ISO 22600:2014 Health informatics - Privilege Management and Access Control

About

ISO 22600:2014 Health informatics - Privilege Management and Access Control defines principles and specifies services needed for managing privileges and access control to data and/or functions.

It focuses on communication and the use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local to a regional or even national situation.

It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.

ISO 22600:2014 Health informatics - Privilege Management and Access Control consist of the following parts, under the general title Health informatics - Privilege management and access control.

  • Part 1: Overview and policy management
  • Part 2: Formal models
  • Part 3: Implementations

Purpose

The ISO 22600:2014 Health informatics - Privilege Management and Access Control set of standards are provided as an advisory standard for policy-based access control. For the purpose of privilege management, rule / policy-based access is expected to give better control and flexibility in defining and enforcing access control. Access control mechanisms such as Role Based, Policy Based, or singular user (applicable in case of mobile based PHR) are acceptable as long as conformant to applicable data security law(s) and rules as well as the policy of the organization where implemented.

Parts Functions
ISO 22600-1:2014 Proposes a template for the policy agreement. It enables the comparable documentation from all parties involved in the information exchange
ISO 22600-2:2014 Introduces the underlying paradigm of formal high-level models for architectural components. It is based on ISO/IEC 10746 (all parts) and introduces the domain model, the document model, the policy model, the role model, the authorization model, the delegation model, the control model, and the access control model
ISO 22600-3:2014 Instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO 22600-2

Information to Get Electronic Health Record (EHR) Standards for India is available at the Get Standard