Health informatics - Functional and structural roles (ISO 21298:2017, Corrected version 2017-04)

ISO 21298:2017 defines a model for expressing functional and structural roles and populates it with a basic set of roles for international use in health applications. Roles are generally assigned to entities that are actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles in the context of the provision of care (e.g. subject of care).
Roles can be structural (e.g. licensed general practitioner, non-licensed transcriptionist, etc.) or functional (e.g. a provider who is a member of a therapeutic team, an attending physician, prescriber, etc.). Structural roles are relatively static, often lasting for many years. They deal with relationships between entities expressed at a level of complex concepts. Functional roles are bound to the realization of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained concepts.
Roles addressed in this document are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this document. This document does not address specifications related to permissions. This document treats the role and the permission as separate constructs. Further details regarding the relationship with permissions, policy, and access control are provided in ISO 22600.

Medizinische Informatik - Funktionelle und strukturelle Rollen (ISO 21298:2017, korrigierte Fassung 2017-04)

Diese internationale Norm legt ein Modell für die Beschreibung von funktionellen und strukturellen Rollen fest und füllt dieses mit einem Basissatz von Rollen für den internationalen Einsatz in Anwendungen des Gesundheitswesens. Rollen werden in der Regel Entitäten, die Akteure sind, zugeordnet. Dies wird auf Rollen von Personen (z. B. die Rollen der Heilberufe) und ihre Rollen im Rahmen der Erbringung von Pflege (z. B. Behandelter) fokussiert.
Rollen können struktureller (z. B. lizenzierter Allgemeinmediziner, nicht-lizenzierte Schreibkraft) oder funktioneller (z. B. Anbieter, der Mitglied eines therapeutischen Teams ist, behandelnder Arzt, verschreibender Arzt) Art sein. Strukturelle Rollen sind relativ statisch, oft über viele Jahre hinweg. Sie beschäftigen sich mit Beziehungen zwischen Entitäten, die auf einem Niveau von komplexen Konzepten angegeben werden. Funktionelle Rollen sind an der Realisierung von Maßnahmen ausgerichtet und daher sehr dynamisch. Sie werden gewöhnlich in einem aufteilbaren Niveau durch feingliedrige Konzepte angegeben.
Rollen, die in dieser Internationalen Norm behandelt werden, sind nicht auf Zwecke des Privilegienmanagements beschränkt, obwohl das Privilegienmanagement und die Zugriffssteuerung eine der Anwendungen dieser Internationalen Norm sind. Diese Norm behandelt keine Spezifikationen, die sich auf Berechtigungen beziehen. Dieses Dokument behandelt die Rolle und die Berechtigung als separate Konstrukte. Weitere Einzelheiten hinsichtlich der Beziehung zwischen Berechtigungen, Policies und Zugriffssteuerungen sind in ISO 22600 beschrieben.

Informatique de santé - Rôles fonctionnels et structurels (ISO 21298:2017, Version corrigée 2017-04)

ISO 21298:2017 définit un modèle qui permet de décrire les rôles fonctionnels et structurels, et l'alimente avec une base de rôles pour une utilisation internationale dans les applications de santé. Les rôles sont en général attribués à des entités qui sont des acteurs. La présente norme mettra l'accent sur le rôle des personnes (par exemple: le rôle des professionnels de la santé) ainsi que sur leurs rôles dans le contexte de la prestation de soins (par exemple: sujet de soins).
Les rôles peuvent être structurels (par exemple: médecin généraliste agréé, transcripteur médical non agréé, etc.) ou fonctionnels (par exemple: prestataire membre d'une équipe thérapeutique, médecin traitant, prescripteur, etc.). Les rôles structurels sont relativement statiques, souvent valables pendant de nombreuses années. Ils traitent des relations entre les entités exprimées à un niveau de concepts complexes. Les rôles fonctionnels sont liés à la réalisation d'actions et sont très dynamiques. Ils sont généralement exprimés à un niveau détaillé de concepts élémentaires.
Les rôles objet du présent document ne sont pas traités uniquement sous l'angle de la gestion des privilèges, bien que la gestion des privilèges et le contrôle d'accès soient l'une des applications de ce document. Le présent document ne traite pas des spécifications liées aux permissions. Le présent document considère le rôle et la permission comme des éléments distincts. Des détails supplémentaires concernant les liens avec les permissions, la politique et le contrôle d'accès sont fournis dans l'ISO 22600.

Zdravstvena informatika - Funkcionalne in strukturne vloge (ISO 21298:2017, popravljena različica 2017-04)

Ta mednarodni standard določa model za izražanje funkcionalnih in strukturnih vlog in mu določa osnovni nabor vlog za mednarodno rabo v zdravstvu. Vloge so na splošno dodeljene subjektom, ki so izvajalci. S tem se osredotoči na vloge oseb (npr. vloge zdravstvenih delavcev) in njihove vloge v kontekstu zagotavljanja oskrbe (npr. predmet nege). Vloge so lahko strukturne (npr. licencirani zdravnik splošne medicine, izdajatelj receptov brez licence) ali funkcionalne (npr. ponudnik, ki je član terapevtske skupine, zdravnik, predpisovalec itd.). Strukturne vloge so relativno statične in pogosto trajajo več let. Obravnavajo odnose med subjekti, izražene na ravni zapletenih konceptov. Funkcionalne vloge so vezane na uresničitev dejanj in so zelo dinamične. Običajno so izražene na razčlenjeni ravni močno razdrobljenih konceptov. Koncepti vlog, določeni v tem standardu, se navajajo in znova uporabljajo v številnih mednarodnih standardih organizacij, kot so npr. ISO, CEN, HL7 International. Primeri so: ISO 22600 »Zdravstvena informatika – Upravljanje privilegijev in dostopovno krmiljenje«, HL7 International »HL7 Healthcare privacy and security classification system (HCS)”, HL7 International »HL7 Security and privacy ontology«, HL7 International »The HL7 RBAC Healthcare Permission Catalog« ali HL7 International »HL7 Composite security and privacy domain analysis model DSTU«. Vloge, obravnavane v tem mednarodnem standardu, niso omejene na upravljanje privilegijev, čeprav je upravljanje privilegijev in nadzor dostopa eden od načinov uporabe tega mednarodnega standarda. Ta standard se ne nanaša na specifikacije, ki so povezane z dovoljenji. V tem dokumentu sta vloga in dovoljenje obravnavana kot ločena konstrukta. Dodatne podrobnosti o dovoljenjih, politiki in nadzoru dostopa so na voljo v standardu ISO 22600.

General Information

Status
Published
Publication Date
21-Feb-2017
Withdrawal Date
30-Aug-2017
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
22-Feb-2017
Completion Date
22-Feb-2017

Buy Standard

Standard
EN ISO 21298:2017 - BARVe na PDF-str 19,26,27,29
English language
41 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
EN ISO 21298:2017 - BARVE
English language
41 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-julij-2017
Zdravstvena informatika - Funkcionalne in strukturne vloge (ISO 21298:2017)
Health informatics - Functional and structural roles (ISO 21298:2017)
Medizinische Informatik - Funktionelle und strukturelle Rollen (ISO 21298:2017)
Informatique de santé - Rôles fonctionnels et structurels (ISO 21298:2017)
Ta slovenski standard je istoveten z: EN ISO 21298:2017
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 21298
EUROPEAN STANDARD
NORME EUROPÉENNE
February 2017
EUROPÄISCHE NORM
ICS 35.240.80
English Version
Health informatics - Functional and structural roles (ISO
21298:2017, Corrected version 2017-04)
Informatique de santé - Rôles fonctionnels et Medizinische Informatik - Funktionelle und
structurels (ISO 21298:2017, Version corrigée 2017- strukturelle Rollen (ISO 21298:2017, korrigierte
04) Fassung 2017-04)
This European Standard was approved by CEN on 20 January 2017.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21298:2017 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 “Health
informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the
secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2017, and conflicting national standards shall
be withdrawn at the latest by August 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 21298:2017, Corrected version 2017-04 has been approved by CEN as
INTERNATIONAL ISO
STANDARD 21298
First edition
2017-02
Corrected version
2017-04
Health informatics — Functional and
structural roles
Informatique de santé — Rôles fonctionnels et structurels
Reference number
ISO 21298:2017(E)
©
ISO 2017
ISO 21298:2017(E)
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

ISO 21298:2017(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 5
5 Modeling roles in an architectural context . 5
5.1 Roles within the Generic Component Model . 5
5.2 Roles and policy aspects . 8
5.3 Roles in privilege management . 9
5.4 Relations of this standard to related privilege management specifications . 9
5.5 Structural roles .10
5.5.1 General.10
5.5.2 Structural roles of healthcare professions from the International Labour
Organization for trans-jurisdiction mapping .10
5.5.3 Healthcare specialties .11
5.6 Functional roles .12
6 Formally modelling roles .14
6.1 Roles within the Generic Component Model .14
6.2 Developing the role model .14
6.2.1 Relationships and transformation .14
6.2.2 Assignment of structural roles.15
6.2.3 Generic role specification .15
6.3 Relationships between structural and functional roles .18
7 Use cases for the use of structural and functional roles in an interregional or
international context .18
Annex A (informative) ISCO-08 sample mapping .20
Annex B (informative) Sample certificate profile for regulated healthcare professional .31
Bibliography .33
ISO 21298:2017(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
This first edition of ISO 21298 cancels and replaces ISO/TS 21298:2008, which has been technically
revised.
The committee responsible for this document is ISO/TC 215, Health informatics.
This corrected version incorporates the following correction:
— replacement of Figure 2.
iv © ISO 2017 – All rights reserved

ISO 21298:2017(E)
Introduction
This document contains a specification for encoding information related to roles for health
professionals and consumers. At least five areas have been identified where a model for encoding role
information is needed.
a) Privilege management and access control: role-based access control is not possible without an
effective means of recording role information for healthcare actors.
b) Directory services: structural roles are usefully recorded within directories of healthcare
providers (see for example, ISO 21091).
c) Audit trails: functional roles are usefully recorded within audit trails for health information
applications.
d) Public key infrastructure (PKI): The ISO 17090 series allows for the encoding of healthcare roles
in certificate extensions, but no structured vocabulary for such roles is specified. This document
identifies such a coded vocabulary.
e) Purpose of use: A role specification determines for what purposes healthcare information can be
used. Purposes of use are tied to specific roles in many cases (see for example, ISO 21091).
In addition to these security-related applications, there are several other possible applications of this
standard, such as follows.
— Clinical care provision: finding and identifying the right professional for a health service.
— Support of care: billing of healthcare services.
— Communication management: directing healthcare-related messages by means of a specific role.
— Health service management and quality assurance: defining the purpose of use for specific data.
This document is complementary to
...


SLOVENSKI STANDARD
01-julij-2017
Zdravstvena informatika - Funkcionalne in strukturne vloge (ISO 21298:2017,
popravljena različica 2017-04)
Health informatics - Functional and structural roles (ISO 21298:2017, Corrected version
2017-04)
Medizinische Informatik - Funktionelle und strukturelle Rollen (ISO 21298:2017,
korrigierte Fassung 2017-04)
Informatique de santé - Rôles fonctionnels et structurels (ISO 21298:2017, Version
corrigée 2017-04)
Ta slovenski standard je istoveten z: EN ISO 21298:2017
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 21298
EUROPEAN STANDARD
NORME EUROPÉENNE
February 2017
EUROPÄISCHE NORM
ICS 35.240.80
English Version
Health informatics - Functional and structural roles (ISO
21298:2017, Corrected version 2017-04)
Informatique de santé - Rôles fonctionnels et Medizinische Informatik - Funktionelle und
structurels (ISO 21298:2017, Version corrigée 2017- strukturelle Rollen (ISO 21298:2017, korrigierte
04) Fassung 2017-04)
This European Standard was approved by CEN on 20 January 2017.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21298:2017 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 “Health
informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the
secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2017, and conflicting national standards shall
be withdrawn at the latest by August 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 21298:2017, Corrected version 2017-04 has been approved by CEN as
INTERNATIONAL ISO
STANDARD 21298
First edition
2017-02
Corrected version
2017-04
Health informatics — Functional and
structural roles
Informatique de santé — Rôles fonctionnels et structurels
Reference number
ISO 21298:2017(E)
©
ISO 2017
ISO 21298:2017(E)
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

ISO 21298:2017(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 5
5 Modeling roles in an architectural context . 5
5.1 Roles within the Generic Component Model . 5
5.2 Roles and policy aspects . 8
5.3 Roles in privilege management . 9
5.4 Relations of this standard to related privilege management specifications . 9
5.5 Structural roles .10
5.5.1 General.10
5.5.2 Structural roles of healthcare professions from the International Labour
Organization for trans-jurisdiction mapping .10
5.5.3 Healthcare specialties .11
5.6 Functional roles .12
6 Formally modelling roles .14
6.1 Roles within the Generic Component Model .14
6.2 Developing the role model .14
6.2.1 Relationships and transformation .14
6.2.2 Assignment of structural roles.15
6.2.3 Generic role specification .15
6.3 Relationships between structural and functional roles .18
7 Use cases for the use of structural and functional roles in an interregional or
international context .18
Annex A (informative) ISCO-08 sample mapping .20
Annex B (informative) Sample certificate profile for regulated healthcare professional .31
Bibliography .33
ISO 21298:2017(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
This first edition of ISO 21298 cancels and replaces ISO/TS 21298:2008, which has been technically
revised.
The committee responsible for this document is ISO/TC 215, Health informatics.
This corrected version incorporates the following correction:
— replacement of Figure 2.
iv © ISO 2017 – All rights reserved

ISO 21298:2017(E)
Introduction
This document contains a specification for encoding information related to roles for health
professionals and consumers. At least five areas have been identified where a model for encoding role
information is needed.
a) Privilege management and access control: role-based access control is not possible without an
effective means of recording role information for healthcare actors.
b) Directory services: structural roles are usefully recorded within directories of healthcare
providers (see for example, ISO 21091).
c) Audit trails: functional roles are usefully recorded within audit trails for health information
applications.
d) Public key infrastructure (PKI): The ISO 17090 series allows for the encoding of healthcare roles
in certificate extensions, but no structured vocabulary for such roles is specified. This document
identifies such a coded vocabulary.
e) Purpose of use: A role specification determines for what purposes healthcare information can be
used. Purposes of use are tied to specific roles in many cases (see for example, ISO 21091).
In addition to these security-related applications, there are several other possible applications of this
standard, such as follows.
— Clinical care provision: finding and identifying the right professional for a health service.
— Support of care: billing of healthcare services.
— Communication management: directing healthcare-related messages by means of a specific role.
— Health service management and q
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.