FHIR Security Labels are metadata tags applied to a Resource.meta.security element to convey the sensitivity and confidentiality of clinical data. They enable attribute-based access control (ABAC) by classifying resources according to a standardized vocabulary, allowing systems to make automated disclosure decisions based on a patient's consent directives and the requesting user's clearance.
Glossary
FHIR Security Labels

What is FHIR Security Labels?
A standardized mechanism for tagging FHIR resources with metadata that dictates their sensitivity, confidentiality, and handling instructions to enforce patient consent and regulatory compliance.
The standard leverages the HL7 Security and Privacy Domain Analysis Model, using codes from vocabularies like ConfidentialityClassification (e.g., N for normal, R for restricted) and SensitivityClassification (e.g., ETH for substance abuse). This tagging architecture is fundamental to building interoperable, privacy-preserving federated learning pipelines where data access must be enforced at the resource level.
Core Components of a Security Label
A FHIR Security Label is a structured metadata tag applied to a resource to govern its access, use, and disclosure. It decomposes into distinct, interoperable components that collectively define the sensitivity, confidentiality, handling caveats, and provenance of clinical data.
Confidentiality Classification
The foundational axis of a security label, indicating the level of sensitivity of the resource. It defines the potential harm from unauthorized disclosure.
- U (Unrestricted): Publicly available data.
- L (Low): Data with minimal sensitivity.
- M (Moderate): Standard protected health information (PHI).
- N (Normal): Clinically sensitive data requiring standard access controls.
- R (Restricted): Highly sensitive data like mental health or HIV records.
- V (Very Restricted): Extremely sensitive data requiring explicit consent for each access.
Sensitivity Category
A coded value that specifies the type of sensitive content within the resource, triggering specific policy rules beyond basic confidentiality. This is often the primary driver for access denial.
- ETH (Substance Abuse): Governed by 42 CFR Part 2.
- PSY (Psychiatry): Psychotherapy notes.
- HIV (HIV/AIDS): Status and related treatment.
- SEX (Sexuality): Sexual and reproductive health.
- DOM (Domestic Violence): Victim status information.
Handling Caveat
An instruction that dictates a mandatory obligation or restriction on the receiver of the data. It defines what a user must do, not just what the data is.
- PurposeOfUse: Restricts use to a specific reason, e.g.,
TREAT(treatment) only. - Obligation: Mandates an action, such as
AUDIT(log access) orCRYPT(encrypt at rest). - RefrainPolicy: Prohibits an action, such as
NOINTEGRATE(do not link with other records). - Compartment: Isolates data into a specific access zone, e.g.,
COMPTfor VIP patients.
Security Label Binding
The mechanism by which a label is cryptographically linked to a FHIR resource to ensure integrity and prevent tampering. A label is useless if it can be stripped or altered.
- Digital Signatures: Uses
Provenance.signatureto sign the resource and its label. - DocumentReference: Embeds the label within a static, signed clinical document.
- Meta.security: The standard element on every FHIR resource where the
Codingfor the label is placed directly.
Policy Provenance
The audit trail that records who applied the label, when, and under what authority. This is critical for compliance and dispute resolution.
- Provenance Resource: Tracks the
agent(e.g., a consent directive engine) that generated the label. - Policy URI: A reference to the computable policy (e.g., a XACML or ODRL document) that mandated the label.
- Timestamp: The exact instant the label was affixed, enabling chronological conflict resolution.
Dissemination Controls
A subset of handling caveats that specifically govern redistribution and re-disclosure of the information outside the originating system.
- NORDSCLCD (No Redisclosure Without Consent): Prohibits sharing with a third party without explicit patient authorization.
- NORDSCPRV (No Redisclosure to Provider): Blocks sharing with other treating providers.
- NORDSCPAY (No Redisclosure to Payer): Prevents the data from being sent to an insurance company.
Frequently Asked Questions
Clear answers to the most common questions about implementing and interpreting FHIR security labels for patient consent and regulatory compliance.
A FHIR Security Label is a metadata tag applied to a Resource using the Resource.meta.security element to indicate its sensitivity, confidentiality classification, and handling caveats. It functions as a machine-readable instruction set that downstream access control engines consume to enforce policy-based decisions. The label does not itself restrict access; rather, it communicates the resource's security posture so that an authorization server can compare the label against a user's clearance and the patient's Consent Resource directives. The mechanism relies on the FHIR Security Labeling Infrastructure, which binds a Coding from a defined security label value set—such as http://terminology.hl7.org/CodeSystem/v3-Confidentiality—to a specific resource instance, enabling granular, attribute-based access control (ABAC) in federated healthcare networks.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the core FHIR resources, protocols, and standards that interact with security labels to enforce patient consent and regulatory compliance.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us