The Organization (or other Entity) that issued or is otherwise responsible for the policy. This may be the provider organization that "owns" the patient record, or a jurisdiction that regulates how privacy is to be handled within its territory. This is the authority that grants authorization described in the privacy policy. This class is consistent with the “Security Authority” specified by the ISO/IEC 15816 standard as “The entity accountable for the administration of a security policy within a security domain”. "Entity or Organization having regulatory jurisdiction or accountability for enforcing policies pertaining to Consent Directives." - HL7 FHIR, Consent.policy.authority