How data access control or filter is applied when creating an EHR_EXTRACT

Considering scenario where a patient has medicine list and problem list and these are saved as persistent composition instances. This patient has a few problems and medicines that are considered as sensitive so the patient doesn’t want to share these sensitive information with other healthcare providers.
When an EHR EXTRACT is created, how the sensitive information (particular entries in the persistent compositions) could be filtered/excluded in the EHR_EXTRACT_CONTENT? In another word, would the medication list and problem list compositions be included in the EHR_EXTRACT_CONTENT?

The spec has various filtering mechanisms for content, including EXTRACT_SPEC.criteria which is assumed to be AQL or other queries.

This doesn’t directly solve the question of excluding content based on sensitivity, since the RM doesn’t currently have a sensitivity marker on content, but assuming the latter were solved in such a way that queries could be constructed to allow or exclude sensitive content, then it would be one solution.

Long term I would favour a dedicated mechanism whereby various sensitivity levels could be included / excluded in the Extract spec, independent of the criteria queries, which are probably better used to filter on e.g. time, specific kind of content.