| ACP | ACP-001 | to delete | Testable |
1
|
0
| | The Attribute Value must be a child element PatientId in the urn:hl7-org:v3 namespace, with root and extension attributes. | 12 | Section 3.1 | 10/3/22 5:47:10 PM by rjohnson |
|
| ACP | ACP-002 | to be reviewed | Testable |
1
|
0
| | When specified, only one patient ID may be given in a single policy document, and it must appear as a descendent of <Target> element that is a direct child of the root <Policy> element. | 12 | Section 3.1 | 5/24/17 8:53:29 AM by aberge |
|
| ACP | ACP-003 | to be reviewed | Testable |
1
|
0
| | The Home Community ID must be an Object Identifier (OID), using the urn format (that is, urn:oid: appended with the OID). | 12 | Section 3.1 | 5/24/17 8:53:48 AM by aberge |
|
| ACP | ACP-004 | to be reviewed | Testable |
1
|
0
| | Document Class must be a Document Class code defined in the NHIN document metadata specifications. These are LOINC codes | 12 | Section 3.1 | 5/24/17 8:54:01 AM by aberge |
|
| ACP | ACP-005 | to be reviewed | Testable |
1
|
0
| | The User ID must be specified as either an e-mail address (rfc822Name) or an X500 name (x500Name) | 12 | Section 3.1 | 5/24/17 8:54:15 AM by aberge |
|
| ACP | ACP-006 | to be reviewed | Testable |
1
|
0
| | One of authorPerson or authorInstitution elements should be used to provide information about the author of the Access Consent Policy | 13 | Table 1 | 5/24/17 8:54:24 AM by aberge |
|
| ACP | ACP-007 | to be reviewed | Testable |
1
|
0
| | classCode must use the LOINC code 57017-6to represent Access Consent Policy. The description for this code is Privacy Policy. | 13 | Table 1 | 5/24/17 8:54:26 AM by aberge |
|
| ACP | ACP-008 | to be reviewed | Testable |
1
|
0
| | The value of the eventCodeList is an OID, which must be prefixed with urn:oid:. Since OIDs do not have a coding scheme, use the value N/A in the coding scheme slot | 13 | Table 1 | 5/24/17 8:54:32 AM by aberge |
|
| ACP | ACP-009 | to be reviewed | Testable |
1
|
0
| | Lack of serviceStartTime/serviceStopTime must be interpreted as meaning that the policy is not time limited | 13 | Table 1 | 5/24/17 8:54:39 AM by aberge |
|
| ACP | ACP-010 | to be reviewed | Testable |
1
|
0
| | typeCode must use the LOINC code 57017-6 to represent Access Consent Policy. The description for this code is Privacy Policy. | 13 | Table 1 | 5/24/17 8:54:52 AM by aberge |
|
| ATNA | ATNA-1 | reviewed | Testable |
1
|
4
| I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit. | The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node. | 76 | Section 9.1.2 | 3/16/17 4:42:08 PM by aberge |
|
| ATNA | ATNA-10 | validated | Testable |
0
|
2
| | Audit Record Repository actor which claims support of the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction. | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-11 | validated | Testable |
0
|
2
| Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both. | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-12 | validated | Testable |
1
|
2
| | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction | 80 | Table 9.4-4 | 10/20/22 2:34:14 PM by testAuto |
|
| ATNA | ATNA-13 | reviewed | Testable |
0
|
2
| This is a grouping requirement. ITI-1 is not required by the ATNA profile. > According to 2nd Review group, the TF is the reference. | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall perform the Maintain Time [ITI-1] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-14 | reviewed | Testable |
1
|
2
| I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion. | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-15 | reviewed | Testable |
0
|
2
| | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-16 | reviewed | Testable |
0
|
2
| see previous comment on ITI-19 | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-17 | validated | Testable |
1
|
2
| | The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-18 | validated | Testable |
1
|
2
| | The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|