visit the hl7 website The Demo site for our new HL7 Version 2+ (plus) Standard

18.8.14 ARV - Access Restrictions segment (3.4.14)

The ARV segment is used to communicate the requested/required type of access restrictions from system to system, at both the person/patient and the encounter/visit level.

The Access Restrictions segment (ARV) sent after the MSH acts as a manifest and declares the privacy and security classification (i.e the confidentiality level), the sensitivity (i.e. access restriction reason) and provides handling instructions (e.g. what the data can be used for, what must be done to protect it and what may not be done with the data). The segment is optional and can repeat.

Examples:

A person/patient may have the right to object to any or all of his/her information to be disclosed. In addition, the patient may request that protected information not be disclosed to family members or friends who may be involved in their care or for notification purposes.

A realm or organization may have certain privacy policies.

A patient may have the right to opt out of being included on facility directories.

In an international context, a physician may be culturally obligated to protect the patient's privacy.

Any "opt-in" or "opt-out" restrictions are communicated in ARV-3 - Access Restriction Value. This segment replaces PD1-12 and PV2-22, which have been deprecated in V2.6. The ARV segment is optional and as of 2.9 is sent immediately following the MSH segment to allow declaration of access restrictions for specific data elements (ARV-9 - Access Restriction Message Location), that are different from the overall security level declared in the Message Header Segment. The ARV segment can repeat, so that different security attributes across message elements can be declared.

Usage Notes:

The individual system security may want to utilize the Access Restriction Value along with the Access Restriction Reason and with the Confidentiality Code from Code defined in the Security Classification Tag (ARV-7)in order to implement the appropriate type of protection for the identified data. Each system has the flexibility to incorporate/map the access values into their security system appropriately; the actual implementation for access to protected data is determined by the individual system. The Access Restriction Values supported by an enterprise/system would be defined and determined by that organization.

It is expected that these access restriction values would be utilized in combination with other system security information (e.g., patient locations, user department, caregiver-patient relationships, other access restriction parameters) to determine user access.

System implementers should carefully control access to the restriction codes and values, as they themselves hold sensitive information.

HL7 Attribute Table - ARV - Access Restriction

Base Framework
Seq#Data ElementDescriptionFlagsImplementCardinalityLengthC.LENVocabularyData Type
ARV
102143Set ID MAY[0..1][1..4]
SI

Sequence ID

202144Access Restriction Action Code SHALL[1..1] univ: SegmentActionCode (CD) hl7VS-segmentActionCode (VS) segmentAction (CS)
CNE

Coded with No Exceptions

302145Access Restriction Value SHOULD[1..1] ex.:AccessRestrictionValue (CD)
CWE

Coded with Exceptions

402146Access Restriction Reason MAY[0..*] ex.:AccessRestrictionReasonCode (CD)
CWE

Coded with Exceptions

502147Special Access Restriction Instructions
=

Truncation not allowed!

MAY[0..*] 250
ST

String Data

602148Access Restriction Date Range  MAY[0..1] 
DR

Date/Time Range

703512Security Classification Tag SHOULD[1..1]  ERROR: does not know what to do!!
CWE

Coded with Exceptions

803513Security Handling Instructions MAY[0..*]  ERROR: does not know what to do!!
CWE

Coded with Exceptions

903514Access Restriction Message Location MAY[0..*] 
ERL

Error Location

1002470Access Restriction Instance Identifier
C

Condition defined for this element

MAY[0..1] 
EI

Entity Identifier

Conditions/Invariants

The root for the expression is on the segment.

Seq. Referenced Elements Introduction Invariant Comment
1 ?

Seq#Data ElementDescriptionFlagsImplementCardinalityLengthC.LENVocabularyData Type
ARV
102143Set ID MAY[0..1][1..4]
SI

Sequence ID

202144Access Restriction Action Code SHALL[1..1] univ: SegmentActionCode (CD) hl7VS-segmentActionCode (VS) segmentAction (CS)
CNE

Coded with No Exceptions

302145Access Restriction Value SHALL[1..1] ex.:AccessRestrictionValue (CD) hl7VS-accessRestrictionValue (VS) accessRestrictionValue (CS)
CWE

Coded with Exceptions

402146Access Restriction Reason MAY[0..*] ex.:AccessRestrictionReasonCode (CD)
CWE

Coded with Exceptions

502147Special Access Restriction Instructions
=

Truncation not allowed!

MAY[0..*] 250
ST

String Data

602148Access Restriction Date Range  MAY[0..1] 
DR

Date/Time Range

703512Security Classification Tag SHALL[1..1] 
CWE

Coded with Exceptions

803513Security Handling Instructions MAY[0..*] 
CWE

Coded with Exceptions

903514Access Restriction Message Location MAY[0..*] 
ERL

Error Location

1002470Access Restriction Instance Identifier
C

Condition defined for this element

MAY[0..1] 
EI

Entity Identifier

Base FrameworkBase Standard Profile
Seq#Data ElementDescriptionFlagsImplementCardinalityLengthC.LENVocabularyData TypeImplementVocabulary
ARV 
102143Set ID MAY[0..1][1..4]
SI

Sequence ID

MAY
202144Access Restriction Action Code SHALL[1..1] univ: SegmentActionCode (CD) hl7VS-segmentActionCode (VS) segmentAction (CS)
CNE

Coded with No Exceptions

SHALL 
302145Access Restriction Value SHOULD[1..1] ex.:AccessRestrictionValue (CD)
CWE

Coded with Exceptions

SHALLhl7VS-accessRestrictionValue (VS) accessRestrictionValue (CS)
402146Access Restriction Reason MAY[0..*] ex.:AccessRestrictionReasonCode (CD)
CWE

Coded with Exceptions

MAY
502147Special Access Restriction Instructions
=

Truncation not allowed!

MAY[0..*] 250
ST

String Data

MAY
602148Access Restriction Date Range  MAY[0..1] 
DR

Date/Time Range

MAY
703512Security Classification Tag SHOULD[1..1]  ERROR: does not know what to do!!
CWE

Coded with Exceptions

SHALL
803513Security Handling Instructions MAY[0..*]  ERROR: does not know what to do!!
CWE

Coded with Exceptions

MAY
903514Access Restriction Message Location MAY[0..*] 
ERL

Error Location

MAY
1002470Access Restriction Instance Identifier
C

Condition defined for this element

MAY[0..1] 
EI

Entity Identifier

MAY
Base Framework Base Standard Profile
Seq# Data Element Description Flags Optionality Repetition Length C.LEN Table Data Type Optionality Table
ARV  
1 02143 Set ID   O   [1..4]  
SI

Sequence ID

   
2 02144 Access Restriction Action Code   R      
CNE

Coded with No Exceptions

  (0206)
3 02145 Access Restriction Value   O     (0717)
CWE

Coded with Exceptions

R  
4 02146 Access Restriction Reason   O Y    
CWE

Coded with Exceptions

  (0719)
5 02147 Special Access Restriction Instructions   O Y   250=  
ST

String Data

   
6 02148 Access Restriction Date Range   O      
DR

Date/Time Range

   
7 03512 Security Classification Tag   O     (0952)
CWE

Coded with Exceptions

R  
8 03513 Security Handling Instructions   O Y    
CWE

Coded with Exceptions

  (0953)
9 03514 Access Restriction Message Location   O Y    
ERL

Error Location

   
10 02470 Access Restriction Instance Identifier
C

Condition defined for this element

O      
EI

Entity Identifier

   
Seq# Data Element Description Optionality Repetition Length C.LEN Table Data Type
ARV
1 02143 Set ID O   [1..4]  
SI

Sequence ID

2 02144 Access Restriction Action Code R     (0206)
CNE

Coded with No Exceptions

3 02145 Access Restriction Value R     (0717)
CWE

Coded with Exceptions

4 02146 Access Restriction Reason O Y   (0719)
CWE

Coded with Exceptions

5 02147 Special Access Restriction Instructions O Y   250=  
ST

String Data

6 02148 Access Restriction Date Range O      
DR

Date/Time Range

7 03512 Security Classification Tag R     (0952)
CWE

Coded with Exceptions

8 03513 Security Handling Instructions O Y   (0953)
CWE

Coded with Exceptions

9 03514 Access Restriction Message Location O Y    
ERL

Error Location

10 02470 Access Restriction Instance Identifier C      
EI

Entity Identifier

18.8.14.1 ARV field definitions (3.4.14.0)

18.8.14.2 ARV-1 Set ID (SI) 02143 (3.4.14.1)

Definition: This field contains the number that identifies this segment. For the first occurrence of the segment, the sequence number shall be one, for the second occurrence, the sequence number shall be two, etc.

18.8.14.3 ARV-2 Access Restriction Action Code (CNE) 02144 (3.4.14.2)

Definition: This field contains a code defining the action to be taken for this segment. It allows access restriction information to be sent to delete or update previously sent access restrictions. Refer to HL7 Table 0206 - Segment Action Code in Chapter 2C, Code Tables, for valid values.

18.8.14.4 ARV-3 Access Restriction Value (CWE) 02145 (3.4.14.3)

Definition: This field specifies the information to which access to sensitive information is restricted by applicable jurisdictional, organizational, patient privacy policy or law. This field is used to identify overarching context, for example specific policy defined data elements or message groups when applicable to ALL groups in the message. For example, under a specific minor’s right to consent for healthcare law coded in ARV-3, all of the minor’s demographic data coded in ARV-4 is sensitive, which may be conveyed in several segments (PID, PD1, PD2)). To a specific element, access may be restricted at the field level by employing the specific HL7 field location in ARV-9. For example, when only some of the demographic data is considered sensitive under a particular minor’s consent coded in ARV-3. Refer to User-defined Table 0717 - Access Restriction Value in Chapter 2C, Code Tables, for suggested values.

The intent of this table is to declare the applicable patient consent directive, organizational policy or jurisdicitonal law.

As examples in the US this could be HIPAA Authorizations for Disclosure, HIPAA Notice of Privacy Practice or 42 CFR Part 2.

18.8.14.5 ARV-4 Access Restriction Reason (CWE) 02146 (3.4.14.4)

Definition: This field is used to convey the reason for the restricted access. Repeat of the Access Restriction Reason is allowed to accommodate communication of multiple reasons for an access restriction. Refer to User-defined Table 0719 - Access Restriction Reason Code in Chapter 2C, Code Tables, for suggested values.

18.8.14.6 ARV-5 Special Access Restriction Instructions (ST) 02147 (3.4.14.5)

Definition: Used to convey specific instructions about the protection of the patient's information which must be rendered to end users in accordance with patient consent directive, organizational policy, or jurisdictional law. For example, in US law 42 CFR Part 2, disclosed information made with patient consent must include a renderable “Prohibition on re-disclosure” warning (§ 2.32) In addition, organizational policy may require that some or all of the ARV field privacy tag values be rendered to end users, e.g., marking a consult note with “Restricted Confidentiality” or with sensitivity tags such as “VIP” or “EMP” for employee of the organization.

This field may also be used to specify instructions about the release of information to family and friends (e.g., "Do not release information to patient's brother, Adam Everyman"). These instructions may be in conjunction with other fields (as elected by the system).

18.8.14.7 ARV-6 Access Restriction Date Range (DR) 02148 (3.4.14.6)

Definition: This element defines the date from which an access restriction commences until the date it is specifically rescinded.

18.8.14.8 ARV-7 Security Classification Tag (CWE) 03512 (3.4.14.7)

Definition: This field defines the security classification (as defined by ISO/IEC 2382-8:1998(E/F)/ T-REC-X.812-1995) of an IT resource, in this case the message, which may be used to make access control decisions. Use of this field supports the business requirement for increasing or decreasing the level of confidentiality (classification or declassification) for a given message.

Refer to Externally-defined HL7 Table 0952 - HL7 Confidentiality Classification. Use of this table is recommended. The codes in this table are comprehensive non-overlapping hierarchical codes: Very Restricted > Restricted > Normal > Moderate > Low > Unrestricted. Restrictions to a comprehensive, non-overlapping set of codes is required for purposes of access control system algorithms such as Bell-LaPadula Mode, which is used to adjudicate access requests against privacy policies. See Chapter 2C, Code Tables, for suggested values.

18.8.14.9 ARV-8 Security Handling Instructions (CWE) 03513 (3.4.14.8)

Definition: This field is repeatable and conveys instructions to users and receivers for secure distribution, transmission, and storage; dictates obligations or mandated actions; specifies any action prohibited by refrain policy such as dissemination controls; and stipulates the permissible purpose of use of an IT resource. It is used where MSH-27 or MSH-28, which may be the compliation of all Security Handling Instructions across all labels, are used, but differ from the appliable ones for the data identified in this ARV segment.

Refer to Externally-defined Table 0953 - Security Label Handling Instructions in Chapter 2C, Code Tables, for suggested values. - Use of this table is recommended.

18.8.14.10 ARV-9 Access Restriction Message Location (ERL) 03514 (3.4.14.9)

Definition: This field is optional and repeating and identifies the location in a message related to the identified access restricted data. If multiple repetitions are present, the listed access restrictions apply to all listed places.

Note: Realm, business and policy rules will determine to what level the restrictions need to be supported. For example in a lab result exchange setting identifying elements more granular than the result at the segment level (i.e.OBX) is not expected, while in other settings more granular settings may apply.

18.8.14.11 ARV-10 Access Restriction Instance Identifier (EI) 02470 (3.4.14.10)

Definition: This field carries the unique identifier for this access restriction and is conditionally required when ARV-2 is NOT valued ‘S’ to support the use of action code for tracking changes when using dynamic mode. This instance identifier is persistent between messages. Implementation guides may restrict what mode to use, which will affect the effective optionality of this field.