HL7 Terminology
1.0.0 - Publication

This page is part of the HL7 Terminology (v1.0.0: Release) based on FHIR R4. The current version which supercedes this version is 5.2.0. For a full list of available versions, see the Directory of published versions

Confidentiality

Summary

Defining URL:http://terminology.hl7.org/CodeSystem/v3-Confidentiality
Version:2.0.0
Name:Confidentiality
Title:Confidentiality
Status:Active
Content:All the concepts defined by the code system are included in the code system resource
Definition:

A set of codes specifying the security classification of acts and roles in accordance with the definition for concept domain "Confidentiality".

Publisher:Health Level 7
OID:2.16.840.1.113883.5.25 (for OID based terminology systems)
Content Mode:Complete
Source Resource:XML / JSON / Turtle

This Code system is referenced in the content logical definition of the following value sets:

Confidentiality

A set of codes specifying the security classification of acts and roles in accordance with the definition for concept domain "Confidentiality".

Properties

CodeURLDescriptionType
SpecializesThe child code is a more narrow version of the concept represented by the parent code. I.e. Every child concept is also a valid parent concept. Used to allow determination of subsumption. Must be transitive, irreflexive, antisymmetric.Coding
GeneralizesInverse of Specializes. Only included as a derived relationship.Coding
internalIdhttp://terminology.hl7.org/CodeSystem/utg-concept-properties#v3-internal-idThe internal identifier for the concept in the HL7 Access database repository.code
statushttp://hl7.org/fhir/concept-properties#statusA property that indicates the status of the concept. One of active, experimental, deprecated, or retired.code
deprecationDatehttp://hl7.org/fhir/concept-properties#deprecationDateThe date at which a concept was deprecated. Concepts that are deprecated but not inactive can still be used, but their use is discouraged.dateTime
notSelectablehttp://hl7.org/fhir/concept-properties#notSelectableIndicates that the code is abstract - only intended to be used as a selector for other conceptsboolean

This code system http://terminology.hl7.org/CodeSystem/v3-Confidentiality defines the following codes:

LvlCodeDisplayDefinitionDeprecatedinternalIdstatusdeprecationDateNot Selectable
1_Confidentiality ConfidentialityA specializable code and its leaf codes used in Confidentiality value sets to value the Act.Confidentiality and Role.Confidentiality attribute in accordance with the definition for concept domain "Confidentiality".23320active
2  L low*Definition:* Privacy metadata indicating that the information has been de-identified, and there are mitigating circumstances that prevent re-identification, which minimize risk of harm from unauthorized disclosure. The information requires protection to maintain low sensitivity. *Examples:* Includes anonymized, pseudonymized, or non-personally identifiable information such as HIPAA limited data sets. *Map:* No clear map to ISO 13606-4 Sensitivity Level (1) Care Management: RECORD\_COMPONENTs that might need to be accessed by a wide range of administrative staff to manage the subject of care's access to health services. *Usage Note:* This metadata indicates the receiver may have an obligation to comply with a data use agreement.10234active
2  M moderate*Definition:* Privacy metadata indicating moderately sensitive information, which presents moderate risk of harm if disclosed without authorization. *Examples:* Includes allergies of non-sensitive nature used inform food service; health information a patient authorizes to be used for marketing, released to a bank for a health credit card or savings account; or information in personal health record systems that are not governed under health privacy laws. *Map:* Partial Map to ISO 13606-4 Sensitivity Level (2) Clinical Management: Less sensitive RECORD\_COMPONENTs that might need to be accessed by a wider range of personnel not all of whom are actively caring for the patient (e.g. radiology staff). *Usage Note:* This metadata indicates that the receiver may be obligated to comply with the receiver's terms of use or privacy policies.23322active
2  N normal*Definition:* Privacy metadata indicating that the information is typical, non-stigmatizing health information, which presents typical risk of harm if disclosed without authorization. *Examples:* In the US, this includes what HIPAA identifies as the minimum necessary protected health information (PHI) given a covered purpose of use (treatment, payment, or operations). Includes typical, non-stigmatizing health information disclosed in an application for health, workers compensation, disability, or life insurance. *Map:* Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations. *Usage Note:* This metadata indicates that the receiver may be obligated to comply with applicable jurisdictional privacy law or disclosure authorization.10230active
2  R restrictedPrivacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment. *Examples:* Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual, e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer. *Map:* Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.. *Usage Note:* This metadata indicates that the receiver may be obligated to comply with applicable, prevailing (default) jurisdictional privacy law or disclosure authorization..10232active
2  U unrestricted*Definition:* Privacy metadata indicating that the information is not classified as sensitive. *Examples:* Includes publicly available information, e.g., business name, phone, email or physical address. *Usage Note:* This metadata indicates that the receiver has no obligation to consider additional policies when making access control decisions. Note that in some jurisdictions, personally identifiable information must be protected as confidential, so it would not be appropriate to assign a confidentiality code of "unrestricted" to that information even if it is publicly available.23321active
2  V very restricted. Privacy metadata indicating that the information is extremely sensitive and likely stigmatizing health information that presents a very high risk if disclosed without authorization. This information must be kept in the highest confidence. *Examples:* Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under “legal lockâ€? or attorney-client privilege *Map:* This metadata indicates that the receiver may not disclose this information except as directed by the information custodian, who may be the information subject. *Usage Note:* This metadata indicates that the receiver may not disclose this information except as directed by the information custodian, who may be the information subject.14799active
1_ConfidentialityByAccessKind ConfidentialityByAccessKind**Description:** By accessing subject / role and relationship based rights (These concepts are mutually exclusive, one and only one is required for a valid confidentiality coding.) *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated21049deprecated2011-12-14T00:00:00-05:00true
2  B business**Description:** Since the service class can represent knowledge structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to flag those items as of business level confidentiality. However, no patient related information may ever be of this confidentiality level. *Deprecation Comment:* Replced by ActCode.BDeprecated10235deprecated2011-12-14T00:00:00-05:00
2  D clinician**Description:** Only clinicians may see this item, billing and administration persons can not access this item without special permission. *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated10231deprecated2011-12-14T00:00:00-05:00
2  I individual**Description:** Access only to individual persons who are mentioned explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code). *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated10233deprecated2011-12-14T00:00:00-05:00
1_ConfidentialityByInfoType ConfidentialityByInfoType**Description:** By information type, only for service catalog entries (multiples allowed). Not to be used with actual patient data! *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated21050deprecated2011-12-14T00:00:00-05:00true
2  ETH substance abuse related**Description:** Alcohol/drug-abuse related item *Deprecation Comment:*Replced by ActCode.ETHDeprecated10243deprecated2011-12-14T00:00:00-05:00
2  HIV HIV related**Description:** HIV and AIDS related item *Deprecation Comment:*Replced by ActCode.HIVDeprecated10241deprecated2011-12-14T00:00:00-05:00
2  PSY psychiatry relate**Description:** Psychiatry related item *Deprecation Comment:*Replced by ActCode.PSYDeprecated10242deprecated2011-12-14T00:00:00-05:00
2  SDV sexual and domestic violence related**Description:** Sexual assault / domestic violence related item *Deprecation Comment:*Replced by ActCode.SDVDeprecated10244deprecated2011-12-14T00:00:00-05:00
1_ConfidentialityModifiers ConfidentialityModifiers**Description:** Modifiers of role based access rights (multiple allowed) *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated21051deprecated2011-12-14T00:00:00-05:00true
2  C celebrity**Description:** Celebrities are people of public interest (VIP) including employees, whose information require special protection. *Deprecation Comment:*Replced by ActCode.CELDeprecated10239deprecated2011-12-14T00:00:00-05:00
2  S sensitive**Description:** Information for which the patient seeks heightened confidentiality. Sensitive information is not to be shared with family members. Information reported by the patient about family members is sensitive by default. Flag can be set or cleared on patient's request. *Deprecation Comment:*Deprecated due to updated confidentiality codes under ActCodeDeprecated10237deprecated2011-12-14T00:00:00-05:00
2  T taboo**Description:** Information not to be disclosed or discussed with patient except through physician assigned to patient in this case. This is usually a temporary constraint only, example use is a new fatal diagnosis or finding, such as malignancy or HIV. *Deprecation Note:*Replced by ActCode.TBOODeprecated10238deprecated2011-12-14T00:00:00-05:00

History

DateActionAuthorCustodianComment
2020-05-06reviseTed KleinVocabulary WGMigrated to the UTG maintenance environment and publishing tooling.