net.ihe.gazelle.assets.SearchCriteria : 411 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ATNAATNA-1Testable 1 4 I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.72Section 9.48/26/19 5:25:26 PM by ceoche
ATNAATNA-11Testable 2 2 Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction69Table 9.1-17/11/19 7:28:57 PM by ceoche
ATNAATNA-14Testable 2 2 I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-17Testable 1 2 The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. 69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-18Testable 3 2 The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. 69Section 9.1.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-19Testable 1 2 I think this is redundant with assertion ATNA-12The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.2069Section 9.1.1.17/11/19 7:02:45 PM by ceoche
ATNAATNA-2Testable 1 3 probably not a testable assertionSecure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .69Section 9.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-9Testable 2 2 When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access.72Section 9.47/11/19 7:25:04 PM by ceoche
CH-ATNACH-ATNA-005validatedTestable 1 1 In audit records generated by IHE and EPR actors, the OID of the audit source MUST be specified in AuditSourceIdentification/@AuditEnterpriseSiteID attribute16Section 1.58/26/19 5:25:26 PM by ceoche
CH-ATNACH-ATNA-007validatedTestable 1 1 For audit records generated by IHE and EPR actors, In the "AuditMessage/ParticipantObjectIdentification" node, for the value of the "@ParticipantObjectSensitivity" field, the current confidentiality code of the object MUST be specified IF KNOWN when the object is a document in the EPR. This value MUST represent a value from the Swiss Metadata Value Set, the attribute @codeSystemName (2.16.756.5.30.1.127.3.10.6). The following sequences are required OID as the code system name, e.g 1051000195109^normal^2.16.840.1.113883.6.9616Section 1.57/11/19 7:15:52 PM by ceoche
CH-HPDCH-HPD-004reviewedTestable 3 1 For "Organization" the parameter "Org Type" (businessCategory) is required (see Table 16: HPD Organizational Provider Attributes) 64Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-007reviewedTestable 2 1 The ID consists of the OID for GS1 GLN plus the GLN 7 of the Provider Identifiers as a suffix number (Table 15: HPD Individual Provider Attributes) 61Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-009reviewedTestable 3 1 The parameter Provider Last Name MUST be Single-valued (see Table 15: HPD Individual Attributes)62Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-012to be reviewedTestable 3 1 For the Owing organization, the owner attribute is singled-valued and required (see Table 17: HPD Relationship Attributes)66Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-013reviewedTestable 3 1 At least, one value for hcIdentifier must start with "RefData:OID" (See Table 16: HPD Organizational Provider Attributes)64Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-014reviewedTestable 2 1 HCProfessional shall have a Format = IssuingAuthority:Code System:Code (where IssuingAuthority = BAG, CodeSystem = ID of the value set and Code = code of the respective concept) (see Table 15: HPD Individual Provider Attributes)61Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-015to be reviewedTestable 2 1 For "Organization" the parameter "Organization known names" is required (see Table 16: HPD Organization Provider Attributes)64Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-016to be reviewedTestable 2 1 For the uid, the parameter "Unique Entity Identifier" is required (see table 16: HPD Organizational Provider Attributed) 63Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-017to be reviewedTestable 2 1 For the hcIdentifier, the parameter "Org Identifiers" is required (see Table 16: HPD Organizational Provider Attributes)64Section 1.11.5.1.27/1/19 2:49:06 PM by wbars
CH-HPDCH-HPD-018to be reviewedTestable 2 1 For the HcRegisteredName, the parameter "Organization Name" is required (see Table 16: HPD Organizational Provider Attributes) 64Section 1.11.5.1.27/1/19 2:49:06 PM by wbars