|
Level
|
Code
|
Display
|
Definition
|
|
1
|
(_ActCoverageAssessmentObservationValue)
Abstract
|
|
Codes
specify
the
category
of
observation,
evidence,
or
document
used
to
assess
for
services,
e.g.,
discharge
planning,
or
to
establish
eligibility
for
coverage
under
a
policy
or
program.
The
type
of
evidence
is
coded
as
observation
values.
|
|
2
|
(_ActFinancialStatusObservationValue)
Abstract
|
|
Code
specifying
financial
indicators
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program;
e.g.,
pay
stub;
tax
or
income
document;
asset
document;
living
expenses.
|
|
3
|
ASSET
|
asset
|
Codes
specifying
asset
indicators
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program.
|
|
4
|
ANNUITY
|
annuity
|
Indicator
of
annuity
ownership
or
status
as
beneficiary.
|
|
4
|
PROP
|
real
property
|
Indicator
of
real
property
ownership,
e.g.,
deed
or
real
estate
contract.
|
|
4
|
RETACCT
|
retirement
investment
account
|
Indicator
of
retirement
investment
account
ownership.
|
|
4
|
TRUST
|
trust
|
Indicator
of
status
as
trust
beneficiary.
|
|
3
|
INCOME
|
income
|
Code
specifying
income
indicators
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program;
e.g.,
pay
or
pension
check,
child
support
payments
received
or
provided,
and
taxes
paid.
|
|
4
|
CHILD
|
child
support
|
Indicator
of
child
support
payments
received
or
provided.
|
|
4
|
DISABL
|
disability
pay
|
Indicator
of
disability
income
replacement
payment.
|
|
4
|
INVEST
|
investment
income
|
Indicator
of
investment
income,
e.g.,
dividend
check,
annuity
payment;
real
estate
rent,
investment
divestiture
proceeds;
trust
or
endowment
check.
|
|
4
|
PAY
|
paid
employment
|
Indicator
of
paid
employment,
e.g.,
letter
of
hire,
contract,
employer
letter;
copy
of
pay
check
or
pay
stub.
|
|
4
|
RETIRE
|
retirement
pay
|
Indicator
of
retirement
payment,
e.g.,
pension
check.
|
|
4
|
SPOUSAL
|
spousal
or
partner
support
|
Indicator
of
spousal
or
partner
support
payments
received
or
provided;
e.g.,
alimony
payment;
support
stipulations
in
a
divorce
settlement.
|
|
4
|
SUPPLE
|
income
supplement
|
Indicator
of
income
supplement,
e.g.,
gifting,
parental
income
support;
stipend,
or
grant.
|
|
4
|
TAX
|
tax
obligation
|
Indicator
of
tax
obligation
or
payment,
e.g.,
statement
of
taxable
income.
|
|
3
|
LIVEXP
|
living
expense
|
Codes
specifying
living
expense
indicators
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program.
|
|
4
|
CLOTH
|
clothing
expense
|
Indicator
of
clothing
expenses.
|
|
4
|
FOOD
|
food
expense
|
Indicator
of
transportation
expenses.
|
|
4
|
HEALTH
|
health
expense
|
Indicator
of
health
expenses;
including
medication
costs,
health
service
costs,
financial
participations,
and
health
coverage
premiums.
|
|
4
|
HOUSE
|
household
expense
|
Indicator
of
housing
expense,
e.g.,
household
appliances,
fixtures,
furnishings,
and
maintenance
and
repairs.
|
|
4
|
LEGAL
|
legal
expense
|
Indicator
of
legal
expenses.
|
|
4
|
MORTG
|
mortgage
|
Indicator
of
mortgage
amount,
interest,
and
payments.
|
|
4
|
RENT
|
rent
|
Indicator
of
rental
or
lease
payments.
|
|
4
|
SUNDRY
|
sundry
expense
|
Indicator
of
transportation
expenses.
|
|
4
|
TRANS
|
transportation
expense
|
Indicator
of
transportation
expenses,
e.g.,
vehicle
payments,
vehicle
insurance,
vehicle
fuel,
and
vehicle
maintenance
and
repairs.
|
|
4
|
UTIL
|
utility
expense
|
Indicator
of
transportation
expenses.
|
|
2
|
ELSTAT
|
eligibility
indicator
|
Code
specifying
eligibility
indicators
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program
eligibility
status,
e.g.,
certificates
of
creditable
coverage;
student
enrollment;
adoption,
marriage
or
birth
certificate.
|
|
3
|
ADOPT
|
adoption
document
|
Indicator
of
adoption.
|
|
3
|
BTHCERT
|
birth
certificate
|
Indicator
of
birth.
|
|
3
|
CCOC
|
creditable
coverage
document
|
Indicator
of
creditable
coverage.
|
|
3
|
DRLIC
|
driver
license
|
Indicator
of
driving
status.
|
|
3
|
FOSTER
|
foster
child
document
|
Indicator
of
foster
child
status.
|
|
3
|
MEMBER
|
program
or
policy
member
|
Indicator
of
status
as
covered
member
under
a
policy
or
program,
e.g.,
member
id
card
or
coverage
document.
|
|
3
|
MIL
|
military
identification
|
Indicator
of
military
status.
|
|
3
|
MRGCERT
|
marriage
certificate
|
Indicator
of
marriage
status.
|
|
3
|
PASSPORT
|
passport
|
Indicator
of
citizenship.
|
|
3
|
STUDENRL
|
student
enrollment
|
Indicator
of
student
status.
|
|
2
|
HLSTAT
|
health
status
|
Code
specifying
non-clinical
indicators
related
to
health
status
used
to
assess
or
establish
eligibility
for
coverage
under
a
policy
or
program,
e.g.,
pregnancy,
disability,
drug
use,
mental
health
issues.
|
|
3
|
DISABLE
|
disabled
|
Indication
of
disability.
|
|
3
|
DRUG
|
drug
use
|
Indication
of
drug
use.
|
|
3
|
IVDRG
|
IV
drug
use
|
Indication
of
IV
drug
use
.
|
|
3
|
PGNT
|
pregnant
|
Non-clinical
report
of
pregnancy.
|
|
2
|
LIVDEP
|
living
dependency
|
Code
specifying
observations
related
to
living
dependency,
such
as
dependent
upon
spouse
for
activities
of
daily
living.
|
|
3
|
RELDEP
|
relative
dependent
|
Continued
living
in
private
residence
requires
functional
and
health
care
assistance
from
one
or
more
relatives.
|
|
3
|
SPSDEP
|
spouse
dependent
|
Continued
living
in
private
residence
requires
functional
and
health
care
assistance
from
spouse
or
life
partner.
|
|
3
|
URELDEP
|
unrelated
person
dependent
|
Continued
living
in
private
residence
requires
functional
and
health
care
assistance
from
one
or
more
unrelated
persons.
|
|
2
|
LIVSIT
|
living
situation
|
Code
specifying
observations
related
to
living
situation
for
a
person
in
a
private
residence.
|
|
3
|
ALONE
|
alone
|
Living
alone.
Maps
to
PD1-2
Living
arrangement
(IS)
00742
[A]
|
|
3
|
DEPCHD
|
dependent
children
|
Living
with
one
or
more
dependent
children
requiring
moderate
supervision.
|
|
3
|
DEPSPS
|
dependent
spouse
|
Living
with
disabled
spouse
requiring
functional
and
health
care
assistance
|
|
3
|
DEPYGCHD
|
dependent
young
children
|
Living
with
one
or
more
dependent
children
requiring
intensive
supervision
|
|
3
|
FAM
|
live
with
family
|
Living
with
family.
Maps
to
PD1-2
Living
arrangement
(IS)
00742
[F]
|
|
3
|
RELAT
|
relative
|
Living
with
one
or
more
relatives.
Maps
to
PD1-2
Living
arrangement
(IS)
00742
[R]
|
|
3
|
SPS
|
spouse
only
|
Living
only
with
spouse
or
life
partner.
Maps
to
PD1-2
Living
arrangement
(IS)
00742
[S]
|
|
3
|
UNREL
|
unrelated
person
|
Living
with
one
or
more
unrelated
persons.
|
|
2
|
SOECSTAT
|
socio
economic
status
|
Code
specifying
observations
or
indicators
related
to
socio-economic
status
used
to
assess
to
assess
for
services,
e.g.,
discharge
planning,
or
to
establish
eligibility
for
coverage
under
a
policy
or
program.
|
|
3
|
ABUSE
|
abuse
victim
|
Indication
of
abuse
victim.
|
|
3
|
HMLESS
|
homeless
|
Indication
of
status
as
homeless.
|
|
3
|
ILGIM
|
illegal
immigrant
|
Indication
of
status
as
illegal
immigrant.
|
|
3
|
INCAR
|
incarcerated
|
Indication
of
status
as
incarcerated.
|
|
3
|
PROB
|
probation
|
Indication
of
probation
status.
|
|
3
|
REFUG
|
refugee
|
Indication
of
refugee
status.
|
|
3
|
UNEMPL
|
unemployed
|
Indication
of
unemployed
status.
|
|
1
|
(_AllergyTestValue)
Abstract
|
|
Indicates
the
result
of
a
particular
allergy
test.
E.g.
Negative,
Mild,
Moderate,
Severe
|
|
2
|
A0
|
no
reaction
|
Description:Patient
exhibits
no
reaction
to
the
challenge
agent.
|
|
2
|
A1
|
minimal
reaction
|
Description:Patient
exhibits
a
minimal
reaction
to
the
challenge
agent.
|
|
2
|
A2
|
mild
reaction
|
Description:Patient
exhibits
a
mild
reaction
to
the
challenge
agent.
|
|
2
|
A3
|
moderate
reaction
|
Description:Patient
exhibits
moderate
reaction
to
the
challenge
agent.
|
|
2
|
A4
|
severe
reaction
|
Description:Patient
exhibits
a
severe
reaction
to
the
challenge
agent.
|
|
1
|
(_CompositeMeasureScoring)
Abstract
|
|
Observation
values
that
communicate
the
method
used
in
a
quality
measure
to
combine
the
component
measure
results
included
in
an
composite
measure.
|
|
2
|
ALLORNONESCR
|
All-or-nothing
Scoring
|
Code
specifying
that
the
measure
uses
all-or-nothing
scoring.
All-or-nothing
scoring
places
an
individual
in
the
numerator
of
the
composite
measure
if
and
only
if
they
are
in
the
numerator
of
all
component
measures
in
which
they
are
in
the
denominator.
|
|
2
|
LINEARSCR
|
Linear
Scoring
|
Code
specifying
that
the
measure
uses
linear
scoring.
Linear
scoring
computes
the
fraction
of
component
measures
in
which
the
individual
appears
in
the
numerator,
giving
equal
weight
to
each
component
measure.
|
|
2
|
OPPORSCR
|
Opportunity
Scoring
|
Code
specifying
that
the
measure
uses
opportunity-based
scoring.
In
opportunity-based
scoring
the
measure
score
is
determined
by
combining
the
denominator
and
numerator
of
each
component
measure
to
determine
an
overall
composite
score.
|
|
2
|
WEIGHTSCR
|
Weighted
Scoring
|
Code
specifying
that
the
measure
uses
weighted
scoring.
Weighted
scoring
assigns
a
factor
to
each
component
measure
to
weight
that
measure's
contribution
to
the
overall
score.
|
|
1
|
(_CoverageLimitObservationValue)
Abstract
|
|
Description:Coded
observation
values
for
coverage
limitations,
for
e.g.,
types
of
claims
or
types
of
parties
covered
under
a
policy
or
program.
|
|
2
|
(_CoverageLevelObservationValue)
Abstract
|
|
Description:Coded
observation
values
for
types
of
covered
parties
under
a
policy
or
program
based
on
their
personal
relationships
or
employment
status.
|
|
3
|
ADC
|
adult
child
|
Description:Child
over
an
age
as
specified
by
coverage
policy
or
program,
e.g.,
student,
differently
abled,
and
income
dependent.
|
|
3
|
CHD
|
child
|
Description:Dependent
biological,
adopted,
foster
child
as
specified
by
coverage
policy
or
program.
|
|
3
|
DEP
|
dependent
|
Description:Person
requiring
functional
and/or
financial
assistance
from
another
person
as
specified
by
coverage
policy
or
program.
|
|
3
|
DP
|
domestic
partner
|
Description:Persons
registered
as
a
family
unit
in
a
domestic
partner
registry
as
specified
by
law
and
by
coverage
policy
or
program.
|
|
3
|
ECH
|
employee
|
Description:An
individual
employed
by
an
employer
who
receive
remuneration
in
wages,
salary,
commission,
tips,
piece-rates,
or
pay-in-kind
through
the
employeraTMs
payment
system
(i.e.,
not
a
contractor)
as
specified
by
coverage
policy
or
program.
|
|
3
|
FLY
|
family
coverage
|
Description:As
specified
by
coverage
policy
or
program.
|
|
3
|
IND
|
individual
|
Description:Person
as
specified
by
coverage
policy
or
program.
|
|
3
|
SSP
|
same
sex
partner
|
Description:A
pair
of
people
of
the
same
gender
who
live
together
as
a
family
as
specified
by
coverage
policy
or
program,
e.g.,
Naomi
and
Ruth
from
the
Book
of
Ruth;
Socrates
and
Alcibiades
|
|
1
|
(_CriticalityObservationValue)
Abstract
|
|
A
clinical
judgment
as
to
the
worst
case
result
of
a
future
exposure
(including
substance
administration).
When
the
worst
case
result
is
assessed
to
have
a
life-threatening
or
organ
system
threatening
potential,
it
is
considered
to
be
of
high
criticality.
|
|
2
|
CRITH
|
high
criticality
|
Worst
case
result
of
a
future
exposure
is
assessed
to
be
life-threatening
or
having
high
potential
for
organ
system
failure.
|
|
2
|
CRITL
|
low
criticality
|
Worst
case
result
of
a
future
exposure
is
not
assessed
to
be
life-threatening
or
having
high
potential
for
organ
system
failure.
|
|
2
|
CRITU
|
unable
to
assess
criticality
|
Unable
to
assess
the
worst
case
result
of
a
future
exposure.
|
|
1
|
(_EmploymentStatus)
Abstract
|
|
Concepts
representing
whether
a
person
does
or
does
not
currently
have
a
job
or
is
not
currently
in
the
labor
pool
seeking
employment.
|
|
2
|
Employed
|
Employed
|
Individuals
who,
during
the
last
week:
a)
did
any
work
for
at
least
1
hour
as
paid
or
unpaid
employees
of
a
business
or
government
organization;
worked
in
their
own
businesses,
professions,
or
on
their
own
farms;
or
b)
were
not
working,
but
who
have
a
job
or
business
from
which
the
individual
was
temporarily
absent
because
of
vacation,
illness,
bad
weather,
childcare
problems,
maternity
or
paternity
leave,
labor-management
dispute,
job
training,
or
other
family
or
personal
reasons,
regardless
of
whether
or
not
they
were
paid
for
the
time
off
or
were
seeking
other
jobs.
|
|
2
|
NotInLaborForce
|
Not
In
Labor
Force
|
Persons
not
classified
as
employed
or
unemployed,
meaning
those
who
have
no
job
and
are
not
looking
for
one.
|
|
2
|
Unemployed
|
Unemployed
|
Persons
who
currently
have
no
employment,
but
are
available
for
work
and
have
made
specific
efforts
to
find
employment.
|
|
1
|
(_GeneticObservationValue)
Abstract
|
|
Description:
The
domain
contains
genetic
analysis
specific
observation
values,
e.g.
Homozygote,
Heterozygote,
etc.
|
|
2
|
Homozygote
|
HOMO
|
Description:
An
individual
having
different
alleles
at
one
or
more
loci
regarding
a
specific
character
|
|
1
|
(_ObservationMeasureScoring)
Abstract
|
|
Observation
values
used
to
indicate
the
type
of
scoring
(e.g.
proportion,
ratio)
used
by
a
health
quality
measure.
|
|
2
|
COHORT
|
cohort
measure
scoring
|
A
measure
in
which
either
short-term
cross-section
or
long-term
longitudinal
analysis
is
performed
over
a
group
of
subjects
defined
by
a
set
of
common
properties
or
defining
characteristics
(e.g.,
Male
smokers
between
the
ages
of
40
and
50
years,
exposure
to
treatment,
exposure
duration).
|
|
2
|
CONTVAR
|
continuous
variable
measure
scoring
|
A
measure
score
in
which
each
individual
value
for
the
measure
can
fall
anywhere
along
a
continuous
scale
(e.g.,
mean
time
to
thrombolytics
which
aggregates
the
time
in
minutes
from
a
case
presenting
with
chest
pain
to
the
time
of
administration
of
thrombolytics).
|
|
2
|
PROPOR
|
proportion
measure
scoring
|
A
score
derived
by
dividing
the
number
of
cases
that
meet
a
criterion
for
quality
(the
numerator)
by
the
number
of
eligible
cases
within
a
given
time
frame
(the
denominator)
where
the
numerator
cases
are
a
subset
of
the
denominator
cases
(e.g.,
percentage
of
eligible
women
with
a
mammogram
performed
in
the
last
year).
|
|
2
|
RATIO
|
ratio
measure
scoring
|
A
score
that
may
have
a
value
of
zero
or
greater
that
is
derived
by
dividing
a
count
of
one
type
of
data
by
a
count
of
another
type
of
data
(e.g.,
the
number
of
patients
with
central
lines
who
develop
infection
divided
by
the
number
of
central
line
days).
|
|
1
|
(_ObservationMeasureType)
Abstract
|
|
Observation
values
used
to
indicate
what
kind
of
health
quality
measure
is
used.
|
|
2
|
COMPOSITE
|
composite
measure
type
|
A
measure
that
is
composed
from
one
or
more
other
measures
and
indicates
an
overall
summary
of
those
measures.
|
|
2
|
EFFICIENCY
|
efficiency
measure
type
|
A
measure
related
to
the
efficiency
of
medical
treatment.
|
|
2
|
EXPERIENCE
|
experience
measure
type
|
A
measure
related
to
the
level
of
patient
engagement
or
patient
experience
of
care.
|
|
2
|
OUTCOME
|
outcome
measure
type
|
A
measure
that
indicates
the
result
of
the
performance
(or
non-performance)
of
a
function
or
process.
|
|
3
|
INTERM-OM
|
intermediate
clinical
outcome
measure
|
A
measure
that
evaluates
the
change
over
time
of
a
physiologic
state
observable
that
is
associated
with
a
specific
long-term
health
outcome.
|
|
3
|
PRO-PM
|
intermediate
clinical
outcome
measure
|
A
measure
that
is
a
comparison
of
patient
reported
outcomes
for
a
single
or
multiple
patients
collected
via
an
instrument
specifically
designed
to
obtain
input
directly
from
patients.
|
|
2
|
PROCESS
|
process
measure
type
|
A
measure
which
focuses
on
a
process
which
leads
to
a
certain
outcome,
meaning
that
a
scientific
basis
exists
for
believing
that
the
process,
when
executed
well,
will
increase
the
probability
of
achieving
a
desired
outcome.
|
|
3
|
APPROPRIATE
|
appropriate
use
process
measure
|
A
measure
that
assesses
the
use
of
one
or
more
processes
where
the
expected
health
benefit
exceeds
the
expected
negative
consequences.
|
|
2
|
RESOURCE
|
resource
use
measure
type
|
A
measure
related
to
the
extent
of
use
of
clinical
resources
or
cost
of
care.
|
|
2
|
STRUCTURE
|
structure
measure
type
|
A
measure
related
to
the
structure
of
patient
care.
|
|
1
|
_ObservationPopulationInclusion
Deprecated
|
ObservationPopulationInclusion
|
Observation
values
used
to
assert
various
populations
that
a
subject
falls
into.
|
|
2
|
DENEX
Deprecated
|
denominator
exclusions
|
Patients
who
should
be
removed
from
the
eMeasure
population
and
denominator
before
determining
if
numerator
criteria
are
met.
Denominator
exclusions
are
used
in
proportion
and
ratio
measures
to
help
narrow
the
denominator.
|
|
2
|
DENEXCEP
Deprecated
|
denominator
exceptions
|
Denominator
exceptions
are
those
conditions
that
should
remove
a
patient,
procedure
or
unit
of
measurement
from
the
denominator
only
if
the
numerator
criteria
are
not
met.
Denominator
exceptions
allow
for
adjustment
of
the
calculated
score
for
those
providers
with
higher
risk
populations.
Denominator
exceptions
are
used
only
in
proportion
eMeasures.
They
are
not
appropriate
for
ratio
or
continuous
variable
eMeasures.
Denominator
exceptions
allow
for
the
exercise
of
clinical
judgment
and
should
be
specifically
defined
where
capturing
the
information
in
a
structured
manner
fits
the
clinical
workflow.
Generic
denominator
exception
reasons
used
in
proportion
eMeasures
fall
into
three
general
categories:
Medical
reasons
Patient
reasons
System
reasons
|
|
2
|
DENOM
Deprecated
|
denominator
|
It
can
be
the
same
as
the
initial
patient
population
or
a
subset
of
the
initial
patient
population
to
further
constrain
the
population
for
the
purpose
of
the
eMeasure.
Different
measures
within
an
eMeasure
set
may
have
different
Denominators.
Continuous
Variable
eMeasures
do
not
have
a
Denominator,
but
instead
define
a
Measure
Population.
|
|
2
|
IP
Deprecated
|
initial
population
|
The
initial
population
refers
to
all
entities
to
be
evaluated
by
a
specific
quality
measure
who
share
a
common
set
of
specified
characteristics
within
a
specific
measurement
set
to
which
a
given
measure
belongs.
|
|
3
|
IPP
Deprecated
|
initial
patient
population
|
The
initial
patient
population
refers
to
all
patients
to
be
evaluated
by
a
specific
quality
measure
who
share
a
common
set
of
specified
characteristics
within
a
specific
measurement
set
to
which
a
given
measure
belongs.
Details
often
include
information
based
upon
specific
age
groups,
diagnoses,
diagnostic
and
procedure
codes,
and
enrollment
periods.
|
|
2
|
MSRPOPL
Deprecated
|
measure
population
|
Measure
population
is
used
only
in
continuous
variable
eMeasures.
It
is
a
narrative
description
of
the
eMeasure
population.
(e.g.,
all
patients
seen
in
the
Emergency
Department
during
the
measurement
period).
|
|
2
|
NUMER
Deprecated
|
numerator
|
Numerators
are
used
in
proportion
and
ratio
eMeasures.
In
proportion
measures
the
numerator
criteria
are
the
processes
or
outcomes
expected
for
each
patient,
procedure,
or
other
unit
of
measurement
defined
in
the
denominator.
In
ratio
measures
the
numerator
is
related,
but
not
directly
derived
from
the
denominator
(e.g.,
a
numerator
listing
the
number
of
central
line
blood
stream
infections
and
a
denominator
indicating
the
days
per
thousand
of
central
line
usage
in
a
specific
time
period).
|
|
2
|
NUMEX
Deprecated
|
numerator
exclusions
|
Numerator
Exclusions
are
used
only
in
ratio
eMeasures
to
define
instances
that
should
not
be
included
in
the
numerator
data.
(e.g.,
if
the
number
of
central
line
blood
stream
infections
per
1000
catheter
days
were
to
exclude
infections
with
a
specific
bacterium,
that
bacterium
would
be
listed
as
a
numerator
exclusion.)
|
|
1
|
(_PartialCompletionScale)
Abstract
|
|
|
|
2
|
G
|
Great
extent
|
Value
for
Act.partialCompletionCode
attribute
that
implies
81-99%
completion
|
|
2
|
LE
|
Large
extent
|
Value
for
Act.partialCompletionCode
attribute
that
implies
61-80%
completion
|
|
2
|
ME
|
Medium
extent
|
Value
for
Act.partialCompletionCode
attribute
that
implies
41-60%
completion
|
|
2
|
MI
|
Minimal
extent
|
Value
for
Act.partialCompletionCode
attribute
that
implies
1-20%
completion
|
|
2
|
N
|
None
|
Value
for
Act.partialCompletionCode
attribute
that
implies
0%
completion
|
|
2
|
S
|
Some
extent
|
Value
for
Act.partialCompletionCode
attribute
that
implies
21-40%
completion
|
|
1
|
(_SecurityObservationValue)
Abstract
|
|
Observation
values
used
to
indicate
security
observation
metadata.
|
|
2
|
(_SECINTOBV)
Abstract
|
|
Abstract
security
observation
values
used
to
indicate
security
integrity
metadata.
Examples:
Codes
conveying
integrity
status,
integrity
confidence,
and
provenance.
|
|
3
|
(_SECALTINTOBV)
Abstract
|
|
Abstract
security
metadata
observation
values
used
to
indicate
mechanism
used
for
authorized
alteration
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
|
|
4
|
ABSTRED
|
abstracted
|
Security
metadata
observation
values
used
to
indicate
the
use
of
a
more
abstract
version
of
the
content,
e.g.,
replacing
exact
value
of
an
age
or
date
field
with
a
range,
or
remove
the
left
digits
of
a
credit
card
number
or
SSN.
|
|
4
|
AGGRED
|
aggregated
|
Security
metadata
observation
values
used
to
indicate
the
use
of
an
algorithmic
combination
of
actual
values
with
the
result
of
an
aggregate
function,
e.g.,
average,
sum,
or
count
in
order
to
limit
disclosure
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
to
the
minimum
necessary.
|
|
4
|
ANONYED
|
anonymized
|
Security
metadata
observation
value
conveying
the
alteration
integrity
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
by
used
to
indicate
the
mechanism
by
which
software
systems
can
strip
portions
of
the
resource
that
could
allow
the
identification
of
the
source
of
the
information
or
the
information
subject.
No
key
to
relink
the
data
is
retained.
|
|
4
|
MAPPED
|
mapped
|
Security
metadata
observation
value
used
to
indicate
that
the
IT
resource
semantic
content
has
been
transformed
from
one
encoding
to
another.
Usage
Note:
"MAP"
"MAP"
code
does
not
indicate
the
semantic
fidelity
of
the
transformed
content.
To
indicate
semantic
fidelity
for
maps
of
HL7
to
other
code
systems,
this
security
alteration
integrity
observation
may
be
further
specified
using
an
Act
valued
with
Value
Set:
MapRelationship
(2.16.840.1.113883.1.11.11052).
Semantic
fidelity
of
the
mapped
IT
Resource
may
also
be
indicated
using
a
SecurityIntegrityConfidenceObservation.
|
|
4
|
MASKED
|
masked
|
Security
metadata
observation
value
conveying
the
alteration
integrity
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
by
indicating
the
mechanism
by
which
software
systems
can
make
data
unintelligible
(that
is,
as
unreadable
and
unusable
by
algorithmically
transforming
plaintext
into
ciphertext)
such
that
it
can
only
be
accessed
or
used
by
authorized
users.
An
authorized
user
may
be
provided
a
key
to
decrypt
per
license
or
"shared
secret".
"shared
secret".
Usage
Note:
"MASKED"
"MASKED"
may
be
used,
per
applicable
policy,
as
a
flag
to
indicate
to
a
user
or
receiver
that
some
portion
of
an
IT
resource
has
been
further
encrypted,
and
may
be
accessed
only
by
an
authorized
user
or
receiver
to
which
a
decryption
key
is
provided.
|
|
4
|
PSEUDED
|
pseudonymized
|
Security
metadata
observation
value
conveying
the
alteration
integrity
of
an
IT
resource
(data,
information
object,
service,
or
system
capability),
by
indicating
the
mechanism
by
which
software
systems
can
strip
portions
of
the
resource
that
could
allow
the
identification
of
the
source
of
the
information
or
the
information
subject.
Custodian
may
retain
a
key
to
relink
data
necessary
to
reidentify
the
information
subject.
Rationale:
Personal
data
which
has
been
processed
to
make
it
impossible
to
know
whose
data
it
is.
Used
particularly
for
secondary
use
of
health
data.
In
some
cases,
it
may
be
possible
for
authorized
individuals
to
restore
the
identity
of
the
individual,
e.g.,for
public
health
case
management.
Based
on
ISO/TS
25237:2008
Health
informatics—Pseudonymization
|
|
4
|
REDACTED
|
redacted
|
Security
metadata
observation
value
used
to
indicate
the
mechanism
by
which
software
systems
can
filter
an
IT
resource
(data,
information
object,
service,
or
system
capability)
to
remove
any
portion
of
the
resource
that
is
not
authorized
to
be
access,
used,
or
disclosed.
Usage
Note:
"REDACTED"
"REDACTED"
may
be
used,
per
applicable
policy,
as
a
flag
to
indicate
to
a
user
or
receiver
that
some
portion
of
an
IT
resource
has
filtered
and
not
included
in
the
content
accessed
or
received.
|
|
4
|
SUBSETTED
|
subsetted
|
Metadata
observation
used
to
indicate
that
some
information
has
been
removed
from
the
source
object
when
the
view
this
object
contains
was
constructed
because
of
configuration
options
when
the
view
was
created.
The
content
may
not
be
suitable
for
use
as
the
basis
of
a
record
update
Usage
Note:
This
is
not
suitable
to
be
used
when
information
is
removed
for
security
reasons
-
see
the
code
REDACTED
for
this
use.
|
|
4
|
SYNTAC
|
syntactic
transform
|
Security
metadata
observation
value
used
to
indicate
that
the
IT
resource
syntax
has
been
transformed
from
one
syntactical
representation
to
another.
Usage
Note:
"SYNTAC"
"SYNTAC"
code
does
not
indicate
the
syntactical
correctness
of
the
syntactically
transformed
IT
resource.
|
|
4
|
TRSLT
|
translated
|
Security
metadata
observation
value
used
to
indicate
that
the
IT
resource
has
been
translated
from
one
human
language
to
another.
Usage
Note:
"TRSLT"
"TRSLT"
does
not
indicate
the
fidelity
of
the
translation
or
the
languages
translated.
The
fidelity
of
the
IT
Resource
translation
may
be
indicated
using
a
SecurityIntegrityConfidenceObservation.
To
indicate
languages,
use
the
Value
Set:HumanLanguage
(2.16.840.1.113883.1.11.11526)
|
|
4
|
VERSIONED
|
versioned
|
Security
metadata
observation
value
conveying
the
alteration
integrity
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
which
indicates
that
the
resource
only
retains
versions
of
an
IT
resource
for
access
and
use
per
applicable
policy
Usage
Note:
When
this
code
is
used,
expectation
is
that
the
system
has
removed
historical
versions
of
the
data
that
falls
outside
the
time
period
deemed
to
be
the
effective
time
of
the
applicable
version.
|
|
3
|
(_SECDATINTOBV)
Abstract
|
|
Abstract
security
observation
values
used
to
indicate
data
integrity
metadata.
Examples:
Codes
conveying
the
mechanism
used
to
preserve
the
accuracy
and
consistency
of
an
IT
resource
such
as
a
digital
signature
and
a
cryptographic
hash
function.
|
|
4
|
CRYTOHASH
|
cryptographic
hash
function
|
Security
metadata
observation
value
used
to
indicate
the
mechanism
by
which
software
systems
can
establish
that
data
was
not
modified
in
transit.
Rationale:
This
definition
is
intended
to
align
with
the
ISO
22600-2
3.3.19
definition
of
cryptographic
checkvalue:
Information
which
is
derived
by
performing
a
cryptographic
transformation
(see
cryptography)
on
the
data
unit.
The
derivation
of
the
checkvalue
may
be
performed
in
one
or
more
steps
and
is
a
result
of
a
mathematical
function
of
the
key
and
a
data
unit.
It
is
usually
used
to
check
the
integrity
of
a
data
unit.
Examples:
SHA-1
SHA-2
(Secure
Hash
Algorithm)
|
|
4
|
DIGSIG
|
digital
signature
|
Security
metadata
observation
value
used
to
indicate
the
mechanism
by
which
software
systems
use
digital
signature
to
establish
that
data
has
not
been
modified.
Rationale:
This
definition
is
intended
to
align
with
the
ISO
22600-2
3.3.26
definition
of
digital
signature:
Data
appended
to,
or
a
cryptographic
transformation
(see
cryptography)
of,
a
data
unit
that
allows
a
recipient
of
the
data
unit
to
prove
the
source
and
integrity
of
the
data
unit
and
protect
against
forgery
e.g.,
by
the
recipient.
|
|
3
|
(_SECINTCONOBV)
Abstract
|
|
Abstract
security
observation
value
used
to
indicate
integrity
confidence
metadata.
Examples:
Codes
conveying
the
level
of
reliability
and
trustworthiness
of
an
IT
resource.
|
|
4
|
HRELIABLE
|
highly
reliable
|
Security
metadata
observation
value
used
to
indicate
that
the
veracity
or
trustworthiness
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
for
a
specified
purpose
of
use
is
perceived
to
be
or
deemed
by
policy
to
be
very
high.
|
|
4
|
RELIABLE
|
reliable
|
Security
metadata
observation
value
used
to
indicate
that
the
veracity
or
trustworthiness
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
for
a
specified
purpose
of
use
is
perceived
to
be
or
deemed
by
policy
to
be
adequate.
|
|
4
|
UNCERTREL
|
uncertain
reliability
|
Security
metadata
observation
value
used
to
indicate
that
the
veracity
or
trustworthiness
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
for
a
specified
purpose
of
use
is
perceived
to
be
or
deemed
by
policy
to
be
uncertain.
|
|
4
|
UNRELIABLE
|
unreliable
|
Security
metadata
observation
value
used
to
indicate
that
the
veracity
or
trustworthiness
of
an
IT
resource
(data,
information
object,
service,
or
system
capability)
for
a
specified
purpose
of
use
is
perceived
to
be
or
deemed
by
policy
to
be
inadequate.
|
|
3
|
(_SECINTPRVOBV)
Abstract
|
|
Abstract
security
metadata
observation
value
used
to
indicate
the
provenance
of
an
IT
resource
(data,
information
object,
service,
or
system
capability).
Examples:
Codes
conveying
the
provenance
metadata
about
the
entity
reporting
an
IT
resource.
|
|
4
|
(_SECINTPRVABOBV)
Abstract
|
|
Abstract
security
provenance
metadata
observation
value
used
to
indicate
the
entity
that
asserted
an
IT
resource
(data,
information
object,
service,
or
system
capability).
Examples:
Codes
conveying
the
provenance
metadata
about
the
entity
asserting
the
resource.
|
|
5
|
CLINAST
|
clinician
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
clinician.
|
|
5
|
DEVAST
|
device
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
device.
|
|
5
|
HCPAST
|
healthcare
professional
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
healthcare
professional.
|
|
5
|
PACQAST
|
patient
acquaintance
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
patient
acquaintance.
|
|
5
|
PATAST
|
patient
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
patient.
|
|
5
|
PAYAST
|
payer
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
payer.
|
|
5
|
PROAST
|
professional
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
professional.
|
|
5
|
SDMAST
|
substitute
decision
maker
asserted
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
asserted
by
a
substitute
decision
maker.
|
|
4
|
(_SECINTPRVRBOBV)
Abstract
|
|
Abstract
security
provenance
metadata
observation
value
used
to
indicate
the
entity
that
reported
the
resource
(data,
information
object,
service,
or
system
capability).
Examples:
Codes
conveying
the
provenance
metadata
about
the
entity
reporting
an
IT
resource.
|
|
5
|
CLINRPT
|
clinician
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
clinician.
|
|
5
|
DEVRPT
|
device
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
device.
|
|
5
|
HCPRPT
|
healthcare
professional
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
healthcare
professional.
|
|
5
|
PACQRPT
|
patient
acquaintance
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
patient
acquaintance.
|
|
5
|
PATRPT
|
patient
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
patient.
|
|
5
|
PAYRPT
|
payer
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
payer.
|
|
5
|
PRORPT
|
professional
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
professional.
|
|
5
|
SDMRPT
|
substitute
decision
maker
reported
|
Security
provenance
metadata
observation
value
used
to
indicate
that
an
IT
resource
(data,
information
object,
service,
or
system
capability)
was
reported
by
a
substitute
decision
maker.
|
|
2
|
(SECTRSTOBV)
Abstract
|
|
Observation
value
used
to
indicate
aspects
of
trust
applicable
to
an
IT
resource
(data,
information
object,
service,
or
system
capability).
|
|
3
|
TRSTACCRDOBV
|
trust
accreditation
observation
|
Values
for
security
trust
accreditation
metadata
observation
made
about
the
formal
declaration
by
an
authority
or
neutral
third
party
that
validates
the
technical,
security,
trust,
and
business
practice
conformance
of
Trust
Agents
to
facilitate
security,
interoperability,
and
trust
among
participants
within
a
security
domain
or
trust
framework.
|
|
3
|
TRSTAGREOBV
|
trust
agreement
observation
|
Values
for
security
trust
agreement
metadata
observation
made
about
privacy
and
security
requirements
with
which
a
security
domain
must
comply.
[ISO
IEC
10181-1]
[ISO
IEC
10181-1]
|
|
3
|
TRSTCERTOBV
|
trust
certificate
observation
|
Values
for
security
trust
certificate
metadata
observation
made
about
a
set
of
security-relevant
data
issued
by
a
security
authority
or
trusted
third
party,
together
with
security
information
which
is
used
to
provide
the
integrity
and
data
origin
authentication
services
for
an
IT
resource
(data,
information
object,
service,
or
system
capability).
[Based
on
ISO
IEC
10181-1]
For
example,
a
Certificate
Policy
(CP),
which
is
a
named
set
of
rules
that
indicates
the
applicability
of
a
certificate
to
a
particular
community
and/or
class
of
application
with
common
security
requirements.
A
particular
Certificate
Policy
might
indicate
the
applicability
of
a
type
of
certificate
to
the
authentication
of
electronic
data
interchange
transactions
for
the
trading
of
goods
within
a
given
price
range.
Another
example
is
Cross
Certification
with
Federal
Bridge.
|
|
3
|
(TRSTLOAOBV)
Abstract
|
|
Values
for
security
trust
assurance
metadata
observation
made
about
the
digital
quality
or
reliability
of
a
trust
assertion,
activity,
capability,
information
exchange,
mechanism,
process,
or
protocol.
|
|
4
|
(LOAAN)
Abstract
|
|
The
value
assigned
as
the
indicator
of
the
digital
quality
or
reliability
of
the
verification
and
validation
process
used
to
verify
the
claimed
identity
of
an
entity
by
securely
associating
an
identifier
and
its
authenticator.
[Based
on
ISO
7498-2]
For
example,
the
degree
of
confidence
in
the
vetting
process
used
to
establish
the
identity
of
the
individual
to
whom
the
credential
was
issued,
and
2)
the
degree
of
confidence
that
the
individual
who
uses
the
credential
is
the
individual
to
whom
the
credential
was
issued.
[OMB
M-04-04
E-Authentication
Guidance
for
Federal
Agencies]
|
|
5
|
LOAAN1
|
low
authentication
level
of
assurance
|
Indicator
of
low
digital
quality
or
reliability
of
the
digital
reliability
of
the
verification
and
validation
process
used
to
verify
the
claimed
identity
of
an
entity
by
securely
associating
an
identifier
and
its
authenticator.
[Based
on
ISO
7498-2]
The
degree
of
confidence
in
the
vetting
process
used
to
establish
the
identity
of
the
individual
to
whom
the
credential
was
issued,
and
2)
the
degree
of
confidence
that
the
individual
who
uses
the
credential
is
the
individual
to
whom
the
credential
was
issued.
[OMB
M-04-04
E-Authentication
Guidance
for
Federal
Agencies]
Low
authentication
level
of
assurance
indicates
that
the
relying
party
may
have
little
or
no
confidence
in
the
asserted
identity's
validity.
Level
1
requires
little
or
no
confidence
in
the
asserted
identity.
No
identity
proofing
is
required
at
this
level,
but
the
authentication
mechanism
should
provide
some
assurance
that
the
same
claimant
is
accessing
the
protected
transaction
or
data.
A
wide
range
of
available
authentication
technologies
can
be
employed
and
any
of
the
token
methods
of
Levels
2,
3,
or
4,
including
Personal
Identification
Numbers
(PINs),
may
be
used.
To
be
authenticated,
the
claimant
must
prove
control
of
the
token
through
a
secure
authentication
protocol.
At
Level
1,
long-term
shared
authentication
secrets
may
be
revealed
to
verifiers.
Assertions
issued
about
claimants
as
a
result
of
a
successful
authentication
are
either
cryptographically
authenticated
by
relying
parties
(using
approved
methods)
or
are
obtained
directly
from
a
trusted
party
via
a
secure
authentication
protocol.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAN2
|
basic
authentication
level
of
assurance
|
Indicator
of
basic
digital
quality
or
reliability
of
the
digital
reliability
of
the
verification
and
validation
process
used
to
verify
the
claimed
identity
of
an
entity
by
securely
associating
an
identifier
and
its
authenticator.
[Based
on
ISO
7498-2]
The
degree
of
confidence
in
the
vetting
process
used
to
establish
the
identity
of
the
individual
to
whom
the
credential
was
issued,
and
2)
the
degree
of
confidence
that
the
individual
who
uses
the
credential
is
the
individual
to
whom
the
credential
was
issued.
[OMB
M-04-04
E-Authentication
Guidance
for
Federal
Agencies]
Basic
authentication
level
of
assurance
indicates
that
the
relying
party
may
have
some
confidence
in
the
asserted
identity's
validity.
Level
2
requires
confidence
that
the
asserted
identity
is
accurate.
Level
2
provides
for
single-factor
remote
network
authentication,
including
identity-proofing
requirements
for
presentation
of
identifying
materials
or
information.
A
wide
range
of
available
authentication
technologies
can
be
employed,
including
any
of
the
token
methods
of
Levels
3
or
4,
as
well
as
passwords.
Successful
authentication
requires
that
the
claimant
prove
through
a
secure
authentication
protocol
that
the
claimant
controls
the
token.
Eavesdropper,
replay,
and
online
guessing
attacks
are
prevented.
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
party
except
the
claimant
and
verifiers
operated
by
the
CSP;
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
verifiers
by
the
CSP.
Approved
cryptographic
techniques
are
required.
Assertions
issued
about
claimants
as
a
result
of
a
successful
authentication
are
either
cryptographically
authenticated
by
relying
parties
(using
approved
methods)
or
are
obtained
directly
from
a
trusted
party
via
a
secure
authentication
protocol.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAN3
|
medium
authentication
level
of
assurance
|
Indicator
of
medium
digital
quality
or
reliability
of
the
digital
reliability
of
verification
and
validation
of
the
process
used
to
verify
the
claimed
identity
of
an
entity
by
securely
associating
an
identifier
and
its
authenticator.
[Based
on
ISO
7498-2]
The
degree
of
confidence
in
the
vetting
process
used
to
establish
the
identity
of
the
individual
to
whom
the
credential
was
issued,
and
2)
the
degree
of
confidence
that
the
individual
who
uses
the
credential
is
the
individual
to
whom
the
credential
was
issued.
[OMB
M-04-04
E-Authentication
Guidance
for
Federal
Agencies]
Medium
authentication
level
of
assurance
indicates
that
the
relying
party
may
have
high
confidence
in
the
asserted
identity's
validity.
Level
3
is
appropriate
for
transactions
that
need
high
confidence
in
the
accuracy
of
the
asserted
identity.
Level
3
provides
multifactor
remote
network
authentication.
At
this
level,
identity-proofing
procedures
require
verification
of
identifying
materials
and
information.
Authentication
is
based
on
proof
of
possession
of
a
key
or
password
through
a
cryptographic
protocol.
Cryptographic
strength
mechanisms
should
protect
the
primary
authentication
token
(a
cryptographic
key)
against
compromise
by
the
protocol
threats,
including
eavesdropper,
replay,
online
guessing,
verifier
impersonation,
and
man-in-the-middle
attacks.
A
minimum
of
two
authentication
factors
is
required.
Three
kinds
of
tokens
may
be
used:
"soft"
"soft"
cryptographic
token,
which
has
the
key
stored
on
a
general-purpose
computer,
"hard"
"hard"
cryptographic
token,
which
has
the
key
stored
on
a
special
hardware
device,
and
"one-time
password"
"one-time
password"
device
token,
which
has
symmetric
key
stored
on
a
personal
hardware
device
that
is
a
cryptographic
module
validated
at
FIPS
140-2
Level
1
or
higher.
Validation
testing
of
cryptographic
modules
and
algorithms
for
conformance
to
Federal
Information
Processing
Standard
(FIPS)
140-2,
Security
Requirements
for
Cryptographic
Modules,
is
managed
by
NIST.
Authentication
requires
that
the
claimant
prove
control
of
the
token
through
a
secure
authentication
protocol.
The
token
must
be
unlocked
with
a
password
or
biometric
representation,
or
a
password
must
be
used
in
a
secure
authentication
protocol,
to
establish
two-factor
authentication.
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
party
except
the
claimant
and
verifiers
operated
directly
by
the
CSP;
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
verifiers
by
the
CSP.
Approved
cryptographic
techniques
are
used
for
all
operations.
Assertions
issued
about
claimants
as
a
result
of
a
successful
authentication
are
either
cryptographically
authenticated
by
relying
parties
(using
approved
methods)
or
are
obtained
directly
from
a
trusted
party
via
a
secure
authentication
protocol.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAN4
|
high
authentication
level
of
assurance
|
Indicator
of
high
digital
quality
or
reliability
of
the
digital
reliability
of
the
verification
and
validation
process
used
to
verify
the
claimed
identity
of
an
entity
by
securely
associating
an
identifier
and
its
authenticator.
[Based
on
ISO
7498-2]
The
degree
of
confidence
in
the
vetting
process
used
to
establish
the
identity
of
the
individual
to
whom
the
credential
was
issued,
and
2)
the
degree
of
confidence
that
the
individual
who
uses
the
credential
is
the
individual
to
whom
the
credential
was
issued.
[OMB
M-04-04
E-Authentication
Guidance
for
Federal
Agencies]
High
authentication
level
of
assurance
indicates
that
the
relying
party
may
have
very
high
confidence
in
the
asserted
identity's
validity.
Level
4
is
for
transactions
that
need
very
high
confidence
in
the
accuracy
of
the
asserted
identity.
Level
4
provides
the
highest
practical
assurance
of
remote
network
authentication.
Authentication
is
based
on
proof
of
possession
of
a
key
through
a
cryptographic
protocol.
This
level
is
similar
to
Level
3
except
that
only
“hard�
cryptographic
tokens
are
allowed,
cryptographic
module
validation
requirements
are
strengthened,
and
subsequent
critical
data
transfers
must
be
authenticated
via
a
key
that
is
bound
to
the
authentication
process.
The
token
should
be
a
hardware
cryptographic
module
validated
at
FIPS
140-2
Level
2
or
higher
overall
with
at
least
FIPS
140-2
Level
3
physical
security.
This
level
requires
a
physical
token,
which
cannot
readily
be
copied,
and
operator
authentication
at
Level
2
and
higher,
and
ensures
good,
two-factor
remote
authentication.
Level
4
requires
strong
cryptographic
authentication
of
all
parties
and
all
sensitive
data
transfers
between
the
parties.
Either
public
key
or
symmetric
key
technology
may
be
used.
Authentication
requires
that
the
claimant
prove
through
a
secure
authentication
protocol
that
the
claimant
controls
the
token.
Eavesdropper,
replay,
online
guessing,
verifier
impersonation,
and
man-in-the-middle
attacks
are
prevented.
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
party
except
the
claimant
and
verifiers
operated
directly
by
the
CSP;
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
verifiers
by
the
CSP.
Strong
approved
cryptographic
techniques
are
used
for
all
operations.
All
sensitive
data
transfers
are
cryptographically
authenticated
using
keys
bound
to
the
authentication
process.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
4
|
(LOAAP)
Abstract
|
|
The
value
assigned
as
the
indicator
of
the
digital
quality
or
reliability
of
a
defined
sequence
of
messages
between
a
Claimant
and
a
Verifier
that
demonstrates
that
the
Claimant
has
possession
and
control
of
a
valid
token
to
establish
his/her
identity,
and
optionally,
demonstrates
to
the
Claimant
that
he
or
she
is
communicating
with
the
intended
Verifier.
[Based
on
NIST
SP
800-63-2]
|
|
5
|
LOAAP1
|
low
authentication
process
level
of
assurance
|
Indicator
of
the
low
digital
quality
or
reliability
of
a
defined
sequence
of
messages
between
a
Claimant
and
a
Verifier
that
demonstrates
that
the
Claimant
has
possession
and
control
of
a
valid
token
to
establish
his/her
identity,
and
optionally,
demonstrates
to
the
Claimant
that
he
or
she
is
communicating
with
the
intended
Verifier.
[Based
on
NIST
SP
800-63-2]
Low
authentication
process
level
of
assurance
indicates
that
(1)
long-term
shared
authentication
secrets
may
be
revealed
to
verifiers;
and
(2)
assertions
and
assertion
references
require
protection
from
manufacture/modification
and
reuse
attacks.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAP2
|
basic
authentication
process
level
of
assurance
|
Indicator
of
the
basic
digital
quality
or
reliability
of
a
defined
sequence
of
messages
between
a
Claimant
and
a
Verifier
that
demonstrates
that
the
Claimant
has
possession
and
control
of
a
valid
token
to
establish
his/her
identity,
and
optionally,
demonstrates
to
the
Claimant
that
he
or
she
is
communicating
with
the
intended
Verifier.
[Based
on
NIST
SP
800-63-2]
Basic
authentication
process
level
of
assurance
indicates
that
long-term
shared
authentication
secrets
are
never
revealed
to
any
other
party
except
Credential
Service
Provider
(CSP).
Sessions
(temporary)
shared
secrets
may
be
provided
to
independent
verifiers
by
CSP.
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
other
party
except
Verifiers
operated
by
the
Credential
Service
Provider
(CSP);
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
Verifiers
by
the
CSP.
In
addition
to
Level
1
requirements,
assertions
are
resistant
to
disclosure,
redirection,
capture
and
substitution
attacks.
Approved
cryptographic
techniques
are
required.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAP3
|
medium
authentication
process
level
of
assurance
|
Indicator
of
the
medium
digital
quality
or
reliability
of
a
defined
sequence
of
messages
between
a
Claimant
and
a
Verifier
that
demonstrates
that
the
Claimant
has
possession
and
control
of
a
valid
token
to
establish
his/her
identity,
and
optionally,
demonstrates
to
the
Claimant
that
he
or
she
is
communicating
with
the
intended
Verifier.
[Based
on
NIST
SP
800-63-2]
Medium
authentication
process
level
of
assurance
indicates
that
the
token
can
be
unlocked
with
password,
biometric,
or
uses
a
secure
multi-token
authentication
protocol
to
establish
two-factor
authentication.
Long-term
shared
authentication
secrets
are
never
revealed
to
any
party
except
the
Claimant
and
Credential
Service
Provider
(CSP).
Authentication
requires
that
the
Claimant
prove,
through
a
secure
authentication
protocol,
that
he
or
she
controls
the
token.
The
Claimant
unlocks
the
token
with
a
password
or
biometric,
or
uses
a
secure
multi-token
authentication
protocol
to
establish
two-factor
authentication
(through
proof
of
possession
of
a
physical
or
software
token
in
combination
with
some
memorized
secret
knowledge).
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
party
except
the
Claimant
and
Verifiers
operated
directly
by
the
CSP;
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
Verifiers
by
the
CSP.
In
addition
to
Level
2
requirements,
assertions
are
protected
against
repudiation
by
the
Verifier.
|
|
5
|
LOAAP4
|
high
authentication
process
level
of
assurance
|
Indicator
of
the
high
digital
quality
or
reliability
of
a
defined
sequence
of
messages
between
a
Claimant
and
a
Verifier
that
demonstrates
that
the
Claimant
has
possession
and
control
of
a
valid
token
to
establish
his/her
identity,
and
optionally,
demonstrates
to
the
Claimant
that
he
or
she
is
communicating
with
the
intended
Verifier.
[Based
on
NIST
SP
800-63-2]
High
authentication
process
level
of
assurance
indicates
all
sensitive
data
transfer
are
cryptographically
authenticated
using
keys
bound
to
the
authentication
process.
Level
4
requires
strong
cryptographic
authentication
of
all
communicating
parties
and
all
sensitive
data
transfers
between
the
parties.
Either
public
key
or
symmetric
key
technology
may
be
used.
Authentication
requires
that
the
Claimant
prove
through
a
secure
authentication
protocol
that
he
or
she
controls
the
token.
All
protocol
threats
at
Level
3
are
required
to
be
prevented
at
Level
4.
Protocols
shall
also
be
strongly
resistant
to
man-in-the-middle
attacks.
Long-term
shared
authentication
secrets,
if
used,
are
never
revealed
to
any
party
except
the
Claimant
and
Verifiers
operated
directly
by
the
CSP;
however,
session
(temporary)
shared
secrets
may
be
provided
to
independent
Verifiers
by
the
CSP.
Approved
cryptographic
techniques
are
used
for
all
operations.
All
sensitive
data
transfers
are
cryptographically
authenticated
using
keys
bound
to
the
authentication
process.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
4
|
(LOAAS)
Abstract
|
|
The
value
assigned
as
the
indicator
of
the
high
quality
or
reliability
of
the
statement
from
a
Verifier
to
a
Relying
Party
(RP)
that
contains
identity
information
about
a
Subscriber.
Assertions
may
also
contain
verified
attributes.
|
|
5
|
LOAAS1
|
low
assertion
level
of
assurance
|
Indicator
of
the
low
quality
or
reliability
of
the
statement
from
a
Verifier
to
a
Relying
Party
(RP)
that
contains
identity
information
about
a
Subscriber.
Assertions
may
also
contain
verified
attributes.
Assertions
and
assertion
references
require
protection
from
modification
and
reuse
attacks.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAS2
|
basic
assertion
level
of
assurance
|
Indicator
of
the
basic
quality
or
reliability
of
the
statement
from
a
Verifier
to
a
Relying
Party
(RP)
that
contains
identity
information
about
a
Subscriber.
Assertions
may
also
contain
verified
attributes.
Assertions
are
resistant
to
disclosure,
redirection,
capture
and
substitution
attacks.
Approved
cryptographic
techniques
are
required
for
all
assertion
protocols.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAS3
|
medium
assertion
level
of
assurance
|
Indicator
of
the
medium
quality
or
reliability
of
the
statement
from
a
Verifier
to
a
Relying
Party
(RP)
that
contains
identity
information
about
a
Subscriber.
Assertions
may
also
contain
verified
attributes.
Assertions
are
protected
against
repudiation
by
the
verifier.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
5
|
LOAAS4
|
high
assertion
level
of
assurance
|
Indicator
of
the
high
quality
or
reliability
of
the
statement
from
a
Verifier
to
a
Relying
Party
(RP)
that
contains
identity
information
about
a
Subscriber.
Assertions
may
also
contain
verified
attributes.
Strongly
resistant
to
man-in-the-middle
attacks.
"Bearer"
"Bearer"
assertions
are
not
used.
"Holder-of-key"
"Holder-of-key"
assertions
may
be
used.
RP
maintains
records
of
the
assertions.
[Summary
of
the
technical
requirements
specified
in
NIST
SP
800-63
for
the
four
levels
of
assurance
defined
by
the
December
2003,
the
Office
of
Management
and
Budget
(OMB)
issued
Memorandum
M-04-04,
E-Authentication
Guidance
for
Federal
Agencies.]
|
|
4
|
(LOACM)
Abstract
|
|
Indicator
of
the
digital
quality
or
reliability
of
the
activities
performed
by
the
Credential
Service
Provider
(CSP)
subsequent
to
electronic
authentication
registration,
identity
proofing
and
issuance
activities
to
manage
and
safeguard
the
integrity
of
an
issued
credential
and
its
binding
to
an
identity.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOACM1
|
low
token
and
credential
management
level
of
assurance
|
Indicator
of
the
low
digital
quality
or
reliability
of
the
activities
performed
by
the
Credential
Service
Provider
(CSP)
subsequent
to
electronic
authentication
registration,
identity
proofing
and
issuance
activities
to
manage
and
safeguard
the
integrity
of
an
issued
credential
and
its
binding
to
an
identity.
Little
or
no
confidence
that
an
individual
has
maintained
control
over
a
token
that
has
been
entrusted
to
him
or
her
and
that
that
token
has
not
been
compromised.
Characteristics
include
weak
identity
binding
to
tokens
and
plaintext
passwords
or
secrets
not
transmitted
across
a
network.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOACM2
|
basic
token
and
credential
management
level
of
assurance
|
Indicator
of
the
basic
digital
quality
or
reliability
of
the
activities
performed
by
the
Credential
Service
Provider
(CSP)
subsequent
to
electronic
authentication
registration,
identity
proofing
and
issuance
activities
to
manage
and
safeguard
the
integrity
of
an
issued
credential
and
its
binding
to
an
identity.
Some
confidence
that
an
individual
has
maintained
control
over
a
token
that
has
been
entrusted
to
him
or
her
and
that
that
token
has
not
been
compromised.
Characteristics
include:
Verification
must
prove
claimant
controls
the
token;
token
resists
online
guessing,
replay,
session
hijacking,
and
eavesdropping
attacks;
and
token
is
at
least
weakly
resistant
to
man-in-the
middle
attacks.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOACM3
|
medium
token
and
credential
management
level
of
assurance
|
Indicator
of
the
medium
digital
quality
or
reliability
of
the
activities
performed
by
the
Credential
Service
Provider
(CSP)
subsequent
to
electronic
authentication
registration,
identity
proofing
and
issuance
activities
to
manage
and
safeguard
the
integrity
of
an
issued
credential
and
it’s
binding
to
an
identity.
High
confidence
that
an
individual
has
maintained
control
over
a
token
that
has
been
entrusted
to
him
or
her
and
that
that
token
has
not
been
compromised.
Characteristics
include:
Ownership
of
token
verifiable
through
security
authentication
protocol
and
credential
management
protects
against
verifier
impersonation
attacks.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOACM4
|
high
token
and
credential
management
level
of
assurance
|
Indicator
of
the
high
digital
quality
or
reliability
of
the
activities
performed
by
the
Credential
Service
Provider
(CSP)
subsequent
to
electronic
authentication
registration,
identity
proofing
and
issuance
activities
to
manage
and
safeguard
the
integrity
of
an
issued
credential
and
it’s
binding
to
an
identity.
Very
high
confidence
that
an
individual
has
maintained
control
over
a
token
that
has
been
entrusted
to
him
or
her
and
that
that
token
has
not
been
compromised.
Characteristics
include:
Verifier
can
prove
control
of
token
through
a
secure
protocol;
credential
management
supports
strong
cryptographic
authentication
of
all
communication
parties.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
4
|
(LOAID)
Abstract
|
|
Indicator
of
the
quality
or
reliability
in
the
process
of
ascertaining
that
an
individual
is
who
he
or
she
claims
to
be.
|
|
5
|
LOAID1
|
low
identity
proofing
level
of
assurance
|
Indicator
of
low
digital
quality
or
reliability
in
the
process
of
ascertaining
that
an
individual
is
who
he
or
she
claims
to
be.
Requires
that
a
continuity
of
identity
be
maintained
but
does
not
require
identity
proofing.
[Based
on
Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOAID2
|
basic
identity
proofing
level
of
assurance
|
Indicator
of
some
digital
quality
or
reliability
in
the
process
of
ascertaining
that
that
an
individual
is
who
he
or
she
claims
to
be.
Requires
identity
proofing
via
presentation
of
identifying
material
or
information.
[Based
on
Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOAID3
|
medium
identity
proofing
level
of
assurance
|
Indicator
of
high
digital
quality
or
reliability
in
the
process
of
ascertaining
that
an
individual
is
who
he
or
she
claims
to
be.
Requires
identity
proofing
procedures
for
verification
of
identifying
materials
and
information.
[Based
on
Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOAID4
|
high
identity
proofing
level
of
assurance
|
Indicator
of
high
digital
quality
or
reliability
in
the
process
of
ascertaining
that
an
individual
is
who
he
or
she
claims
to
be.
Requires
identity
proofing
procedures
for
verification
of
identifying
materials
and
information.
[Based
on
Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
4
|
(LOANR)
Abstract
|
|
Indicator
of
the
digital
quality
or
reliability
in
the
process
of
establishing
proof
of
delivery
and
proof
of
origin.
[Based
on
ISO
7498-2]
|
|
5
|
LOANR1
|
low
non-repudiation
level
of
assurance
|
Indicator
of
low
digital
quality
or
reliability
in
the
process
of
establishing
proof
of
delivery
and
proof
of
origin.
[Based
on
ISO
7498-2]
|
|
5
|
LOANR2
|
basic
non-repudiation
level
of
assurance
|
Indicator
of
basic
digital
quality
or
reliability
in
the
process
of
establishing
proof
of
delivery
and
proof
of
origin.
[Based
on
ISO
7498-2]
|
|
5
|
LOANR3
|
medium
non-repudiation
level
of
assurance
|
Indicator
of
medium
digital
quality
or
reliability
in
the
process
of
establishing
proof
of
delivery
and
proof
of
origin.
[Based
on
ISO
7498-2]
|
|
5
|
LOANR4
|
high
non-repudiation
level
of
assurance
|
Indicator
of
high
digital
quality
or
reliability
in
the
process
of
establishing
proof
of
delivery
and
proof
of
origin.
[Based
on
ISO
7498-2]
|
|
4
|
(LOARA)
Abstract
|
|
Indicator
of
the
digital
quality
or
reliability
of
the
information
exchange
between
network-connected
devices
where
the
information
cannot
be
reliably
protected
end-to-end
by
a
single
organization’s
security
controls.
[Based
on
NIST
SP
800-63-2]
|
|
5
|
LOARA1
|
low
remote
access
level
of
assurance
|
Indicator
of
low
digital
quality
or
reliability
of
the
information
exchange
between
network-connected
devices
where
the
information
cannot
be
reliably
protected
end-to-end
by
a
single
organization’s
security
controls.
[Based
on
NIST
SP
800-63-2]
|
|
5
|
LOARA2
|
basic
remote
access
level
of
assurance
|
Indicator
of
basic
digital
quality
or
reliability
of
the
information
exchange
between
network-connected
devices
where
the
information
cannot
be
reliably
protected
end-to-end
by
a
single
organization’s
security
controls.
[Based
on
NIST
SP
800-63-2]
|
|
5
|
LOARA3
|
medium
remote
access
level
of
assurance
|
Indicator
of
medium
digital
quality
or
reliability
of
the
information
exchange
between
network-connected
devices
where
the
information
cannot
be
reliably
protected
end-to-end
by
a
single
organization’s
security
controls.
[Based
on
NIST
SP
800-63-2]
|
|
5
|
LOARA4
|
high
remote
access
level
of
assurance
|
Indicator
of
high
digital
quality
or
reliability
of
the
information
exchange
between
network-connected
devices
where
the
information
cannot
be
reliably
protected
end-to-end
by
a
single
organization's
security
controls.
[Based
on
NIST
SP
800-63-2]
|
|
4
|
(LOATK)
Abstract
|
|
Indicator
of
the
digital
quality
or
reliability
of
single
and
multi-token
authentication.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOATK1
|
low
token
level
of
assurance
|
Indicator
of
the
low
digital
quality
or
reliability
of
single
and
multi-token
authentication.
Permits
the
use
of
any
of
the
token
methods
of
Levels
2,
3,
or
4.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOATK2
|
basic
token
level
of
assurance
|
Indicator
of
the
basic
digital
quality
or
reliability
of
single
and
multi-token
authentication.
Requires
single
factor
authentication
using
memorized
secret
tokens,
pre-registered
knowledge
tokens,
look-up
secret
tokens,
out
of
band
tokens,
or
single
factor
one-time
password
devices.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOATK3
|
medium
token
level
of
assurance
|
Indicator
of
the
medium
digital
quality
or
reliability
of
single
and
multi-token
authentication.
Requires
two
authentication
factors.
Provides
multi-factor
remote
network
authentication.
Permits
multi-factor
software
cryptographic
token.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
5
|
LOATK4
|
high
token
level
of
assurance
|
Indicator
of
the
high
digital
quality
or
reliability
of
single
and
multi-token
authentication.
Requires
token
that
is
a
hardware
cryptographic
module
validated
at
validated
at
Federal
Information
Processing
Standard
(FIPS)
140-2
Level
2
or
higher
overall
with
at
least
FIPS
140-2
Level
3
physical
security.
Level
4
token
requirements
can
be
met
by
using
the
PIV
authentication
key
of
a
FIPS
201
compliant
Personal
Identity
Verification
(PIV)
Card.
[Electronic
Authentication
Guideline
-
Recommendations
of
the
National
Institute
of
Standards
and
Technology,
NIST
Special
Publication
800-63-1,
Dec
2011]
|
|
3
|
TRSTMECOBV
|
none
supplied
6
|
Values
for
security
trust
mechanism
metadata
observation
made
about
a
security
architecture
system
component
that
supports
enforcement
of
security
policies.
|
|
1
|
(_SeverityObservation)
Abstract
|
|
Potential
values
for
observations
of
severity.
|
|
2
|
H
|
High
|
Indicates
the
condition
may
be
life-threatening
or
has
the
potential
to
cause
permanent
injury.
|
|
2
|
L
|
Low
|
Indicates
the
condition
may
result
in
some
adverse
consequences
but
is
unlikely
to
substantially
affect
the
situation
of
the
subject.
|
|
2
|
M
|
Moderate
|
Indicates
the
condition
may
result
in
noticable
adverse
adverse
consequences
but
is
unlikely
to
be
life-threatening
or
cause
permanent
injury.
|
|
1
|
(_SubjectBodyPosition)
Abstract
|
|
Contains
codes
for
defining
the
observed,
physical
position
of
a
subject,
such
as
during
an
observation,
assessment,
collection
of
a
specimen,
etc.
ECG
waveforms
and
vital
signs,
such
as
blood
pressure,
are
two
examples
where
a
general,
observed
position
typically
needs
to
be
noted.
|
|
2
|
LLD
|
left
lateral
decubitus
|
Lying
on
the
left
side.
|
|
2
|
PRN
|
prone
|
Lying
with
the
front
or
ventral
surface
downward;
lying
face
down.
|
|
2
|
RLD
|
right
lateral
decubitus
|
Lying
on
the
right
side.
|
|
2
|
SFWL
|
Semi-Fowler's
|
A
semi-sitting
position
in
bed
with
the
head
of
the
bed
elevated
approximately
45
degrees.
|
|
2
|
SIT
|
sitting
|
Resting
the
body
on
the
buttocks,
typically
with
upper
torso
erect
or
semi
erect.
|
|
2
|
STN
|
standing
|
To
be
stationary,
upright,
vertical,
on
one's
legs.
|
|
2
|
SUP
|
supine
|
|
|
3
|
RTRD
|
reverse
trendelenburg
|
Lying
on
the
back,
on
an
inclined
plane,
typically
about
30-45
degrees
with
head
raised
and
feet
lowered.
|
|
3
|
TRD
|
trendelenburg
|
Lying
on
the
back,
on
an
inclined
plane,
typically
about
30-45
degrees,
with
head
lowered
and
feet
raised.
|
|
1
|
(_VerificationOutcomeValue)
Abstract
|
|
Values
for
observations
of
verification
act
results
Examples:
Verified,
not
verified,
verified
with
warning.
|
|
2
|
ACT
|
active
coverage
|
Definition:
Coverage
is
in
effect
for
healthcare
service(s)
and/or
product(s).
|
|
2
|
ACTPEND
|
active
-
pending
investigation
|
Definition:
Coverage
is
in
effect
for
healthcare
service(s)
and/or
product(s)
-
Pending
Investigation
|
|
2
|
ELG
|
eligible
|
Definition:
Coverage
is
in
effect
for
healthcare
service(s)
and/or
product(s).
|
|
2
|
INACT
|
inactive
|
Definition:
Coverage
is
not
in
effect
for
healthcare
service(s)
and/or
product(s).
|
|
2
|
INPNDINV
|
inactive
-
pending
investigation
|
Definition:
Coverage
is
not
in
effect
for
healthcare
service(s)
and/or
product(s)
-
Pending
Investigation.
|
|
2
|
INPNDUPD
|
inactive
-
pending
eligibility
update
|
Definition:
Coverage
is
not
in
effect
for
healthcare
service(s)
and/or
product(s)
-
Pending
Eligibility
Update.
|
|
2
|
NELG
|
not
eligible
|
Definition:
Coverage
is
not
in
effect
for
healthcare
service(s)
and/or
product(s).
May
optionally
include
reasons
for
the
ineligibility.
|
|
1
|
(_WorkSchedule)
Abstract
|
|
Concepts
that
describe
an
individual's
typical
arrangement
of
working
hours
for
an
occupation.
|
|
2
|
DS
|
daytime
shift
|
A
person
who
is
scheduled
for
work
during
daytime
hours
(for
example
between
6am
and
6pm)
on
a
regular
basis.
|
|
2
|
EMS
|
early
morning
shift
|
Consistent
Early
morning
schedule
of
13
hours
or
less
per
shift
(between
2
am
and
2
pm)
|
|
2
|
ES
|
evening
shift
|
A
person
who
is
scheduled
for
work
during
evening
hours
(for
example
between
2pm
and
midnight)
on
a
regular
basis.
|
|
2
|
NS
|
night
shift
|
Scheduled
for
work
during
nighttime
hours
(for
example
between
9pm
and
8am)
on
a
regular
basis.
|
|
2
|
RSWN
|
rotating
shift
with
nights
|
Scheduled
for
work
times
that
change
periodically
between
days,
and/or
evenings,
and
includes
some
night
shifts.
|
|
2
|
RSWON
|
rotating
shift
without
nights
|
Scheduled
for
work
days/times
that
change
periodically
between
days,
but
does
not
include
night
or
evening
work.
|
|
2
|
SS
|
split
shift
|
Shift
consisting
of
two
distinct
work
periods
each
day
that
are
separated
by
a
break
of
a
few
hours
(for
example
2
to
4
hours)
|
|
2
|
VLS
|
very
long
shift
|
Shifts
of
17
or
more
hours.
|
|
2
|
VS
|
variable
shift
|
Irregular,
unpredictable
hours
scheduled
on
a
short
notice
(for
example,
less
than
2
day
notice):
inconsistent
schedule,
on-call,
as
needed,
as
available.
|
|
1
|
(_AnnotationValue)
Abstract
|
|
|
|
1
|
(_CommonClinicalObservationValue)
Abstract
|
|
Description:Used
in
a
patient
care
message
to
value
simple
clinical
(non-lab)
observations.
|
|
1
|
(_IndividualCaseSafetyReportValueDomains)
Abstract
|
|
This
domain
is
established
as
a
parent
to
a
variety
of
value
domains
being
defined
to
support
the
communication
of
Individual
Case
Safety
Reports
to
regulatory
bodies.
Arguably,
this
aggregation
is
not
taxonomically
pure,
but
the
grouping
will
facilitate
the
management
of
these
domains.
|
|
1
|
(_IndicationValue)
Abstract
|
|
Indicates
the
specific
observation
result
which
is
the
reason
for
the
action
(prescription,
lab
test,
etc.).
E.g.
Headache,
Ear
infection,
planned
diagnostic
image
(requiring
contrast
agent),
etc.
|
.
Page
versions:
R4
R3
Work
Group
|
Propose
a
change
Terminology