...
Adoption of standard HL7 CUI codes ensures interoperability across HL7 Version 2, CDA, and FHIR content using syntax specific security labeling.
Per NARA, CUI Program allows you to use any font size and color, just as long as the banner marking is in the header of the document and is readily apparent to the user.
Relevant CUI Health and Privacy Authorities for HIE
The following authorities are included in CUI Category: General Privacy and CUI Category: Health Information
| Info Type | Category | Basic / Specified | Authority | Context | Federal Agencies to which this applies | Safeguarding / Dissemination |
| PII | PRVCY | Specified | OMB M-17-12 | Preparing for and addressing PII breach | All Federal health agencies/contractors & HIPAA BA/cooperative agreement parties | Dissemination |
| PII | PRVCY | Basic | OMB A130 | Managing PII | All Federal health agencies/contractors & HIPAA BA | Safeguarding |
| IIHI | HLTH | Specified | 42 USC 1320d-5 | HIPAA Statute Security Safeguards for IIHI | All Federal health agencies/contractors which are Covered Entities or BA | |
| IIHI | HLTH | Specified | 42 CFR 2.16(a) | Part 2 Security of Substance Use Disorder Records | Federal health agencies to which Part 2 applies (not VA?) | |
| IIHI | HLTH | Basic | 42 CFR 2.1(a) | Part 2 - Disclosure authorization | Federal health agencies to which Part 2 applies (not VA) | |
| IIHI | HLTH | Basic | 42 CFR 2.1(f) | Part 2 Substance Use Disorder Confidentiality | Federal health agencies to which Part 2 applies (not VA) | Safeguarding / Dissemination |
| IIHI | HLTH | Basic | 42 CFR 2.12(a) | Part 2 - Restrictions on disclosure. | Federal health agencies to which Part 2 applies (not VA) | |
| IIHI | HLTH | Basic | 42 CFR 2.13(c) | Part 2 - Confidentiality restrictions and safeguards. (c) Acknowledging the presence of patients: Responding to requests. | Federal health agencies to which Part 2 applies (not VA) | |
| IIHI | HLTH | Basic | 42 CFR 2.2(a) | Part 2 - Purpose and effect. | Federal health agencies to which Part 2 applies (not VA) | Safeguarding / Dissemination |
| IIHI | HLTH | Basic | 42 CFR 2.21(b) | Part 2 - Research Privilege Confidentiality | Federal health agencies to which Part 2 applies (not VA) | |
| IIHI | HLTH | Basic | 38 USC 7332(a) | Veterans Confidentiality | Federal health agencies to which 7332 applies | |
| PHI | HLTH | Basic | 45 CFR 164.508(a) | HIPAA Privacy Rule Uses and Disclosures for which an authorization is required. | All Federal health agencies/contractors which are Covered Entities or BA | |
| PHI | HLTH | Basic | 45 CFR 164.530(e) | HIPAA Safeguards under Privacy Rule | All Federal health agencies/contractors which are Covered Entities or BA | |
| PHI | HLTH | Basic | 45 CFR 164.502(a) | HIPAA Privacy Rule Uses and disclosure of PHI without authorization | All Federal health agencies/contractors which are Covered Entities or BA | |
| PHI | HLTH | Basic | 45 CFR 164.310(a)(1) | HIPAA Security Rule Physical Safeguards | All Federal health agencies/contractors which are Covered Entities or BA | |
| ePHI | HLTH | Basic | 45 CFR 164.306(a) | HIPAA Security standards general rules | All Federal health agencies/contractors which are Covered Entities or BA |