ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions. It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation. It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways. ISO 22600-3:2014 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO 22600-2.
Tämän julkaisun valmistelusta Suomessa vastaa SFS Suomen Standardit, puh. 09 149 9331.
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structures and services for privilege management and access control
6 Interpretation of ISO 22600-2 formal models in healthcare settings
7 Concept representation for health information systems
7.1 Overview
7.2 Domain languages
7.3 OCL constraint modelling
7.4 Other constraint representations
8 Consent
8.1 Overview
8.2 Patient consent
8.3 Patient consent management
9 Emergency access
10 Refinement of the control model
11 Refinement of the delegation model
Annex A Privilege management infrastructure (informative)
Annex B Attribute certificate extensions (informative)
Annex C Terminology comparison (informative)
Annex D Examples for policy management and policy representation (informative)
ASTM E 2084:2000 Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009)
ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework
ISO/IEC 9594-8:2014 Information technology -- Open Systems Interconnection -- The Directory -- Part 8: Public-key and attribute certificate frameworks
ASTM E 2084:2000 Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009)
ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework
ISO/IEC 9594-8:2014 Information technology -- Open Systems Interconnection -- The Directory -- Part 8: Public-key and attribute certificate frameworks