DIN Standards Committee Health Technologies
DIN EN ISO 22600-3
Health informatics - Privilege management and access control - Part 3: Implementations (ISO 22600-3:2014); German version EN ISO 22600-3:2014
Medizinische Informatik - Privilegmanagement und Zugriffssteuerung - Teil 3: Implementierungen (ISO 22600-3:2014); Deutsche Fassung EN ISO 22600-3:2014
Overview
This multi-part International Standard defines principles and specifies services needed for managing privileges and access control to data and functions. It focuses on the communication and use of health related information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare and healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation. It specifies the necessary component-based concepts and is intended to support their technical implementation. It does not specify the use of these concepts in particular clinical process pathways. This part of ISO 22600 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO 22600-2. This part of ISO 22600 contains neither platform-specific nor implementation details. It does not define technical communicative security services, authentication procedures and protocols that are already defined in other International Standards such as, for example, in ISO 7498-2, ISO/IEC 10745 (ITU-T X.803), ISO/IEC TR 13594 (ITU-T X.802), ISO/IEC 10181-1 (ITU-T X.810), ISO/IEC 9594-8 (ITU-T X.509), ISO/IEC 9796 (all parts), ISO/IEC 9797 (all parts) and ISO/IEC 9798 (all parts). This standard contains the German translation of ISO 22600-3:2014 which has been prepared by Technical Committee CEN/TC 251 "Medical Informatics", the secretariat of which is held by NEN (the Netherlands) in collaboration with Technical Committee ISO/TC 215 "Health Informatics" with the participation of German experts. The responsible body at the national level is DIN Standards Committee Medicine, Working Committee NA 063-07-04 AA "Sicherheit" ("Security").