Type of security metadata observation made about the integrity of an IT resource (data, information object, service, or system capability), which may be used to make access control decisions.

Rationale: A security integrity observation supports the requirement to guard against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (44 U.S.C., SEC. 3542)

Examples: Types of security integrity metadata include:

• Integrity status, which indicates the completeness or workflow status of an IT resource (data, information object, service, or system capability)
• Integrity confidence, which indicates the reliability and trustworthiness of an IT resource
• Integrity control, which indicates pertinent handling caveats, obligations, refrain policies, and purpose of use for the resource
• Data integrity, which indicate the security mechanisms used to ensure that the accuracy and consistency are preserved regardless of changes made (ISO/IEC DIS 2382-8)
• Alteration integrity, which indicate the security mechanisms used for authorized transformations of the resource
• Integrity provenance, which indicates the entity responsible for a report or assertion relayed "second-hand" about an IT resource

Type of security metadata observation made about the alteration integrity of an IT resource (data, information object, service, or system capability), which indicates the mechanism used for authorized transformations of the resource.

Examples: Types of security alteration integrity observation metadata, which may value the observation with a code used to indicate the mechanism used for authorized transformation of an IT resource, including:

• translation
• syntactic transformation
• semantic mapping
• redaction
• masking
• pseudonymization
• anonymization

Type of security metadata observation made about the data integrity of an IT resource (data, information object, service, or system capability), which indicates the security mechanism used to preserve resource accuracy and consistency. Data integrity is defined by ISO 22600-23.3.21 as: "The property that data has not been altered or destroyed in an unauthorized manner", and by ISO/IEC 2382-8: The property of data whose accuracy and consistency are preserved regardless of changes made."

Examples: Types of security data integrity observation metadata, which may value the observation, include cryptographic hash function and digital signature.

Type of security metadata observation made about the integrity confidence of an IT resource (data, information object, service, or system capability), which may be used to make access control decisions.

Examples: Types of security integrity confidence observation metadata, which may value the observation, include highly reliable, uncertain reliability, and not reliable.

Usage Note: A security integrity confidence observation on an Act may indicate that a valued Act.uncertaintycode attribute has been overridden by the entity responsible for ascribing the SecurityIntegrityConfidenceObservationValue. This supports the business requirements for increasing or decreasing the assessment of the reliability or trustworthiness of an IT resource based on parameters beyond the original assignment of an Act statement level of uncertainty.

Type of security metadata observation made about the provenance integrity of an IT resource (data, information object, service, or system capability), which indicates the lifecycle completeness of an IT resource in terms of workflow status such as its creation, modification, suspension, and deletion; locations in which the resource has been collected or archived, from which it may be retrieved, and the history of its distribution and disclosure. Integrity provenance metadata about an IT resource may be used to assess its veracity, reliability, and trustworthiness.

Examples: Types of security integrity provenance observation metadata, which may value the observation about an IT resource, include:

• completeness or workflow status, such as authentication
• the entity responsible for original authoring or informing about an IT resource
• the entity responsible for a report or assertion about an IT resource relayed "second-hand"
• the entity responsible for excerpting, transforming, or compiling an IT resource

Type of security metadata observation made about the integrity provenance of an IT resource (data, information object, service, or system capability), which indicates the entity that made assertions about the resource. The asserting entity may not be the original informant about the resource.

Examples: Types of security integrity provenance asserted by observation metadata, which may value the observation, including:

• assertions about an IT resource by a patient
• assertions about an IT resource by a clinician
• assertions about an IT resource by a device

Type of security metadata observation made about the integrity provenance of an IT resource (data, information object, service, or system capability), which indicates the entity that reported the existence of the resource. The reporting entity may not be the original author of the resource.

Examples: Types of security integrity provenance reported by observation metadata, which may value the observation, include:

• reports about an IT resource by a patient
• reports about an IT resource by a clinician
• reports about an IT resource by a device

Type of security metadata observation made about the integrity status of an IT resource (data, information object, service, or system capability), which may be used to make access control decisions. Indicates the completeness of an IT resource in terms of workflow status, which may impact users that are authorized to access and use the resource.

Examples: Types of security integrity status observation metadata, which may value the observation, include codes from the HL7 DocumentCompletion code system such as legally authenticated, in progress, and incomplete.