1、July 2017 English price group 18No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 35.240.80!%h?q“2692878www.din.deDIN
2、 EN ISO 21298Health informatics Functional and structural roles (ISO 21298:2017, Corrected version 201704);English version EN ISO 21298:2017,English translation of DIN EN ISO 21298:2017-07Medizinische Informatik Funktionelle und strukturelle Rollen (ISO 21298:2017, korrigierte Fassung 201704);Englis
3、che Fassung EN ISO 21298:2017,Englische bersetzung von DIN EN ISO 21298:2017-07Informatique de sant Rles fonctionnels et structurels (ISO 21298:2017, Version corrige 201704);Version anglaise EN ISO 21298:2017,Traduction anglaise de DIN EN ISO 21298:2017-07www.beuth.deDocument comprises 40 pagesDTran
4、slation by DIN-Sprachendienst.In case of doubt, the German-language original shall be considered authoritative.07.17 DIN EN ISO 21298:2017-07 2 A comma is used as the decimal marker. National foreword This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 “Health infor
5、matics” (Secretariat: ANSI, USA) in collaboration with Technical Committee CEN/TC 251 “Health informatics” (Secretariat: NEN, Netherlands). The responsible German body involved in its preparation was DIN-Normenausschuss Medizin (DIN Standards Committee Medicine), Working Committee NA 063-07-04 AA “S
6、ecurity”. The DIN Standards corresponding to the International Standards referred to in this document are as follows: ISO 22600-1 DIN EN ISO 22600-1 ISO 22600-2 DIN EN ISO 22600-2 National Annex NA (informative) Bibliography DIN EN ISO 22600-1, Health informatics Privilege management and access cont
7、rol Part 1: Overview and policy management DIN EN ISO 22600-2, Health informatics Privilege management and access control Part 2: Formal models EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 21298 February 2017 ICS 35.240.80 English Version Health informatics - Functional and structural ro
8、les(ISO 21298:2017, Corrected version 2017-04) Informatique de sant - Rles fonctionnels et structurels (ISO 21298:2017, Versioncorrige 2017-04) Medizinische Informatik - Funktionelle und strukturelle Rollen (ISO 21298:2017, korrigierte Fassung 2017-04) This European Standard was approved by CEN on 2
9、0 January 2017. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may
10、be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to
11、 the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland,
12、Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Ma
13、nagement Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 21298:2017 EEuropean foreword .3Introduction 51 Scope . 62 Normative references 63 Terms and definitions . 64 Abbreviated t
14、erms . 105 Modeling roles in an architectural context 105.1 Roles within the Generic Component Model 105.2 Roles and policy aspects 135.3 Roles in privilege management . 145.4 Relations of this standard to related privilege management specifications . 145.5 Structural roles 155.5.1 General. 155.5.2
15、Structural roles of healthcare professions from the International Labour Organization for trans-jurisdiction mapping .155.5.3 Healthcare specialties 165.6 Functional roles . 176 Formally modelling roles 196.1 Roles within the Generic Component Model 196.2 Developing the role model . 196.2.1 Relation
16、ships and transformation .196.2.2 Assignment of structural roles 206.2.3 Generic role specification 206.3 Relationships between structural and functional roles 237 Use cases for the use of structural and functional roles in an interregional or international context 23Annex A (informative) ISCO-08 sa
17、mple mapping .25Annex B (informative) Sample certificate profile for regulated healthcare professional .36Bibliography .38Contents PageDIN EN ISO 21298:2017-07 EN ISO 21298:2017 (E) 2Foreword .4European foreword This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 “H
18、ealth informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by August 2017, a
19、nd conflicting national standards shall be withdrawn at the latest by August 2017. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. Acc
20、ording to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, German
21、y, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 21298:2017, Corrected version 2017-04 has been
22、approved by CEN as EN ISO 21298:2017 without any modification. DIN EN ISO 21298:2017-07 EN ISO 21298:2017 (E) 3 ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards i
23、s normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take par
24、t in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particul
25、ar the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of th
26、is document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www
27、 .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to
28、the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www .iso .org/ iso/ foreword .html.This first edition of ISO 21298 cancels and replaces ISO/TS 21298:2008, which has been technically revised.The committee responsible for this document is I
29、SO/TC 215, Health informatics.This corrected version incorporates the following correction: replacement of Figure 2.DIN EN ISO 21298:2017-07 EN ISO 21298:2017 (E) 4 IntroductionThis document contains a specification for encoding information related to roles for health professionals and consumers. At
30、 least five areas have been identified where a model for encoding role information is needed.a) Privilege management and access control: role-based access control is not possible without an effective means of recording role information for healthcare actors.b) Directory services: structural roles ar
31、e usefully recorded within directories of healthcare providers (see for example, ISO 21091).c) Audit trails: functional roles are usefully recorded within audit trails for health information applications.d) Public key infrastructure (PKI): The ISO 17090 series allows for the encoding of healthcare r
32、oles in certificate extensions, but no structured vocabulary for such roles is specified. This document identifies such a coded vocabulary.e) Purpose of use: A role specification determines for what purposes healthcare information can be used. Purposes of use are tied to specific roles in many cases
33、 (see for example, ISO 21091).In addition to these security-related applications, there are several other possible applications of this standard, such as follows. Clinical care provision: finding and identifying the right professional for a health service. Support of care: billing of healthcare serv
34、ices. Communication management: directing healthcare-related messages by means of a specific role. Health service management and quality assurance: defining the purpose of use for specific data.This document is complementary to other relevant standards that also describe and define roles for the pur
35、pose of access control. It extends the model through the separation of role and policy. This separation allows for a richer and more flexible capability to instantiate business rules across multiple domains and jurisdictions. Backward compatibility with ANSI International Committee for Information T
36、echnology Standards (INCITS) and HL7 RBAC (Role-Based Access Control) is provided through simplification by combining policy and role into a single construct.The role concepts defined in this document are referenced and reused in many international standards created, for example, by ISO, CEN, HL7 In
37、ternational. Examples are ISO 22600, Reference 9, Reference 10 and Reference 11.The European Commission and the EU Parliament have established a Professional Qualifications Directive (2005/36/EC) defining medical specialties (see http:/ eur -lex .europa .eu/ legal -content/ EN/ T X T/ HTML/ ?uri = C
38、ELEX: 02005L0036 -20140117 an authority trusted by one or more relying parties to create, assign and manage certificatesNote 1 to entry: Optionally, the certification authority can create the relying parties keys ISO 9594-8. The CA issues certificates by signing certificate data with its private sig
39、ning key.Note 2 to entry: Authority in the CA term does not imply any government authorization, only that it is trusted. Certificate issuer can be a better term but CA is used very broadly.SOURCE: ISO 22600-1:2014, 3.83.6delegationconveyance of privilege from one entity (3.8) that holds such privile
40、ge, to another entitySOURCE: ISO 22600-1:2014, 3.103.7delegation pathordered sequence of certificates which, together with authentication of a privilege asserters (3.19) identity, can be processed to verify the authenticity of a privilege asserters privilegeSOURCE: ISO 22600-2:2014, 3.153.8entityany
41、 concrete or abstract thing of interestNote 1 to entry: While in general, the word entity can be used to refer to anything, in the context of modelling it is reserved to refer to things in the universe of discourse being modelled.3.9functional rolerole (3.21) which is bound to an actNote 1 to entry:
42、 Functional roles can be assigned to be performed during an act.Note 2 to entry: Functional roles have been specified in this document.Note 3 to entry: Functional roles correspond to the ISO/HL7 21731 RIM participation.Note 4 to entry: See also structural role (3.26).DIN EN ISO 21298:2017-07 EN ISO
43、21298:2017 (E) 7 3.10healthcare organizationofficially registered organization that has a main activity related to healthcare services or health promotionEXAMPLE Hospitals, Internet healthcare website providers, and healthcare research institutions.Note 1 to entry: The organization is recognized to
44、be legally liable for its activities but need not be registered for its specific role (3.21) in health.SOURCE: ISO 17090-1:2013, 3.1.43.11healthcare professionalhealthcare personnel having a healthcare professional entitlement recognized in a given jurisdictionNote 1 to entry: The healthcare profess
45、ional entitlement entitles a healthcare professional to provide healthcare independent of a role (3.21) in a healthcare organization (3.10).EXAMPLE GP, medical consultant, therapist, dentist, etc.3.12identificationperformance of tests to enable a data processing system to recognize entities3.13non-r
46、egulated healthcare personnelperson employed by a healthcare organization (3.10), but who is not a regulated health professionalEXAMPLE Massage therapist, music therapist, etc.SOURCE: ISO 17090-1:2013, 3.1.5, modified3.14organization employeeperson employed by a healthcare organization (3.10) or a s
47、upporting organization (3.27)EXAMPLE Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical order entry clerks.3.15policyset of legal, political, organizational, functional and technical obligations for communication and cooperationSOURCE: ISO 22600-1:2014, 3
48、.133.16policy agreementwritten agreement where all involved parties commit themselves to a specified set of policiesSOURCE: ISO 22600-1:2014, 3.143.17principalhuman users and objects that need to operate under their own rightsSOURCE: OMG Security Services Specification: 2001DIN EN ISO 21298:2017-07 EN ISO 21298:2017 (E) 8 3.18privilegecapacity assigned to an entity (3.8) by an authority according to the entitys attributeNote 1 to en