Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact being Reaffirmed or proceeding to Normative directly after being either Informative or STU?
No
1e. Today's Date
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
1g. Project Artifact Information
1h. ISO/IEC Standard to Adopt
1i. Does the standard include excerpted text from one or more ISO, IEC or ISO/IEC standards, but is not an identical or modified adoption?
1j. Unit of Measure
2a. Primary/Sponsor WG
Security
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2e. Other Interested Parties (and roles)
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2j. Business Requirements Analyst
2k. Conformance Facilitator
2l. Other Facilitators
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.
Attachments
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
3k. Additional Backwards Compatibility Information (if applicable)
3l. Using Current V3 Data Types?
N/A
3l. Reason for not using current V3 data types?
3m. External Vocabularies
N/A
3n. List of Vocabularies
3o. Earliest prior release and/or version to which the compatibility applies
4a. Products
Logical Model
4b. For FHIR IGs and FHIR Profiles, what product version(s) will the profiles apply to?
4c. FHIR Profiles Version
4d. Please define your New Product Definition
4d. Please define your New Product Family
5a. Project Intent
Reaffirmation of a standard
5a. White Paper Type
5a. Is the project adopting/endorsing an externally developed IG?
5a. Externally developed IG is to be (select one)
5a. Specify external organization
5a. Revising Current Standard Info
5b. Project Ballot Type
Normative (no STU)
5c. Additional Ballot Info
5d. Joint Copyright
No
5e. I understand I must submit a Joint Copyright Letter of Agreement to the TSC in order for the PSS to receive TSC approval.
no
6a. External Project Collaboration
N/A
6b. Content Already Developed
100%
6c. Content externally developed?
No
6d. List Developers of Externally Developed Content
6e. Is this a hosted (externally funded) project?
No
6f. Stakeholders
Regulatory Agency, Standards Development Organizations (SDOs)
6f. Other Stakeholders
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7d. US Realm Approval Date
7a. Management Group(s) to Review PSS
7b. Sponsoring WG Approval Date
Jun 08, 2021
7c. Co-Sponsor Approval Date
7c. Co-Sponsor 2 Approval Date
7c. Co-Sponsor 3 Approval Date
7c. Co-Sponsor 4 Approval Date
7c. Co-Sponsor 5 Approval Date
7c. Co-Sponsor 6 Approval Date
7c. Co-Sponsor 7 Approval Date
7c. Co-Sponsor 8 Approval Date
7c. Co-Sponsor 9 Approval Date
7c. Co-Sponsor 10 Approval Date
7e. CDA MG Approval Date
7f. FMG Approval Date
7g. V2 MG Approval Date
7h. Architecture Review Board Approval Date
7i. Steering Division Approval Date
7j. TSC Approval Date
Jun 21, 2021
Show Changes
Version
9
Modifier
Anne Wizauer
Modify Date
Aug 04, 2021 16:13
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
7j. TSC Approval Date
Jun 21, 2021
Version
8
Modifier
Anne Wizauer
Modify Date
Aug 03, 2021 23:39
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
Version
7
Modifier
Kathleen Connor
Modify Date
Jun 11, 2021 06:12
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
Version
6
Modifier
Kathleen Connor
Modify Date
Jun 10, 2021 01:24
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2b. Co-Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2b. Co-Sponsor WG 2
Community Based Care and Privacy
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
Version
5
Modifier
Kathleen Connor
Modify Date
Jun 09, 2021 20:53
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2b. Co-Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2b. Co-Sponsor WG 2
Community Based Care and Privacy
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.
The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.
The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.
A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
Version
4
Modifier
Kathleen Connor
Modify Date
Jun 09, 2021 04:17
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2b. Co-Sponsor WG
Service Oriented Architecture
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2b. Co-Sponsor WG 2
Community Based Care and Privacy
2c. Co-Sponsor Level of Involvement
Request formal content review prior to ballot
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.
The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.
The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.
A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.
3c. Security Risk
No
3d. External Drivers
Continuing need for a healthcare specific access control service functional model
3e. Objectives/Deliverables and Target Dates
N/A
3f. Common Names / Keywords / Aliases:
HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
• A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology
Regulatory Agency, Standards Development Organizations (SDOs)
6g. Vendors
EHR, PHR, Health Care IT, Other
6g. Other Vendors
Health Information Exchange organizations
6h. Providers
Other
6h. Other Providers
Generally, providers developing, purchasing, or maintaining access control systems within their HIT.
6i. Realm
Universal
7b. Sponsoring WG Approval Date
Jun 08, 2021
Version
3
Modifier
Kathleen Connor
Modify Date
Jun 09, 2021 03:29
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1710
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.
The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.
The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.
A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project. This project is needed in order to continue to provide the Access Control portion of PASS.
3c. Security Risk
Unknown
3f. Common Names / Keywords / Aliases:
• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology
3j. Backwards Compatibility
Unknown
4a. Products
Logical Model
5a. Project Intent
Reaffirmation of a standard
5b. Project Ballot Type
Normative (no STU)
6f. Stakeholders
Standards Development Organizations (SDOs)
6g. Vendors
Health Care IT, Other
6g. Other Vendors
Health Information Network Providers
Version
2
Modifier
Kathleen Connor
Modify Date
Jun 07, 2021 21:54
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1806
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.
The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.
The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.
A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.
3b. Project Need
PASS Access Control was part of the overall concept for the PASS project. This project is needed in order to continue to provide the Access Control portion of PASS.
3c. Security Risk
Unknown
3f. Common Names / Keywords / Aliases:
• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology
3j. Backwards Compatibility
Unknown
4a. Products
Logical Model
5a. Project Intent
Reaffirmation of a standard
5b. Project Ballot Type
Normative (no STU)
6f. Stakeholders
Standards Development Organizations (SDOs)
6g. Vendors
Health Care IT, Other
6g. Other Vendors
Health Information Network Providers
Version
1
Modifier
Suzanne Gonzales-Webb
Modify Date
Jun 07, 2021 20:47
1a. Project Name
Privacy, Access and Security Services Access Control Conceptual Model
1b. Project ID
1806
1c. Is Your Project an Investigative Project (aka PSS-Lite)?
No
1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?
No
1f. Name of standard being reaffirmed
Privacy, Access and Security Services Access Control Conceptual Model
2a. Primary/Sponsor WG
Service Oriented Architecture
2d. Project Facilitator
Kathleen Connor
2f. Modeling Facilitator
TBD
2g. Publishing Facilitator
Kathleen Connor
2h. Vocabulary Facilitator
TBD
2i. Domain Expert Representative
Kathleen Connor
2m. Implementers
1. Department of Veterans Affairs
2. TBD
3a. Project Scope
The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.
The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.
The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.
A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.
3b. Project Need
PASS Access Control is part of the overall concept for the PASs project. This project is needed in order to fulfill the Access Control portion of PASS.
3c. Security Risk
Unknown
3f. Common Names / Keywords / Aliases:
• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC
3g. Lineage
Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN
3h. Project Dependencies
• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology
The PASS Access Control Service Functional Model, like many of the Security/CBCP WG standards is a conceptual model, which is foundational to how security is implemented operationally. Please see HL7 Privacy and Security Standards Overview.pptx for more information. For example, the HL7 Version 2 security label capabilities using ARV and other segments that you and I worked on, was based on the HL7 Privacy and Security Healthcare Classification System (HCS), which no one implements. However, it is foundational to the CDA and FHIR DS4P IGs as well as the HL7 V2.9 security label segments. We keep the foundational standards in play because we continue to develop platform specific specification on them. If you would like to discuss further, let me know, and I'll put this topic on an upcoming Security WG call.
Because v2, V3/CDA and FHIR are just (technical) representation forms, we need higher level information models to keep them in sync, i.e. to maintain something from which the representation can be derived. This is the only way not to loose information just because of structural inconsistencies.
Therefore I highly recommend not only to keep those, but develop more.
4 Comments
Ulrike Merrick
Kathleen Connor - can you explain the need for this to be reaffirmed. What is it used for? Who uses it? What is the rationale?
Kathleen Connor
Hi Riki
The PASS Access Control Service Functional Model, like many of the Security/CBCP WG standards is a conceptual model, which is foundational to how security is implemented operationally. Please see HL7 Privacy and Security Standards Overview.pptx for more information. For example, the HL7 Version 2 security label capabilities using ARV and other segments that you and I worked on, was based on the HL7 Privacy and Security Healthcare Classification System (HCS), which no one implements. However, it is foundational to the CDA and FHIR DS4P IGs as well as the HL7 V2.9 security label segments. We keep the foundational standards in play because we continue to develop platform specific specification on them. If you would like to discuss further, let me know, and I'll put this topic on an upcoming Security WG call.
Frank Oemig
Because v2, V3/CDA and FHIR are just (technical) representation forms, we need higher level information models to keep them in sync, i.e. to maintain something from which the representation can be derived. This is the only way not to loose information just because of structural inconsistencies.
Therefore I highly recommend not only to keep those, but develop more.
Ulrike Merrick
Thank you - Melva Peters