UNE-EN ISO 21298:2017

This International Standard defines a model for expressing functional and structural roles and populates it with a basic set of roles for international use in health applications. Roles are generally assigned to entities that are actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles in the context of the provision of care (e.g. subject of care).

Roles can be structural (e.g.: licensed general practitioner, non-licensed transcriptionist) or functional (e.g.: a provider who is a member of a therapeutic team, an attending physician, prescriber, etc). Structural roles are relatively static, often lasting for many years. They deal with relationships between entities expressed at a level of complex concepts. Functional roles are bound to the realisation of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained concepts.

The role concepts defined in this standard are referenced and reused in many international standards created, e.g., by ISO, CEN, HL7 International. Examples are ISO/EN 22600 Health informatics Privilege management and access control , HL7 International HL7 Healthcare privacy and security classification system (HCS) , HL7 International HL7 Security and privacy ontology , HL7 International The HL7 RBAC Healthcare Permission Catalog or HL7 International HL7 Composite security and privacy domain analysis model DSTU .Roles addressed in this International Standard are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this International Standard. This standard does not address specifications related to permissions. This document treats the role and the permission as separate constructs. Further details regarding the relationship with permissions, policy, and access control are provided in ISO 22600.