Health informatics — Privilege management and access control — Part 2: Formal models

ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions. It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of health care, healthcare organisations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation. ISO 22600 specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.

ISO 22600-2:2014 introduces the underlying paradigm of formal high-level models for architectural components. It is based on ISO/IEC 10746 (all parts) and introduces the domain model, the document model, the policy model, the role model, the authorisation model, the delegation model, the control model, and the access control model.

Main sections:

· Scope

· Normative references

· Terms and definitions

· Abbreviated terms

· Component paradigm

· Generic models

· Annex A: Functional and structural roles