An Obligation Policy may be used to specify additional privacy preferences specified by a Subject of Care. An Obligation Policy may be specified in addition to a Refrain Policy to fully describe a client’s access control preferences. In some cases, an Obligation Policy may be used to indicate that the receiver of an information object may not be allowed to re-disclose or persist that information object indefinitely. Per ISO 22600-2, Obligation Policy instances "are event-triggered and define actions to be performed by manager agent." [HL7 DAM] An obligation is an operation specified in a policy or policy set performed in conjunction with the enforcement of an authorization decision. [XACML] In short, obligations are actions to be performed. [ISO 22600-2] This class is derived from ISO 22600-2 and HL7 DAM.