BS EN ISO 22600-2:2014
Current
The latest, up-to-date edition.
Health informatics. Privilege management and access control Formal models
Hardcopy , PDF
English
31-10-2014
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Component paradigm
6 Generic models
Annex A (informative) - Functional and structural roles
Bibliography
Describes principles and also specifies services needed for managing privileges and access control to data and/or functions.
Committee |
IST/35
|
DevelopmentNote |
Supersedes DD ISO/TS 22600-2 & 12/30271004 DC. (11/2014)
|
DocumentType |
Standard
|
Pages |
38
|
PublisherName |
British Standards Institution
|
Status |
Current
|
Supersedes | |
UnderRevision |
This multi-part International Standard defines principles and specifies services needed for managing privileges and access control to data and/or functions.
It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation.
It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.
This part of ISO22600 introduces the underlying paradigm of formal high-level models for architectural components. It is based on ISO/IEC10746 (all parts) and introduces the domain model, the document model, the policy model, the role model, the authorization model, the delegation model, the control model, and the access control model.
The specifications are provided using the meta-languages Unified Modelling Language (UML) and Extensible Markup Language (XML). Additional diagrams are used for explaining the principles. The attributes used have been referenced to the HL7 reference information model (see ISO21731:2006) and the HL7 data type definitions.
The role model has been roughly introduced referring to ISO21298.
Standards | Relationship |
ISO 22600-2:2014 | Identical |
EN ISO 22600-2:2014 | Identical |
ENV 13606-3 : DRAFT 2000 | HEALTH INFORMATICS - ELECTRONIC HEALTHCARE RECORD COMMUNICATION - PART 3: DISTRIBUTION RULES |
ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
ISO/IEC TR 14516:2002 | Information technology Security techniques Guidelines for the use and management of Trusted Third Party services |
ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO 21091:2013 | Health informatics — Directory services for healthcare providers, subjects of care and other entities |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
ISO/IEC 8824-1:2015 | Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1: |
ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
ENV 13729 : DRAFT 2000 | HEALTH INFORMATICS - SECURE USER IDENTIFICATION - STRONG AUTHENTICATION USING MICROPROCESSOR CARDS |
ISO/IEC TR 13335-1:1996 | Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.