Termini

CodeSystemsConceptSystemsStructureDefinitionsValueSetsPackagesConflicts
Conceptshttp://terminology.hl7.org/CodeSystem/v3-ActCode | CPLYCUI
{
  "package" : "hl7.terminology.r4@6.3.0",
  "definition" : "Custodian security system must retrieve, evaluate, and comply with applicable Controlled Unclassified Information (CUI) policies associated with the target information.\\r\\n\\r\\n*Usage Note:* In the US, CPLYCUI may be used as a security label code to inform recipients of information designated by a US Federal Agency as Controlled Unclassified Information (CUI) to comply with the applicable laws, regulations, executive orders, and other guidances, such as included in DURSAs, to persist, mark, and enforce required CUI controls\\r\\n\\r\\nBackground:\\r\\n\\r\\nIn accordance with US 32 CFR Part 2002 and US Executive Order 13556 Controlled Unclassified Information, US Federal Agencies and their contractors are charged with classifying and marking certain information they create as Controlled Unclassified Information (CUI).\\r\\n\\r\\nThe following definitions, which are provided for context, are based on terms defined by the CUI Glossary https://www.archives.gov/cui/registry/cui-glossary.html\\r\\n\\r\\n *  CUI is defined as \\\"information in any form that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.\\\"\\r\\n *  Designating CUI occurs when an authorized holder, consistent with 32 CFR Part 2002 and the CUI Registry, determines that a specific item of information falls into a CUI category or subcategory.\\r\\n *  The designating agency is the executive branch agency that designates or approves the designation of a specific item of information as CUI.\\r\\n *  The authorized holder who designates the CUI must make recipients aware of the information's CUI status when disseminating that information.\\r\\n *  • Disseminating occurs when authorized holders provide access, transmit, or transfer CUI to other authorized holders through any means, whether internal or external to the agency.\\r\\n\\r\\nOnce designated as CUI, US Federal Agencies and their contractors must assign CUI marks as prescribed by the National Archives and Records Administration (NARA) CUI Registry, and display marks as prescribed by the CUI Marking Handbook.\\r\\n\\r\\nCUI markings must be displayed on hard copy, on containers, electronic media, and to end users for IT systems.\\r\\n\\r\\nWhen HL7 content is designated as CUI, these computable markings can be interoperably conveyed using HL7 security label CUI tags, and may be included in HL7 text and narrative elements as human readable markings.\\r\\n\\r\\n**Impact of CUI markings:**\\r\\n\\r\\nCUI Custodians must enforce CUI security controls per applicable CUI policies. Federal agencies and their contractors must adhere to FISMA and NIST SP 800-53 security controls. Custodians, who are not Federal agencies or agency contractors, and are receivers of CUI, must adhere to NIST SP 800-171 security controls and those dictated by the Authorities indicated by the assigned CUI markings.\\r\\n\\r\\nFor most participants in US healthcare information exchange, including Federal Agencies and their contractors, additional controls are required by HIPAA Security standards for health information US 42 USC 1320d-2(d)(2) https://www.govinfo.gov/content/pkg/USCODE-2016-title42/pdf/USCODE-2016-title42-chap7-subchapXI-partC-sec1320d-2.pdf\\r\\n\\r\\nFederal Agencies and their contractors may be the CUI classifier of original CUI content; or a CUI derivative classifier, which reclassifies CUI content that has been aggregated with other CUI or Unclassified Uncontrolled Information (U) or dissembled from a larger CUI content; or declassifiers, depending on the designating agency's policies.\\r\\n\\r\\nApplicable CUI policies include the following and any future applicable updates to policies or laws related to CUI:\\r\\n\\r\\n *  Executive Order 13556 https://www.federalregister.gov/articles/2010/11/09/2010-28360/controlled-unclassified-information\\r\\n *  US 32 CFR Part 2002 https://www.govinfo.gov/content/pkg/CFR-2017-title32-vol6/pdf/CFR-2017-title32-vol6-part2002.pdf\\r\\n *  NIST SP 800-171 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf\\r\\n *  NIST SP 800-171A https://doi.org/10.6028/NIST.SP.800-171A\\r\\n *  CUI Marking Handbook https://www.archives.gov/files/cui/20161206-cui-marking-handbook-v1-1.pdf\\r\\n *  CUI Registry - Health Information Category https://www.archives.gov/cui/registry/category-detail/health-info\\r\\n *  CUI Registry: Limited Dissemination Controls https://www.archives.gov/cui/registry/limited-dissemination\\r\\n *  CUI Policy and Guidance https://www.archives.gov/cui/registry/policy-guidance",
  "system" : "http://terminology.hl7.org/CodeSystem/v3-ActCode",
  "property" : [ {
    "_uri" : "http://hl7.org/fhir/concept-properties#status",
    "code" : "status",
    "valueCode" : "active"
  }, {
    "_uri" : "http://terminology.hl7.org/CodeSystem/utg-concept-properties#v3-internal-id",
    "code" : "internalId",
    "valueCode" : "24131"
  }, {
    "_uri" : "http://hl7.org/fhir/concept-properties#parent",
    "code" : "subsumedBy",
    "valueCode" : "CPLYPOL"
  } ],
  "codesystem" : "cbab4a87-49ca-5502-88d6-f33b5f07237f",
  "concept_id" : "f08eb81d-bb8b-57d1-82bf-fec917447734",
  "ancestors" : {
    "CPLYCUI" : 0,
    "CPLYPOL" : 1,
    "SecurityPolicy" : 3,
    "_ActPolicyType" : 4,
    "ObligationPolicy" : 2
  },
  "id" : "d1f88847-d0ad-456e-ab28-fd902d837277",
  "code" : "CPLYCUI",
  "display" : "comply with controlled unclassified information policy",
  "version" : "9.0.0"
}