DD-ENV-13606-3-2000.pdf

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DRAFT FOR DEVELOPMENT DD ENV 13606-3:2000 ICS 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Health Informatics Ð Electronic healthcare record communication Ð Part 3: Distribution rules Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI This British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 August 2000 BSI 08-2000 ISBN 0 580 35482 2 DD ENV 13606-3:2000 Amendments issued since publication Amd. No.DateComments National foreword This Draft for Development is the English language version of ENV 13606-3:2000. This publication is not to be used as a British Standard. It is being issued in the Draft for Development series of publications and is of a provisional nature due to the limited nature of the European Prestandard. It should be applied on this provisional basis, so that information and experience of its practical application may be obtained. Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the European organization responsible for its conversion into a European Standard. A review of this publication will be initiated 2 years after its publication by the European organization so that a decision can be taken on its status at the end of its three-year life. The commencement of the review period will be notified by an announcement in Update Standards. According to the replies received by the end of the review period, the responsible BSI Committee will decide whether to support the conversion into a European Standard, to extend the life of the prestandard or to withdraw it. Comments should be sent in writing to the Secretary of BSI Technical Committee IST/35, Health Informatics, at 389 Chiswick High Road, London W4 4AL, giving the document reference and clause number and proposing, where possible, an appropriate revision of the text. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled ªInternational Standards Correspondence Indexº, or by using the ªFindº facility of the BSI Standards Electronic Catalogue. Summary of pages This document comprises a front cover, an inside front cover, the ENV title page, pages 2 to 63 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EUROPEAN PRESTANDARD PRÉNORME EUROPÉENNE EUROPÄISCHE VORNORM ENV 13606-3 May 2000 ICS 35.240.80 English version Health informatics - Electronic healthcare record communication - Part 3: Distribution rules This European Prestandard (ENV) was approved by CEN on 29 July 1999 as a prospective standard for provisional application. The period of validity of this ENV is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the ENV can be converted into a European Standard. CEN members are required to announce the existence of this ENV in the same way as for an EN and to make the ENV available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the ENV) until the final decision about the possible conversion of the ENV into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG Central Secretariat: rue de Stassart, 36 B-1050 Brussels © 2000 CENAll rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. ENV 13606-3:2000 E Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 2 ENV 13606-3:2000 Contents Foreword 3 Introduction3 1Scope.5 2Normative references.5 3Terms and definitions6 4Symbols and abbreviations.8 5Distribution rule and access log9 5.1Overview.9 5.2Overview to distribution rules and access log items.13 5.3Distribution rule reference13 5.4Distribution rule.15 5.5Who.17 5.6When .18 5.7Where19 5.8Why.20 5.9How .21 5.10 Purpose of Use22 5.11 Healthcare Party Role .23 5.12 Security Policy24 5.13 Consent Required.25 5.14 Access Log Item26 6Data types.29 Annex A (informative) Distribution Rule and Access Log Item - ASN.1 Data definition32 Annex B (informative) Distribution Rule - worked examples.37 Annex C (informative) Distribution Rule - Principle43 Annex D (informative) Business Roles and System Roles.50 Annex E (informative) Distribution Rule - examples of security principles .54 Annex F (informative) Maintaining Access Logging.58 Annex G (informative) Distribution Rule - Examples of profiling 61 Bibliography.63 Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 3 ENV 13606-3:2000 Foreword This European Prestandard has been prepared by Technical Committee CEN/TC 251 “Health informatics“, the secretariat of which is held by SIS. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this European Prestandard: Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This is Part 3 of a multipart standard on Electronic Healthcare Record Communication. The multipart standard consists of the following parts: - Part 1: Extended Architecture - Part 2: Domain Term List - Part 3: Distribution Rules - Part 4: Messages for the Exchange of information This Prestandard was drafted using the conventions of the ISO/IEC directive part 3. All annexes are informative. Introduction The need to distribute electronic healthcare records in whole or in part, whilst at the same time preserving security principles, has been the prime motivation behind the writing of this part European prestandard. However, the need for the opportunity for the subject of care to take a central role in their electronic healthcare record or its components being distributed both within and outside an information system to potential data users has taken priority over all other issues. The EU Data Protection Directive 95/46/EC and the Council of Europe Recommendation on the Protection of Medical Data R(97)5 have also been central to the development of these distribution rules. Serious consideration has been given to handling problems of access, not only to read from an electronic healthcare record but also to add information from within the same care team and document correctly. The problems are closely related since in many cases there are two systems interacting: one sending and the other receiving information. This part European prestandard does not define the rules themselves (e.g. who should have access to what), these needing to be determined by local users, national guidelines and legislation. However it does define some of the requirements in relation to the architecture of the information system and in particular architectural component as described in part one of this four part European prestandard. It also places certain requirements on the functioning of information systems complying with this architecture and this part European prestandard in particular. These requirements when fulfilled enable compliance with the distribution rules defined by the data controller of the electronic healthcare record. Distribution rules are a controlling mechanism, enabling access to and/or further distribution of the components to which they are attributed. Under the provisions and requirements of this European prestandard if a distribution rule is present then the data cannot be accessed or distributed unless the provisions of the rule are complied with. As a consequence it is possible to implement the distribution rules principles in such a fashion that the data may become unavailable thereafter. For both legal and healthcare reasons this should be prevented by the application of “fall back” rules with a “super user” type of access that will grant access to all data stored within the information system. In order to provide the necessary flexibility required by the user community and avoid simple hierarchical constructs it is intended that where multiple distribution rules are present, they are processed individually and not as a combination. This method will provide for interoperability across country borders without weakening the rights of the subject of care. As a safeguard an access log has been included to ensure that if, for auditing or legal purposes, information is required on the distribution of data under the provision of distribution rules then this can be recreated in full. This access log and its entries are not intended to be communicated outside the information system to which it relates other than rendered in human viewable format. If, for example, a data user be granted the privilege of having data distributed to them under the terms of a distribution rule that grants the right to modify or add to the architectural component covered by the rule then a Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 4 ENV 13606-3:2000 new version of those components is created. This new version may have further distribution rules added to it to provide for the new information needs. Version control within the architecture, as defined in part one of this four part European prestandard, provides for full recreation of the audit trail when used in conjunction with the relevant access log entry. In clause 5, a set of data objects are shown that can be used to define rules that when implemented are interactive with other components and functions in an information system to control the distribution of data. Vendors are free to implement the distribution rules as they find best suited for their system, but they will have to follow the specifications in this document, including the data type definitions, when a distribution rule is distributed outside the originating electronic healthcare record system. Annex A (Informative) shows the data structures when rendered into human viewable format for legal recreation and audit purposes outside the automated components of an information system. Throughout this document Unified Modeling Language (UML) has been used. Reference is made to this technique in the Bibliography annex. When national profiles are created using this European prestandard, then whilst the mandatory elements prescribed within the data objects will need to be included, the presence of optional elements within the national profile are left to national discretion. If transnational interoperability is required, then all attributes are necessary and this European prestandard will need to be implemented in its entirety. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 10 13:20:33 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 5 ENV 13606-3:2000 Health informatics - Electronic healthcare record communication - Part 3: Distribution rules 1 Scope This European prestandard specifies data objects for describing rules for distribution or sharing of electronic healthcare records in whole or in part. This European prestandard establishes general principles for the interaction of these data objects with other components and mechanisms within an electronic healthcare record application, thereby controlling the distribution of electronic healthcare records in whole or in part. This European prestandard establishes ways of creating information with associated security attributes. This European prestandard defines a methodology for constructing rules built from defined data objects, capable of being implemented using a range of techniques, to effect the control of sharing of electronic healthcare record data. This European prestandard establishes principles that allow security policies to be implemented and incorporated in order to ensure the safe use of the data. This European prestandard specifies a method for constructing an Access Log, that can be rendered human viewable, that records distribution of the data to which a Distribution Rule is attached. This European prestandard does not specify the mechanisms and functions that take part within the negotiation procedure and therefore fully automate the data distribution process. This European prestandard does not specify the mechanisms and functions that will allow some systems to continuously re-authenticate the data communication session and monitor its integrity. This European prestandard allows the sharing of records distributed in space, time or responsibility. This European prestandard does not specify the data objects and packages represented in an Information System. 2 Normative references This European prestandard incorporates by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions of any of these publications apply to this European prestandard only when incorporated in it by amendment or revision. For undated references the latest edition of the publication referred to applies. ISO 6391988Codes for the representation of names of languages ISO10871990Vocabulary of terminology ISO7498-2Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture ISO8824-11995Information Technology - Open Systems Interconnection Specification of Abstract Syntax Notation One (ASN.1). - Part 1: Specification of the basic notation ISO7498-41997Open systems interconnection - The directory - authentication framework EN231661994Codes for the representation of countries ENV 122651996Medical Informatics