The distributed architecture of shared care information systems is increasingly based on networks. For meeting the interoperability challenge, the use of standardised user interfaces, tools and protocols, and therefore their platform independence, the number of really open information systems based on corporate networks, virtual private networks has been rapidly growing during the last couple of years.
This multi part International Standard shall define privilege management and access control services required for communication and use of distributed health information across policy domain boundaries. The document introduces principles and specifies services needed for managing privileges and access control. It specifies the necessary component based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.
This International Standard is strongly related to other ISO/TC 215 work such as ISO 17090 “Health Informatics – Public Key Infrastructure”, ISO 22857 “Health Informatics – Guidelines on data protection to facilitate trans-border flows of personal health information” and ISO 21091 ”Health informatics - Directory services for security, communications and identification of professional and patient”. It is also related to ISO/TS 21298 “Health informatics – Functional and structural roles”.
This International Standard is intended to support the needs of healthcare information sharing across unaffiliated providers of healthcare, healthcare organisations, health insurance companies, their patients, staff members and trading partners.
This International Standard is intended to support inquiries from both individuals and application systems.
This multi part International Standard defines methods for managing authorization and access control to data and/or functions. It is allowing policy bridging. It is based on a conceptual model where local authorization manager servers and a cross border directory server can assist access control in various applications (software components). This directory server provides information on rules for access to various application functions based on roles and other attributes of the individual user. The granted access will be based on following aspects:
The authenticated identification of the user
The rules for access to a specific information object including purpose of use
The rules regarding authorization attributes linked to the user provided by the authorization manager
The functions of the specific application
This International Standard should be used in a perspective ranging from a local situation to a regional or national. One of the key points in these perspectives is to have organisational criteria combined with authorization profiles agreed upon from both the requesting and delivering side in a written policy agreement.
The International Standard supports collaboration between several authorization managers that may operate over organisational and policy borders.
The collaboration is defined in a Policy Agreement, signed by all involved organisations, which constitute the set of rules for the operation.
This International Standard excludes platform-specific and implementation details. It does not specify technical communication services and protocols that have been established in other standards. It also excludes authentication techniques.
This Part 2 of the Standard introduces the underlying paradigm of formal high level models for architectural components based on ISO/IEC 10746 “Information technology – Open Distributed Processing – Reference Model”. In that context, the Domain Model, the Document Model, the Policy Model, the Role Model, the Authorization Model, the Delegation Model, the Control Model, and the Access Control Model are introduced. The specifications are provided using the meta-languages Unified Model Language.
