ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions. It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation. It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways. ISO 22600-1:2014 proposes a template for the policy agreement. It enables the comparable documentation from all parties involved in the information exchange.
Tämän julkaisun valmistelusta Suomessa vastaa SFS Suomen Standardit, puh. 09 149 9331.
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Goal and structure of privilege management and access control
5.1 Goal of privilege management and access control
5.2 Structure of privilege management and access control
6 Policy agreement
6.1 Overview
6.2 Identification
6.3 Patient consent
6.4 Patient privacy
6.5 Information identification
6.6 Information location
6.7 Information integrity
6.8 Security
6.9 Authorization
6.10 Role structures
6.11 Assignment and attestation authorities
6.12 Delegation rights
6.13 Validity time
6.14 Authentication of users/roles
6.15 Access
6.16 Policy agreement validity period
6.17 Ethics
6.18 Secure audit trail
6.19 Audit check
6.20 Risk analysis
6.21 Continuity and disaster management
6.22 Future system developments
7 Documentation
Annex A Example of a documentation template (informative)
Annex B Example of an information exchange policy agreement (informative)
ISO 17090-1:2013 Health informatics -- Public key infrastructure -- Part 1: Overview of digital certificate services
ISO 17090-2:2008 Health informatics -- Public key infrastructure -- Part 2: Certificate profile
ISO 17090-3:2008 Health informatics -- Public key infrastructure -- Part 3: Policy management of certification authority
ISO 17090-1:2013 Health informatics -- Public key infrastructure -- Part 1: Overview of digital certificate services
ISO 17090-2:2008 Health informatics -- Public key infrastructure -- Part 2: Certificate profile
ISO 17090-3:2008 Health informatics -- Public key infrastructure -- Part 3: Policy management of certification authority
ISO 21091:2013 Health informatics -- Directory services for healthcare providers, subjects of care and other entities
ISO 21298:2017 Health informatics -- Functional and structural roles