance with the definition for concept domain &quot;Confidentiality&quot;."/>
  <copyright
             value="This material derives from the HL7 Terminology THO. THO is copyright ©1989+ Health Level Seven International and is made available under the CC0 designation. For more licensing information see: https://terminology.hl7.org/license"/>
  <caseSensitive value="true"/>
  <hierarchyMeaning value="is-a"/>
  <content value="complete"/>
  <property>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-symmetry">
      <valueCode value="antisymmetric"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-transitivity">
      <valueCode value="transitive"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-reflexivity">
      <valueCode value="irreflexive"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-isNavigable">
      <valueBoolean value="true"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-relationshipKind">
      <valueCode value="Specializes"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-inverseName">
      <valueString value="Generalizes"/>
    </extension>
    <code value="Specializes"/>
    <description
                 value="The child code is a more narrow version of the concept represented by the parent code.  I.e. Every child concept is also a valid parent concept.  Used to allow determination of subsumption.  Must be transitive, irreflexive, antisymmetric."/>
    <type value="Coding"/>
  </property>
  <property>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-symmetry">
      <valueCode value="antisymmetric"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-transitivity">
      <valueCode value="transitive"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-reflexivity">
      <valueCode value="irreflexive"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-isNavigable">
      <valueBoolean value="true"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-relationshipKind">
      <valueCode value="Generalizes"/>
    </extension>
    <extension
               url="http://terminology.hl7.org/StructureDefinition/ext-mif-relationship-inverseName">
      <valueString value="Specializes"/>
    </extension>
    <code value="Generalizes"/>
    <description
                 value="Inverse of Specializes.  Only included as a derived relationship."/>
    <type value="Coding"/>
  </property>
  <property>
    <code value="internalId"/>
    <uri
         value="http://terminology.hl7.org/CodeSystem/utg-concept-properties#v3-internal-id"/>
    <description
                 value="The internal identifier for the concept in the HL7 Access database repository."/>
    <type value="code"/>
  </property>
  <property>
    <code value="status"/>
    <uri value="http://hl7.org/fhir/concept-properties#status"/>
    <description
                 value="A property that indicates the status of the concept. One of active, experimental, deprecated, or retired."/>
    <type value="code"/>
  </property>
  <property>
    <code value="deprecationDate"/>
    <uri value="http://hl7.org/fhir/concept-properties#deprecationDate"/>
    <description
                 value="The date at which a concept was deprecated. Concepts that are deprecated but not inactive can still be used, but their use is discouraged."/>
    <type value="dateTime"/>
  </property>
  <property>
    <code value="notSelectable"/>
    <uri value="http://hl7.org/fhir/concept-properties#notSelectable"/>
    <description
                 value="Indicates that the code is abstract - only intended to be used as a selector for other concepts"/>
    <type value="boolean"/>
  </property>
  <concept>
    <code value="_Confidentiality"/>
    <display value="Confidentiality"/>
    <definition
                value="A specializable code and its leaf codes used in Confidentiality value sets to value the Act.Confidentiality and Role.Confidentiality attribute in accordance with the definition for concept domain &quot;Confidentiality&quot;."/>
    <property>
      <code value="status"/>
      <valueCode value="active"/>
    </property>
    <property>
      <code value="internalId"/>
      <valueCode value="23320"/>
    </property>
    <concept>
      <code value="L"/>
      <display value="low"/>
      <definition
                  value="Privacy metadata indicating that a low level of protection is required to safeguard personal and healthcare information, which has been altered in such a way as to minimize the need for confidentiality protections with some residual risks associated with re-linking. The risk of harm to an individual's reputation and sense of privacy if disclosed without authorization is considered negligible, and mitigations are in place to address reidentification risk.

*Usage Note:* 

The level of protection afforded anonymized and pseudonymized, and non-personally identifiable information (e.g., a limited data set) is dictated by privacy policies and data use agreements intended to engender trust that health information can be used and disclosed with little or no risk of re-identification.

**Example:** Personal and healthcare information, which excludes 16 designated categories of direct identifiers in a HIPAA Limited Data Set. This information may be disclosed by HIPAA Covered Entities without patient authorization for a research, public health, and operations purposes if conditions are met, which includes obtaining a signed data use agreement from the recipient. See 45 CFR Section 164.514.

This metadata indicates that the receiver may have an obligation to comply with a data use agreement with the discloser. The discloser may have obligations to comply with policies dictating the methods for de-identification.

Confidentiality code total order hierarchy: Low (L) is less protective than *V, R, N,* and *M*, and subsumes *U*."/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10234"/>
      </property>
    </concept>
    <concept>
      <code value="M"/>
      <display value="moderate"/>
      <definition
                  value="Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a moderate risk of harm to an individual's reputation and sense of privacy.

*Usage Note:* The level of protection afforded moderately confidential information is dictated by privacy policies intended to engender trust in a service provider. May include publicly available information in jurisdictions that restrict uses of that information without the consent of the data subject.

Privacy policies mandating moderate levels of protection, which preempt less protective privacy policies. &quot;Moderate&quot; confidentiality policies differ from and would be preempted by the prevailing privacy policies mandating the normative level of protection for information used in the delivery and management of healthcare.

Confidentiality code total order hierarchy: Moderate (M) is less protective than *V, R, and N*, and subsumes all other protection levels (i.e., *L* and *U*).

**Examples:** Includes personal and health information that an individual authorizes to be collected, accessed, used or disclosed to a bank for a health credit card or savings account; to health oversight authorities; to a hospital patient directory; to worker compensation, disability, property and casualty or life insurers; and to personal health record systems, consumer-controlled devices, social media accounts and online Apps; or for marketing purposes"/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="23322"/>
      </property>
    </concept>
    <concept>
      <code value="N"/>
      <display value="normal"/>
      <definition
                  value="Privacy metadata indicating the level of protection required to safeguard personal and healthcare information, which if disclosed without authorization, would present a considerable risk of harm to an individual's reputation and sense of privacy.

*Usage Note:* The level of protection afforded normatively confidential information is dictated by the prevailing normative privacy policies, which are intended to engender patient trust in their healthcare providers.

Privacy policies mandating normative levels of protection, which preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment).

Confidentiality code total order hierarchy: Normal (N) is less protective than *V* and *R*, and subsumes all other protection levels (i.e., *M, L, and U*).

**Map:**Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care when purpose of use is treatment: Default for normal clinical care access (i.e., most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.

**Examples:** 

n the US, this includes what HIPAA identifies as protected health information (PHI) under 45 CFR Section 160.103."/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10230"/>
      </property>
    </concept>
    <concept>
      <code value="R"/>
      <display value="restricted"/>
      <definition
                  value="Privacy metadata indicating the level of protection required to safeguard potentially stigmatizing information, which if disclosed without authorization, would present a high risk of harm to an individual's reputation and sense of privacy.

*Usage Note:* The level of protection afforded restricted confidential information is dictated by specially protective organizational or jurisdictional privacy policies, including at an authorized individual's request, intended to engender patient trust in providers of sensitive services.

Privacy policies mandating additional levels of protection by restricting information access preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment).

Confidentiality code total order hierarchy: Restricted (R) is less protective than *V*, and subsumes all other protection levels (i.e., *N, M, L, and U*).

**Examples:** 

Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual (e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer)."/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10232"/>
      </property>
    </concept>
    <concept>
      <code value="U"/>
      <display value="unrestricted"/>
      <definition
                  value="Privacy metadata indicating that no level of protection is required to safeguard personal and healthcare information that has been disclosed by an authorized individual without restrictions on its use.

**Examples:** Includes publicly available information e.g., business name, phone, email and physical address.

*Usage Note:* The authorization to collect, access, use, and disclose this information may be stipulated in a contract of adhesion by a data user (e.g., via terms of service or data user privacy policies) in exchange for the data subject's use of a service.

This metadata indicates that the receiver has no obligation to consider privacy policies other than its own when making access control decisions.

This metadata indicates that the receiver has no obligation to consider privacy policies other than its own when making access control decisions.

Confidentiality code total order hierarchy: Unrestricted (U) is less protective than *V, R, N, M,* and *L*, and is the lowest protection levels."/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="23321"/>
      </property>
    </concept>
    <concept>
      <code value="V"/>
      <display value="very restricted"/>
      <definition
                  value="Privacy metadata indicating the level of protection required under atypical cicumstances to safeguard potentially damaging or harmful information, which if disclosed without authorization, would (1) present an extremely high risk of harm to an individual's reputation, sense of privacy, and possibly safety; or (2) impact an individual's or organization's legal matters.

*Usage Note:* The level of protection afforded very restricted confidential information is dictated by specially protective privacy or legal policies intended to ensure that under atypical circumstances additional protections limit access to only those with a high 'need to know' and the information is kept in highest confidence..

Privacy and legal policies mandating the highest level of protection by stringently restricting information access, preempt less protective privacy policies when the information is used in the delivery and management of healthcare including legal proceedings related to healthcare. May be pre-empted by jurisdictional law (e.g., for public health reporting or emergency treatment but only under limited circumstances).

Confidentiality code total order hierarchy: Very Restricted (V) is the highest protection level and subsumes all other protection levels s (i.e., *R, N, M, L, and UI*).

**Examples:** 

Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under a legal hold or attorney-client privilege."/>
      <property>
        <code value="status"/>
        <valueCode value="active"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="14799"/>
      </property>
    </concept>
  </concept>
  <concept>
    <code value="_ConfidentialityByAccessKind"/>
    <display value="ConfidentialityByAccessKind"/>
    <definition
                value="**Description:** By accessing subject / role and relationship based rights (These concepts are mutually exclusive, one and only one is required for a valid confidentiality coding.)

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
    <property>
      <code value="notSelectable"/>
      <valueBoolean value="true"/>
    </property>
    <property>
      <code value="status"/>
      <valueCode value="retired"/>
    </property>
    <property>
      <code value="internalId"/>
      <valueCode value="21049"/>
    </property>
    <concept>
      <code value="B"/>
      <display value="business"/>
      <definition
                  value="**Description:** Since the service class can represent knowledge structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to flag those items as of business level confidentiality. However, no patient related information may ever be of this confidentiality level.

*Deprecation Comment:* Replced by ActCode.B"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10235"/>
      </property>
    </concept>
    <concept>
      <code value="D"/>
      <display value="clinician"/>
      <definition
                  value="**Description:** Only clinicians may see this item, billing and administration persons can not access this item without special permission.

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10231"/>
      </property>
    </concept>
    <concept>
      <code value="I"/>
      <display value="individual"/>
      <definition
                  value="**Description:** Access only to individual persons who are mentioned explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code).

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10233"/>
      </property>
    </concept>
  </concept>
  <concept>
    <code value="_ConfidentialityByInfoType"/>
    <display value="ConfidentialityByInfoType"/>
    <definition
                value="**Description:** By information type, only for service catalog entries (multiples allowed). Not to be used with actual patient data!

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
    <property>
      <code value="notSelectable"/>
      <valueBoolean value="true"/>
    </property>
    <property>
      <code value="status"/>
      <valueCode value="retired"/>
    </property>
    <property>
      <code value="internalId"/>
      <valueCode value="21050"/>
    </property>
    <concept>
      <code value="ETH"/>
      <display value="substance abuse related"/>
      <definition
                  value="**Description:** Alcohol/drug-abuse related item

*Deprecation Comment:*Replced by ActCode.ETH"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10243"/>
      </property>
    </concept>
    <concept>
      <code value="HIV"/>
      <display value="HIV related"/>
      <definition
                  value="**Description:** HIV and AIDS related item

*Deprecation Comment:*Replced by ActCode.HIV"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10241"/>
      </property>
    </concept>
    <concept>
      <code value="PSY"/>
      <display value="psychiatry relate"/>
      <definition
                  value="**Description:** Psychiatry related item

*Deprecation Comment:*Replced by ActCode.PSY"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10242"/>
      </property>
    </concept>
    <concept>
      <code value="SDV"/>
      <display value="sexual and domestic violence related"/>
      <definition
                  value="**Description:** Sexual assault / domestic violence related item

*Deprecation Comment:*Replced by ActCode.SDV"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10244"/>
      </property>
    </concept>
  </concept>
  <concept>
    <code value="_ConfidentialityModifiers"/>
    <display value="ConfidentialityModifiers"/>
    <definition
                value="**Description:** Modifiers of role based access rights (multiple allowed)

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
    <property>
      <code value="notSelectable"/>
      <valueBoolean value="true"/>
    </property>
    <property>
      <code value="status"/>
      <valueCode value="retired"/>
    </property>
    <property>
      <code value="internalId"/>
      <valueCode value="21051"/>
    </property>
    <concept>
      <code value="C"/>
      <display value="celebrity"/>
      <definition
                  value="**Description:** Celebrities are people of public interest (VIP) including employees, whose information require special protection.

*Deprecation Comment:*Replced by ActCode.CEL"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10239"/>
      </property>
    </concept>
    <concept>
      <code value="S"/>
      <display value="sensitive"/>
      <definition
                  value="**Description:** 

Information for which the patient seeks heightened confidentiality. Sensitive information is not to be shared with family members. Information reported by the patient about family members is sensitive by default. Flag can be set or cleared on patient's request.

*Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCode"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10237"/>
      </property>
    </concept>
    <concept>
      <code value="T"/>
      <display value="taboo"/>
      <definition
                  value="**Description:** Information not to be disclosed or discussed with patient except through physician assigned to patient in this case. This is usually a temporary constraint only, example use is a new fatal diagnosis or finding, such as malignancy or HIV.

*Deprecation Note:*Replced by ActCode.TBOO"/>
      <property>
        <code value="status"/>
        <valueCode value="retired"/>
      </property>
      <property>
        <code value="internalId"/>
        <valueCode value="10238"/>
      </property>
    </concept>
  </concept>
</CodeSystem>