A Refrain Policy is used to constrain an existing policy by indicating that a specific action is prohibited based on specific access control attributes (e.g., purpose of use, information type, user role). For example, a Refrain Policy instance may be used to represent a privacy consent directive that sets specific limitations on a default organizational policy regarding substance abuse data (e.g., [42 CFR Part 2]). Refrain Policy is a specialization of the Atomic Policy class. It does not have any additional attributes but implies different behavior. [HL7 DAM] ISO 22600-2 defines a refrain as actions subjects must refrain from performing. This class is derived from ISO 22600-2 and HL7 DAM.