Skip to end of metadata
Go to start of metadata




1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact being Reaffirmed or proceeding to Normative directly after being either Informative or STU?

No

1e. Today's Date

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

1g. Project Artifact Information

1h. ISO/IEC Standard to Adopt

1i. Does the standard include excerpted text from one or more ISO, IEC or ISO/IEC standards, but is not an identical or modified adoption?

1j. Unit of Measure

2a. Primary/Sponsor WG

Security

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2e. Other Interested Parties (and roles)

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2j. Business Requirements Analyst

2k. Conformance Facilitator

2l. Other Facilitators

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.

Attachments

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

http://www.hl7.org/special/Committees/projman/searchableProjectIndex.cfm?action=edit&ProjectNumber=1710

3j. Backwards Compatibility

N/A

3k. Additional Backwards Compatibility Information (if applicable)

3l. Using Current V3 Data Types?

N/A

3l. Reason for not using current V3 data types?

3m. External Vocabularies

N/A

3n. List of Vocabularies

3o. Earliest prior release and/or version to which the compatibility applies

4a. Products

Logical Model

4b. For FHIR IGs and FHIR Profiles, what product version(s) will the profiles apply to?

4c. FHIR Profiles Version

4d. Please define your New Product Definition

4d. Please define your New Product Family

5a. Project Intent

Reaffirmation of a standard

5a. White Paper Type

5a. Is the project adopting/endorsing an externally developed IG?

5a. Externally developed IG is to be (select one)

5a. Specify external organization

5a. Revising Current Standard Info

5b. Project Ballot Type

Normative (no STU)

5c. Additional Ballot Info

5d. Joint Copyright

No

5e. I understand I must submit a Joint Copyright Letter of Agreement to the TSC in order for the PSS to receive TSC approval.

no

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6d. List Developers of Externally Developed Content

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6f. Other Stakeholders

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7d. US Realm Approval Date

7a. Management Group(s) to Review PSS

7b. Sponsoring WG Approval Date

Jun 08, 2021

7c. Co-Sponsor Approval Date

7c. Co-Sponsor 2 Approval Date

7c. Co-Sponsor 3 Approval Date

7c. Co-Sponsor 4 Approval Date

7c. Co-Sponsor 5 Approval Date

7c. Co-Sponsor 6 Approval Date

7c. Co-Sponsor 7 Approval Date

7c. Co-Sponsor 8 Approval Date

7c. Co-Sponsor 9 Approval Date

7c. Co-Sponsor 10 Approval Date

7e. CDA MG Approval Date

7f. FMG Approval Date

7g. V2 MG Approval Date

7h. Architecture Review Board Approval Date

7i. Steering Division Approval Date

7j. TSC Approval Date

Jun 21, 2021


Version

9

Modifier

Anne Wizauer

Modify Date

Aug 04, 2021 16:13

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

http://www.hl7.org/special/Committees/projman/searchableProjectIndex.cfm?action=edit&ProjectNumber=1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

7j. TSC Approval Date

Jun 21, 2021

Version

8

Modifier

Anne Wizauer

Modify Date

Aug 03, 2021 23:39

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

http://www.hl7.org/special/Committees/projman/searchableProjectIndex.cfm?action=edit&ProjectNumber=1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

Version

7

Modifier

Kathleen Connor

Modify Date

Jun 11, 2021 06:12

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

Project Insight 1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

Version

6

Modifier

Kathleen Connor

Modify Date

Jun 10, 2021 01:24

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2b. Co-Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2b. Co-Sponsor WG 2

Community Based Care and Privacy

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

This specification describes the conceptual viewpoints associated with business requirements for access control within a healthcare environment in accordance with the HL7 Privacy, Access and Security Services (PASS) Service Functional Model (SFM) methodology.
PASS specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and compose-able service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.
This SFM specifies the content, structure, and functional behavior of information critical to access control capabilities including protecting resources in a distributed healthcare environment, where interoperability requirements arise in accordance with applicable privacy and security policies.
Other PASS SFMs include PASS Audit, which is now Volume 4 of the HL7 Privacy and Security Architecture Framework (PSAF) and the PASS Security Labeling Service.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

Project Insight 1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

Version

5

Modifier

Kathleen Connor

Modify Date

Jun 09, 2021 20:53

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2b. Co-Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2b. Co-Sponsor WG 2

Community Based Care and Privacy

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.

The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.

The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.

The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.

A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

Project Insight 1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

Version

4

Modifier

Kathleen Connor

Modify Date

Jun 09, 2021 04:17

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2b. Co-Sponsor WG

Service Oriented Architecture

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2b. Co-Sponsor WG 2

Community Based Care and Privacy

2c. Co-Sponsor Level of Involvement

Request formal content review prior to ballot

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.

The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.

The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.

The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.

A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project and integral to Security Privacy and Security Architecture and Logical Data Model. This project is needed in order to continue to provide the Access Control portion of the suite of HL7 Privacy and Security Conceptual Models.

3c. Security Risk

No

3d. External Drivers

Continuing need for a healthcare specific access control service functional model

3e. Objectives/Deliverables and Target Dates

N/A

3f. Common Names / Keywords / Aliases:

HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

• A key component of the overarching HL7 Security conceptual model standards:
HL7 Composite Security and Privacy Domain Analysis Model
HL7 Privacy and Security Logical Model
HL7 Privacy and Security Architecture Framework, which includes
• HL7 Trust Framework for Federated Authorization Conceptual and Behavioral Models
• HL7 Provenance
• HL7 Audit, which originated as the PASS Audit Service Functional Model
HL7 Security and Privacy Ontology
HL7 Privacy and Security Healthcare Classification System
HL7 PASS Security Labeling Service
HL7 Security and Privacy Access Control Catalog
These HL7 Security standards reference the following foundational standards:
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
tion – Terminology

3i. HL7-Managed Project Document Repository URL:

Project Insight 1710

3j. Backwards Compatibility

N/A

3l. Using Current V3 Data Types?

N/A

3m. External Vocabularies

N/A

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

5d. Joint Copyright

No

6a. External Project Collaboration

N/A

6b. Content Already Developed

100%

6c. Content externally developed?

No

6e. Is this a hosted (externally funded) project?

No

6f. Stakeholders

Regulatory Agency, Standards Development Organizations (SDOs)

6g. Vendors

EHR, PHR, Health Care IT, Other

6g. Other Vendors

Health Information Exchange organizations

6h. Providers

Other

6h. Other Providers

Generally, providers developing, purchasing, or maintaining access control systems within their HIT.

6i. Realm

Universal

7b. Sponsoring WG Approval Date

Jun 08, 2021

Version

3

Modifier

Kathleen Connor

Modify Date

Jun 09, 2021 03:29

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1710

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.

The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.

The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.

The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.

A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project. This project is needed in order to continue to provide the Access Control portion of PASS.

3c. Security Risk

Unknown

3f. Common Names / Keywords / Aliases:

• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology

3j. Backwards Compatibility

Unknown

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

6f. Stakeholders

Standards Development Organizations (SDOs)

6g. Vendors

Health Care IT, Other

6g. Other Vendors

Health Information Network Providers

Version

2

Modifier

Kathleen Connor

Modify Date

Jun 07, 2021 21:54

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1806

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.

The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.

The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.

The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.

A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.

3b. Project Need

PASS Access Control was part of the overall concept for the PASS project. This project is needed in order to continue to provide the Access Control portion of PASS.

3c. Security Risk

Unknown

3f. Common Names / Keywords / Aliases:

• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology

3j. Backwards Compatibility

Unknown

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

6f. Stakeholders

Standards Development Organizations (SDOs)

6g. Vendors

Health Care IT, Other

6g. Other Vendors

Health Information Network Providers

Version

1

Modifier

Suzanne Gonzales-Webb

Modify Date

Jun 07, 2021 20:47

1a. Project Name

Privacy, Access and Security Services Access Control Conceptual Model

1b. Project ID

1806

1c. Is Your Project an Investigative Project (aka PSS-Lite)?

No

1d. Is your Project Artifact now proceeding to Normative directly or after being either Informative or STU?

No

1f. Name of standard being reaffirmed

Privacy, Access and Security Services Access Control Conceptual Model

2a. Primary/Sponsor WG

Service Oriented Architecture

2d. Project Facilitator

Kathleen Connor

2f. Modeling Facilitator

TBD

2g. Publishing Facilitator

Kathleen Connor

2h. Vocabulary Facilitator

TBD

2i. Domain Expert Representative

Kathleen Connor

2m. Implementers

1. Department of Veterans Affairs
2. TBD

3a. Project Scope

The Privacy, Access and Security Services (PASS) project specifies a set of Service Functional Models (SFMs) each defining an encapsulated, loosely-coupled and composable service component that can contribute to ensuring the confidentiality and integrity of healthcare information within a service-oriented environment.

The SFM for each PASS component defines both the functional capabilities accessible through provided interfaces and any external service dependencies. PASS SFMs are intended to be technology neutral, platform neutral and complementary to existing specifications.

The Conceptual Model for the Privacy, Access, and Security Services project Audit Service (PASS Audit Service) describes the conceptual-level viewpoints associated with the business requirements that relate to the content, structure, and functional behavior of information important to the Audit area of the Privacy, Access, and Security domains within the healthcare environment. Thus it seeks to define the business requirements of an Audit service.

The PASS Access Control model presents the information and capabilities required to provide Access Control services to protected resources in a distributed healthcare environment, where interoperability requirements arise.

A pre‐requisite to any Access Control activity is the management of Access Control policies. This document considers the behavior associated with the lifecycle of those policies.

3b. Project Need

PASS Access Control is part of the overall concept for the PASs project. This project is needed in order to fulfill the Access Control portion of PASS.

3c. Security Risk

Unknown

3f. Common Names / Keywords / Aliases:

• HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, Release 1 ; HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Access Control, PIM Level, Release 1; PASS, PASS AC

3g. Lineage

Privacy, Access, and Security Services (PASS) Access Control Services Conceptual Model, DSTU, Release 1.0, DSTU Ballot ID: V3_PASS_AC_R1_D1_2010JAN

3h. Project Dependencies

• Parallel work sponsored by the HL7 Security WG which is tasked with producing a Security Domain Analysis Model (DAM)
• Community‐Based Collaborative Care (CBCC) – Composite Privacy Domain Analysis Model (DSTU)
• HL7 Services Aware Enterprise Architecture Framework (SAEAF)
• ISO TS 22600-2:2006, Privilege Management and Access Control – Part 2: Formal Models
• ISO/IEC 10181-3:1996 – Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework – Access Enforcement Function “intercept” modeling
• ISO 22600 series – Policy Management and Access Control – Basic Access Control Model
• OASIS XACML 2.0 Specification – Terminology

3j. Backwards Compatibility

Unknown

4a. Products

Logical Model

5a. Project Intent

Reaffirmation of a standard

5b. Project Ballot Type

Normative (no STU)

6f. Stakeholders

Standards Development Organizations (SDOs)

6g. Vendors

Health Care IT, Other

6g. Other Vendors

Health Information Network Providers

4 Comments

  1. Kathleen Connor - can you explain the need for this to be reaffirmed. What is it used for? Who uses it? What is the rationale?

    1. Hi Riki

      The PASS Access Control Service Functional Model, like many of the Security/CBCP WG standards is a conceptual model, which is foundational to how security is implemented operationally.  Please see HL7 Privacy and Security Standards Overview.pptx for more information. For example, the HL7 Version 2 security label capabilities using ARV and other segments that you and I worked on, was based on the HL7 Privacy and Security Healthcare Classification System (HCS), which no one implements.  However, it is foundational to the CDA and FHIR DS4P IGs as well as the HL7 V2.9 security label segments.  We keep the foundational standards in play because we continue to develop platform specific specification on them. If you would like to discuss further, let me know, and I'll put this topic on an upcoming Security WG call.






  2. Because v2, V3/CDA and FHIR are just (technical) representation forms, we need higher level information models to keep them in sync, i.e. to maintain something from which the representation can be derived. This is the only way not to loose information just because of structural inconsistencies.

    Therefore I highly recommend not only to keep those, but develop more.