SIST EN ISO 21298:2017

SLOVENSKI STANDARD
SIST EN ISO 21298:2017
01-julij-2017
Zdravstvena informatika - Funkcionalne in strukturne vloge (ISO 21298:2017)
Health informatics - Functional and structural roles (ISO 21298:2017)
Medizinische Informatik - Funktionelle und strukturelle Rollen (ISO 21298:2017)
Informatique de santé - Rôles fonctionnels et structurels (ISO 21298:2017)
Ta slovenski standard je istoveten z: EN ISO 21298:2017
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST EN ISO 21298:2017 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 21298:2017

---------------------- Page: 2 ----------------------

SIST EN ISO 21298:2017


EN ISO 21298
EUROPEAN STANDARD

NORME EUROPÉENNE

February 2017
EUROPÄISCHE NORM
ICS 35.240.80
English Version

Health informatics - Functional and structural roles (ISO
21298:2017, Corrected version 2017-04)
Informatique de santé - Rôles fonctionnels et Medizinische Informatik - Funktionelle und
structurels (ISO 21298:2017, Version corrigée 2017- strukturelle Rollen (ISO 21298:2017, korrigierte
04) Fassung 2017-04)
This European Standard was approved by CEN on 20 January 2017.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21298:2017 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST EN ISO 21298:2017
EN ISO 21298:2017 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------

SIST EN ISO 21298:2017
EN ISO 21298:2017 (E)
European foreword
This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 “Health
informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the
secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2017, and conflicting national standards shall
be withdrawn at the latest by August 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 21298:2017, Corrected version 2017-04 has been approved by CEN as
EN ISO 21298:2017 without any modification.


3

---------------------- Page: 5 ----------------------

SIST EN ISO 21298:2017

---------------------- Page: 6 ----------------------

SIST EN ISO 21298:2017
INTERNATIONAL ISO
STANDARD 21298
First edition
2017-02
Corrected version
2017-04
Health informatics — Functional and
structural roles
Informatique de santé — Rôles fonctionnels et structurels
Reference number
ISO 21298:2017(E)
©
ISO 2017

---------------------- Page: 7 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved

---------------------- Page: 8 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 5
5 Modeling roles in an architectural context . 5
5.1 Roles within the Generic Component Model . 5
5.2 Roles and policy aspects . 8
5.3 Roles in privilege management . 9
5.4 Relations of this standard to related privilege management specifications . 9
5.5 Structural roles .10
5.5.1 General.10
5.5.2 Structural roles of healthcare professions from the International Labour
Organization for trans-jurisdiction mapping .10
5.5.3 Healthcare specialties .11
5.6 Functional roles .12
6 Formally modelling roles .14
6.1 Roles within the Generic Component Model .14
6.2 Developing the role model .14
6.2.1 Relationships and transformation .14
6.2.2 Assignment of structural roles.15
6.2.3 Generic role specification .15
6.3 Relationships between structural and functional roles .18
7 Use cases for the use of structural and functional roles in an interregional or
international context .18
Annex A (informative) ISCO-08 sample mapping .20
Annex B (informative) Sample certificate profile for regulated healthcare professional .31
Bibliography .33
© ISO 2017 – All rights reserved iii

---------------------- Page: 9 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
This first edition of ISO 21298 cancels and replaces ISO/TS 21298:2008, which has been technically
revised.
The committee responsible for this document is ISO/TC 215, Health informatics.
This corrected version incorporates the following correction:
— replacement of Figure 2.
iv © ISO 2017 – All rights reserved

---------------------- Page: 10 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

Introduction
This document contains a specification for encoding information related to roles for health
professionals and consumers. At least five areas have been identified where a model for encoding role
information is needed.
a) Privilege management and access control: role-based access control is not possible without an
effective means of recording role information for healthcare actors.
b) Directory services: structural roles are usefully recorded within directories of healthcare
providers (see for example, ISO 21091).
c) Audit trails: functional roles are usefully recorded within audit trails for health information
applications.
d) Public key infrastructure (PKI): The ISO 17090 series allows for the encoding of healthcare roles
in certificate extensions, but no structured vocabulary for such roles is specified. This document
identifies such a coded vocabulary.
e) Purpose of use: A role specification determines for what purposes healthcare information can be
used. Purposes of use are tied to specific roles in many cases (see for example, ISO 21091).
In addition to these security-related applications, there are several other possible applications of this
standard, such as follows.
— Clinical care provision: finding and identifying the right professional for a health service.
— Support of care: billing of healthcare services.
— Communication management: directing healthcare-related messages by means of a specific role.
— Health service management and quality assurance: defining the purpose of use for specific data.
This document is complementary to other relevant standards that also describe and define roles for
the purpose of access control. It extends the model through the separation of role and policy. This
separation allows for a richer and more flexible capability to instantiate business rules across multiple
domains and jurisdictions. Backward compatibility with ANSI International Committee for Information
Technology Standards (INCITS) and HL7 RBAC (Role-Based Access Control) is provided through
simplification by combining policy and role into a single construct.
The role concepts defined in this document are referenced and reused in many international
standards created, for example, by ISO, CEN, HL7 International. Examples are ISO 22600, Reference [9],
Reference [10] and Reference [11].
The European Commission and the EU Parliament have established a Professional Qualifications
Directive (2005/36/EC) defining medical specialties (see ht t p:// eu r -le x . eu r op a .eu/ legal -content/ EN/
TXT/ HTML/ ?uri = CELEX: 02005L0036 -20140117 & from = EN).
Annex A provides ISOCO-08 sample mapping while Annex B provides sample certificate profile for
regulated healthcare professionals.
© ISO 2017 – All rights reserved v

---------------------- Page: 11 ----------------------

SIST EN ISO 21298:2017

---------------------- Page: 12 ----------------------

SIST EN ISO 21298:2017
INTERNATIONAL STANDARD ISO 21298:2017(E)
Health informatics — Functional and structural roles
1 Scope
This document defines a model for expressing functional and structural roles and populates it with a
basic set of roles for international use in health applications. Roles are generally assigned to entities
that are actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles
in the context of the provision of care (e.g. subject of care).
Roles can be structural (e.g. licensed general practitioner, non-licensed transcriptionist, etc.) or
functional (e.g. a provider who is a member of a therapeutic team, an attending physician, prescriber,
etc.). Structural roles are relatively static, often lasting for many years. They deal with relationships
between entities expressed at a level of complex concepts. Functional roles are bound to the realization
of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained
concepts.
Roles addressed in this document are not restricted to privilege management purposes, though privilege
management and access control is one of the applications of this document. This document does not
address specifications related to permissions. This document treats the role and the permission as
separate constructs. Further details regarding the relationship with permissions, policy, and access
control are provided in ISO 22600.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:// www .electropedia .org/
— ISO Online browsing platform: available at http:// www .iso .org/ obp
3.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized
entities in authorized ways
[SOURCE: ISO/IEC 2382-8:2015, 2126294]
3.2
attribute certificate authority
AA
authority which assigns privileges by issuing attribute certificates (3.3)
[SOURCE: ISO/IEC 9594-8:2014, 3.5.2, modified]
© ISO 2017 – All rights reserved 1

---------------------- Page: 13 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

3.3
attribute certificate
data structure, digitally signed by an Attribute Authority, that binds some attribute values with
identification (3.12) about its holder
[SOURCE: ISO/IEC 9594-8:2014, 3.5.1]
3.4
authorization
granting of privileges, which includes the granting of privileges to access data and functions
Note 1 to entry: Derived from ISO 7498-2: the granting of rights, which includes the granting of access based on
access rights.
[SOURCE: ISO 22600-1:2014, 3.6]
3.5
certification authority
CA
certificate issuer; an authority trusted by one or more relying parties to create, assign and manage
certificates
Note 1 to entry: Optionally, the certification authority can create the relying parties’ keys [ISO 9594-8]. The CA
issues certificates by signing certificate data with its private signing key.
Note 2 to entry: Authority in the CA term does not imply any government authorization, only that it is trusted.
Certificate issuer can be a better term but CA is used very broadly.
[SOURCE: ISO 22600-1:2014, 3.8]
3.6
delegation
conveyance of privilege from one entity (3.8) that holds such privilege, to another entity
[SOURCE: ISO 22600-1:2014, 3.10]
3.7
delegation path
ordered sequence of certificates which, together with authentication of a privilege asserter’s (3.19)
identity, can be processed to verify the authenticity of a privilege asserter’s privilege
[SOURCE: ISO 22600-2:2014, 3.15]
3.8
entity
any concrete or abstract thing of interest
Note 1 to entry: While in general, the word entity can be used to refer to anything, in the context of modelling it is
reserved to refer to things in the universe of discourse being modelled.
3.9
functional role
role (3.21) which is bound to an act
Note 1 to entry: Functional roles can be assigned to be performed during an act.
Note 2 to entry: Functional roles have been specified in this document.
Note 3 to entry: Functional roles correspond to the ISO/HL7 21731 RIM participation.
Note 4 to entry: See also structural role (3.26).
2 © ISO 2017 – All rights reserved

---------------------- Page: 14 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

3.10
healthcare organization
officially registered organization that has a main activity related to healthcare services or health
promotion
EXAMPLE Hospitals, Internet healthcare website providers, and healthcare research institutions.
Note 1 to entry: The organization is recognized to be legally liable for its activities but need not be registered for
its specific role (3.21) in health.
[SOURCE: ISO 17090-1:2013, 3.1.4]
3.11
healthcare professional
healthcare personnel having a healthcare professional entitlement recognized in a given jurisdiction
Note 1 to entry: The healthcare professional entitlement entitles a healthcare professional to provide healthcare
independent of a role (3.21) in a healthcare organization (3.10).
EXAMPLE GP, medical consultant, therapist, dentist, etc.
3.12
identification
performance of tests to enable a data processing system to recognize entities
3.13
non-regulated healthcare personnel
person employed by a healthcare organization (3.10), but who is not a regulated health professional
EXAMPLE Massage therapist, music therapist, etc.
[SOURCE: ISO 17090-1:2013, 3.1.5, modified]
3.14
organization employee
person employed by a healthcare organization (3.10) or a supporting organization (3.27)
EXAMPLE Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical
order entry clerks.
3.15
policy
set of legal, political, organizational, functional and technical obligations for communication and
cooperation
[SOURCE: ISO 22600-1:2014, 3.13]
3.16
policy agreement
written agreement where all involved parties commit themselves to a specified set of policies
[SOURCE: ISO 22600-1:2014, 3.14]
3.17
principal
human users and objects that need to operate under their own rights
[SOURCE: OMG Security Services Specification: 2001]
© ISO 2017 – All rights reserved 3

---------------------- Page: 15 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

3.18
privilege
capacity assigned to an entity (3.8) by an authority according to the entity’s attribute
Note 1 to entry: Per OASIS Extensible Access Control Markup Language (XACML) V2.0, privilege, permissions,
authorization, entitlement and rights are replaced by the term ‘rule’.
[SOURCE: ISO 22600-1:2014, 3.17]
3.19
privilege asserter
privilege holder using their attribute certificate (3.3) or public-key certificate to assert privilege (3.18)
[SOURCE: ISO 22600-2:2014, 3.27]
3.20
privilege verifier
entity (3.8) verifying certificates against a privilege policy
[SOURCE: ISO 22600-2:2014, 3.30]
3.21
role
set of competencies and/or performances that are associated with a task
[SOURCE: ISO 22600-2:2014, 3.33]
3.22
role assignment certificate
certificate that contains the role attribute, assigning one or more roles (3.21) to the certificate holder
[SOURCE: ISO 22600-2:2014, 3.34]
3.23
role certificate
certificate that assigns privileges (3.18) to a role (3.21) rather than directly to individuals
Note 1 to entry: Individuals assigned to a role, through an attribute certificate (3.3) or public-key certificate
with a subject directory attributes extension containing that assignment, are indirectly assigned the privileges
contained in the role certificate.
3.24
role specification certificate
certificate that contains the assignment of privileges (3.18) to a role (3.21)
[SOURCE: ISO 22600-2:2014, 3.35]
3.25
sponsored healthcare provider
health services provider who is not a regulated professional in the jurisdiction of his/her practice, but who
is active in his/her healthcare community and sponsored by a regulated healthcare organization (3.10)
EXAMPLE Drug and alcohol education officer who is working with a particular ethnic group, or a healthcare
aid worker in a developing country.
[SOURCE: ISO 17090-1:2013, 3.1.10]
3.26
structural role
role (3.21) specifying relations between entities in the sense of competence, often reflecting
organizational or structural relations (hierarchies).
Note 1 to entry: Structural roles have been specified in this document.
4 © ISO 2017 – All rights reserved

---------------------- Page: 16 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

Note 2 to entry: Structural roles correspond to the ISO/HL7 21731 RIM role.
Note 3 to entry: See also functional role (3.9).
3.27
supporting organization
officially registered organization which is providing services to a healthcare organization (3.10), but
which is not providing healthcare services
EXAMPLE Healthcare financing bodies such as insurance institutions, suppliers of pharmaceuticals and
other goods.
[SOURCE: ISO 17090-1:2013, 3.1.11]
3.28
supporting organization employee
person employed by a supporting organization (3.27)
4 Abbreviated terms
AA Attribute Authority
CA Certification Authority
GCM Generic Component Model
HL7 Health Level 7
ILO International Labour Organization
NIST National Institute for Standards
PKI Public Key Infrastructure
PMI Privilege Management Infrastructure
RBAC Role-Based Access Control
UML Unified Modeling Language
XACML eXtensible Access Control Markup Language
XML eXtensible Markup Language
5 Modeling roles in an architectural context
5.1 Roles within the Generic Component Model
For embedding components meeting functional requirements and services needed in a system, the
components of that system have to be managed in its architectural context. Therefore, requirements
analysis, design, and deployment of those components have to be developed and managed based on a
reference architecture following a unified process.
With the Generic Component Model (GCM), such reference architecture in conformance with essential
standards for distributed, component-based, service-oriented and semantically interoperable
information systems has been developed in the mid-1990s (e.g. ISO/IEC 9594-8, ISO/IEC 10746-2,
and ISO/IEC 2382-8) and used in the context of several ISO TC 215 and CEN TC 251, as well as HL7
specifications. The model specifies a component-based and service-oriented architecture for any
domain. While this document goes beyond security and privacy issues, functional and structural
roles are also used to manage privileges and access control. In this restricted context, functional and
© ISO 2017 – All rights reserved 5

---------------------- Page: 17 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

structural roles have been specified and modelled in ISO 22600. This document extends scope, services,
and deployment of functional and structural roles, nevertheless being based on the architectural
[7][8].
approach for semantically interoperable eHealth/pHealth (personal health) information systems
A system architecture defines the system’s components, their functions and interrelationships. A
system architecture is modelled in three dimensions.
— Components for meeting specific domains’ requirements.
— The decomposition and, after detailing the underlying concepts, the composition of those
components following corresponding aggregation concepts/rule (e.g. component collaboration,
workflow, algorithm). Granularity levels are at least business concepts, relations networks, basic
services/functions and basic concepts.
— The different views on that component according to ISO 10746 from the Enterprise View (business
case, use case, requirements) through the Information View and the Computational View
representing the platform independent logic of the system/component, as well as the Engineering
View and Technology View both dealing with platform-specific implementation aspects.
Figure 1 presents the Generic Component Model providing the aforementioned reference architecture,
adding a real-world business viewpoint to the ISO 10746 viewpoints.
6 © ISO 2017 – All rights reserved

---------------------- Page: 18 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

NOTE Modelled after Reference [8] (modified).
Figure 1 — Representation of the role concepts defined in this standard using the Generic
Component Model
The principles established in this document are also applicable to domains other than healthcare. In
that case, that domain and its related policy domain have to be entered in Figure 1c.
© ISO 2017 – All rights reserved 7

---------------------- Page: 19 ----------------------

SIST EN ISO 21298:2017
ISO 21298:2017(E)

The development of components, their concept representation and their aggregation are based on
constraint modeling. Concepts and rules can be represented using meta-languages such as UML and
UML derivatives or the XML languages set.
5.2 Roles and policy aspects
Roles group entities regarding their functions and relations in a business context. Roles should be
managed according to all dimensions of a system, represented, for example, by the GCM. They may be
expressed by an entity attribute.
For managing relationships between the entities, structural (organizational) and functional roles
can be defined. Roles might be assigned to any entity as an actor in a communication or cooperation
interrelationship (e.g. person, organizati
...

SLOVENSKI STANDARD
oSIST prEN ISO 21298:2015
01-januar-2015
Zdravstvena informatika - Funkcionalne in strukturne vloge (ISO/DIS 21298:2014)
Health informatics - Functional and structural roles (ISO/DIS 21298:2014)
Informatique de santé - Rôles fonctionnels et structurels (ISO/DIS 21298:2014)
Ta slovenski standard je istoveten z: prEN ISO 21298:2014
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
oSIST prEN ISO 21298:2015 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 21298:2015

---------------------- Page: 2 ----------------------
oSIST prEN ISO 21298:2015
DRAFT INTERNATIONAL STANDARD
ISO/DIS 21298
ISO/TC 215 Secretariat: ANSI
Voting begins on: Voting terminates on:
2014-08-26 2014-11-26
Health informatics — Functional and structural roles
Informatique de santé — Rôles fonctionnels et structurels
[Revision of edition (ISO )]
ICS: 35.240.80
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 21298:2014(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2014

---------------------- Page: 3 ----------------------
oSIST prEN ISO 21298:2015
ISO/DIS 21298:2014(E)

Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as
permitted under the applicable laws of the user’s country, neither this ISO draft nor any extract
from it may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, photocopying, recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO 2014 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO 21298:2015
ISO/DIS 21298:2014(E)

© ISO 2014 – All rights reserved iii

---------------------- Page: 5 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
Contents Page
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviations . 5
5 Role Model . 6
5.1 Roles and policy aspects. 7
5.2 Roles in privilege management . 8
5.3 Structural roles . 9
5.3.1 Structural roles of healthcare professions from the International Labour Organization . 10
5.3.2 Medical Specialties . 11
5.4 Functional roles . 15
6 Formally modelling roles . 17
6.1 Roles within the Generic Component Model . 17
6.2 Developing the role model. 17
6.2.1 Assignment of Structural Roles . 17
6.2.2 Generic role specification. 18
6.3 Relationships between Structural and Functional Roles . 20
7 Use cases for the use of structural and functional roles . 21
Annex A (informative) ISCO-08 Sample Mapping . 22
Annex B . 33

© ISO 2006 – All rights reserved iii

---------------------- Page: 6 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for whom a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
— an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
— an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is
confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an
International Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS was prepared by Technical Committee ISO/TC 215, Health informatics, Working Group 4: Security .
This second/third/. edition cancels and replaces the first/second/. edition (), [clause(s) / subclause(s) /
table(s) / figure(s) / annex(es)] of which [has / have] been technically revised.
iv © ISO 2006 – All rights reserved

---------------------- Page: 7 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
Introduction
This document contains a specification for encoding information related to roles for health professionals and
consumers. At least four areas have been identified where a model for encoding role information is needed.
a) Privilege management and access control: role-based access control is not possible without an
effective means of recording role information for healthcare actors.
b) Directory services: structural roles are usefully recorded within directories of health care providers (see
for example, ISO 21091 Health informatics – Directory services for security, communications, and
identification of professionals and subjects of care).
c) Audit trails: functional roles are usefully recorded within audit trails for health information applications.
d) Public key infrastructure (PKI): The three part ISO standard 17090 Health Informatics – Public Key
Infrastructure (PKI) allows for the encoding of healthcare roles in certificate extensions, but no structured
vocabulary for such roles is specified. This International Standard identifies such a coded vocabulary.
e) Purpose of Use: A role specification determines for what purposes health care information can be used.
Purposes of use are tied to specific roles in many cases (see for example ISO/TS 21091 Health
informatics – Classification of purposes for processing personal health information).
In addition to these security-related applications there are several other possible applications of this standard,
such as:
f) Clinical care provision: finding and identifying the right professional for a health service,
g) Support of care: billing of health care services,
h) Communication management: directing healthcare related messages by means of a specific role, and
i) Health service management and quality assurance: defining the purpose of use for specific data.
This document is complementary to other relevant standards that also describe and define roles for the
purpose of access control. Backward compatibility with ANSI INCITS (InterNational Committee for Information
Technology Standards) and HL7 RBAC (Role-Based Access Control) is provided through simplification by
combining policy and role into a single construct. This document extends the model through the separation of
role and policy. This separation allows for a richer and more flexible capability to instantiate business rules
across multiple domains and jurisdictions.


© ISO 2006 – All rights reserved v

---------------------- Page: 8 ----------------------
oSIST prEN ISO 21298:2015

---------------------- Page: 9 ----------------------
oSIST prEN ISO 21298:2015
COMMITTEE DRAFT ISO/PDTS

Health informatics — Functional and structural roles
1 Scope
This International Standard defines a model for expressing functional and structural roles and populates it with
a basic set of roles for international use in health applications. Roles are generally assigned to entities that are
actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles in the context
of the provision of care (e.g. subject of care).
Roles can be structural (e.g.: licensed general practitioner, non-licensed transcriptionist) or functional (e.g.: a
provider who is a member of a therapeutic team, an attending physician, prescriber, etc). Structural roles are
relatively static, often lasting for many years. They deal with relationships between entities expressed at a
level of complex concepts. Functional roles are bound to the realisation of actions and are highly dynamic.
They are normally expressed at a decomposed level of fine-grained concepts.
The role concepts defined in this standard are referenced and reused in many international standards created,
e.g., by ISO, CEN, HL7 International. Examples are ISO 22600 “Health informatics – Privilege management
and access control”, HL7 International “HL7 Healthcare privacy and security classification system (HCS)”, HL7
International “HL7 Security and privacy ontology”, HL7 International “The HL7 RBAC Healthcare Permission
Catalog” or HL7 International “HL7 Composite security and privacy domain analysis model DSTU”.Roles
addressed in this International Standard are not restricted to privilege management purposes, though privilege
management and access control is one of the applications of this International Standard. This standard does
not address specifications related to permissions. This document treats the role and the permission as
separate constructs. Further details regarding the relationship with permissions, policy, and access control are
provided in ISO 22600.

2 Normative references
The following normative documents contain, through reference in this text, provisions of this International
Standard. For undated references, the latest edition of the normative document referred to applies. Members
of ISO and IEC maintain registers of currently valid International Standards.
International Labour Organization: International Standard Classification of Occupations 2008 (ISCO-08)
ISO/FDIS 17090-1:2013 Health informatics – Public Key Infrastructure
ISO/FDIS 22600:2013 Health informatics – Privilege Management and Access Control
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

3.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized
entities in authorized ways
1© ISO 2006 – All rights reserved 1

---------------------- Page: 10 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
[ISO/IEC 2382-8:1998]
3.2
attribute authority (AA)
authority which assigns privileges by issuing attribute certificates
[ISO/IEC 9594-8:1995]
3.3
attribute certificate
data structure, digitally signed by an Attribute Authority, that binds some attribute values with identification
about its holder
[ISO/IEC 9594-8:1995]
3.4
authority
entity, which is responsible for the issuance of certificates.
Note 1 to entry: Two types are distinguished in this Specification: certification authority which issues public-
key certificates and attribute authority which issues attribute certificates [ISO/FDIS 22600:2013]
3.5
authorisation
granting of privileges, which includes the granting of privileges to access data and functions
NOTE: derived from ISO 7498-2:1989: the granting of rights, which includes the granting of access based on
access rights
3.6
certification authority (CA)
certificate issuer; an authority trusted by one or more relying parties to create, assign and manage certificates.
Note 1 to entry: Optionally the certification authority may create the relying parties' keys [ISO 9594-8:1995]. The CA issues
certificates by signing certificate data with its private signing key.
Note 2 to entry: Authority in the CA term does not imply any government authorisation only that it is trusted. Certificate
issuer may be a better term but CA is used very broadly.
3.7
delegation
conveyance of privilege from one entity that holds such privilege, to another entity
3.8
delegation path
ordered sequence of certificates which, together with authentication of a privilege asserter's identity can be
processed to verify the authenticity of a privilege asserter's privilege
3.9
entity
any concrete or abstract thing of interest.
Note 1 to entry: While in general the word entity can be used to refer to anything, in the context of modelling it
is reserved to refer to things in the universe of discourse being modelled. [ISO/IEC 10746-2:1996]
3.10
functional role
role which is bound to an act. Functional roles can be assigned to be performed during an act.
Note 1 to entry: Functional roles have been specified in this International Standard.
Note 2 to entry: Functional roles correspond to the ISO/HL7 21731 RIM participation.
2 © ISO 2006 – All rights reserved

---------------------- Page: 11 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
Note 3 to entry: See also structural role
3.11
healthcare organisation
officially registered organisation that has a main activity related to healthcare services or health promotion
[ISO/FDIS 17090-1:2013]
Example 1 to entry: Hospitals, Internet healthcare website providers, and healthcare research institutions.
Note 1 to entry: The organisation is recognised to be legally liable for its activities but need not be registered
for its specific role in health.
3.12
identification
performance of tests to enable a data processing system to recognize entities [ISO/IEC 2382-08:1998]
3.13
non-regulated health professional
person employed by a healthcare organization, but who is not a regulated health professional [ISO/FDIS
17090-1:2013]
Example 1 to entry: massage therapist, music therapist, etc.
Note 1 to entry: The fact that the employee is not authorized by a body independent of the employer in his
professional capacity does, of course, not imply that the employee is not professional in conducting his
services.
3.14
organisation employee
person employed by a healthcare organisation or a supporting organisation
EXAMPLE: Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical
order entry clerks.
3.15
policy
set of legal, political, organisational, functional and technical obligations for communication and cooperation
[ISO/FDIS 22600:2013]
3.16
policy agreement
written agreement where all involved parties commit themselves to a specified set of policies
3.17
principal
human users and objects that need to operate under their own rights [OMG Security Services Specification:
2001]
3.18
privilege
capacity assigned to an entity by an authority according to the entity’s attribute [ISO/FDIS 22600:2013]
Note 1 to entry: Per OASIS Extensible Access Control Markup Language (XACML) V2.0, Privilege,
permissions, authorisation, entitlement and rights are replaced by the term ‘rule’.
3.19
privilege asserter
privilege holder using their attribute certificate or public-key certificate to assert privilege [ISO 22600:2013]
© ISO 2006 – All rights reserved 3

---------------------- Page: 12 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
3.20
privilege verifier
entity verifying certificates against a privilege policy [ISO/FDIS 22600:2013]
3.21
regulated health professional
person who is authorized by a nationally recognized body to be qualified to perform certain health services
[ISO/FDIS 17090-1:2013]
EXAMPLES: Physicians, registered nurses and pharmacists.
Note 1 to entry: Types of registering or accrediting bodies differ in different countries and for different
professions. Nationally recognized bodies include local or regional governmental agencies, independent
professional associations and other formally and nationally recognized organizations. They may be exclusive
or non-exclusive in their territory.
Note 2 to entry: Nationally recognized body in this definition does not imply one nationally controlled system of
professional registration but, in order to facilitate international communication, it would be preferable for one
nationwide directory of recognized health professional registration bodies to exist.
3.22
role
set of competencies and/or performances that are associated with a task [ISO/FDIS 22600:2013]
3.23
role assignment certificate
certificate that contains the role attribute, assigning one or more roles to the certificate holder [ISO/FDIS
22600:2013]
3.24
role certificate
certificate that assigns privileges to a role rather than directly to individuals. Individuals assigned to that role,
through an attribute certificate or public-key certificate with a subject directory attributes extension containing
that assignment, are indirectly assigned the privileges contained in the role certificate
3.25
role specification certificate
certificate that contains the assignment of privileges to a role [ISO/FDIS 22600:2013]
3.26
sponsored healthcare provider
health services provider who is not a regulated professional in the jurisdiction of his/her practice, but who is
active in his/her healthcare community and sponsored by a regulated healthcare organization [ISO/FDIS
17090-1:2013]
Example 1 to entry: Drug and alcohol education officer who is working with a particular ethnic group, or a
healthcare aid worker in a developing country.
3.27
structural role
role specifying relations between entities in the sense of competence, often reflecting organisational or
structural relations (hierarchies).
Note 1 to entry: Structural roles have been specified in this International Standard.
Note 2 to entry: Structural roles correspond to the ISO/HL7 21731 RIM role.
Note 3 to entry: See also functional role
4 © ISO 2006 – All rights reserved

---------------------- Page: 13 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
3.28
supporting organisation
officially registered organisation which is providing services to a healthcare organisation, but which is not
providing healthcare services [ISO/FDIS 17090-1:2013]
Example 1 to entry: Healthcare financing bodies such as insurance institutions, suppliers of pharmaceuticals
and other goods.
4 Abbreviations
AA Attribute Authority
CA Certification Authority
GCM Generic Component Model
HL7 Health Level 7
ILO International Labour Organization
NIST National Institute for Standards
PKI Public Key Infrastructure
PMI Privilege Management Infrastructure
RBAC Role-Based Access Control
UML Unified Modeling Language
XACML eXtensible Access Control Markup Language
XML eXtensible Markup Language
© ISO 2006 – All rights reserved 5

---------------------- Page: 14 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS

5 Modeling roles in an architectural context
5.1 Roles within the Generic Component Model
For embedding components meeting functional requirements and services needed in a system, the
components of that system have to be managed in its architectural context. Therefore, requirements analysis,
design, and deployment of those components have to be developed and managed based on a reference
architecture following a unified process.
With the Generic Component Model (GCM), such reference architecture in conformance with essential
standards for distributed, component-based, service-oriented and semantically interoperable information
systems has been developed in the mid-nineties (e.g. [1, 2, 3]) and used in the context of several ISO TC 215
and CEN TC 251 as well as HL7 specifications. The model specifies a component-based and service oriented
architecture for any domain. While this standard goes beyond security and privacy issues, functional and
structural roles are also used to manage privileges and access control. In this restricted context, functional
and structural roles have been specified and modeled in ISO 22600 Health informatics – Privilege
management and access control. The present standard extends scope, services, and deployment of
functional and structural roles, nevertheless being based on the architectural approach for semantically
interoperable eHealth/pHealth (personal health) information systems [4,5].
A system architecture defines the system’s components, their functions and interrelationships. A system
architecture is modeled in three dimensions:
• components for meeting specific domains’ requirements
• the decomposition and, after detailing the underlying concepts, the composition of those components
following corresponding aggregation concepts/rule (e.g. component collaboration, workflow, algorithm).
Granularity levels are at least Business Concepts, Relations Networks, Basic Services/Functions and
Basic Concepts.
• the different views on that component according to ISO 10746 Information technology – Open Distributed
Processing – Part 2: Reference Model from the Enterprise View (business case, use case, requirements)
through the Information View and the Computational View representing the platform independent logic of
the system/component as well as the Engineering View and Technology View both dealing with platform-
specific implementation aspects.
Figure 1 presents the Generic Component Model providing the aforementioned reference architecture.

6 © ISO 2006 – All rights reserved

---------------------- Page: 15 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS


                   c



Figure 1 – Representation of the role concepts defined in this standard using the Generic Component
Model (after [5], modified]
The principles established in this International Standard are also applicable to domains other than healthcare.
In that case, that domain and its related policy domain have to be entered in Figure 1c.
The development of components, their concept representation and their aggregation are based on constraint
modeling. Concepts and rules can be represented using meta-languages such as UML and UML derivates or
the XML languages set.
5.2 Roles and policy aspects
Roles are components reflecting specific aspects of a system. They have to be managed according to all
dimensions of the GCM. As policies are properties and functions in another system/component dimension,
policies have to be embedded in the component specification through corresponding constraints. Interrelated
classes and associations can be simplistically modeled by component attributes and operational constraints.
This is e.g. done in some simplistic RBAC (Role-Based Access Control) specifications ignoring the policy-
driven correct approach. Associating, e.g., a functional role class with the related policy class defining context
and other constraints to access target objects, the resulting component can summarize those constraint in a
permission bound to this role and expressed as permission attribute.
For managing relationships between the entities, structural (organisational) and functional roles can be
defined. Roles might be assigned to any entity as an actor in a communication or cooperation interrelationship
(e.g. person, organization, system, device, application, component, etc.). Because entities are actors in use
cases, roles have relationship to actors and therefore to actions. Functional and structural roles are
associated with and defined by policies.
A policy may describe the legal framework including rules and regulations, the organisational and
administrative framework, functionalities, claims and objectives, the entities involved, agreements, rights,
duties, and penalties defined as well as the technological solution implemented for collecting, recording,
processing and communicating data in information systems.
Policies can be specified and implemented in different ways, including:
© ISO 2006 – All rights reserved 7

---------------------- Page: 16 ----------------------
oSIST prEN ISO 21298:2015
ISO/PDTS
 in a policy agreement as specified in ISO 22600-1
 as an attribute
 as an implicit policy as part of another component
 as a separate policy element to be combined with another component or used directly
 as a rule policy combined with another policy
 as structured expressions (e.g. using XACML)

A policy may be applied as a set of rules describing constraints on components, their functions and relations,
i.e., the behavior, of a system. Health information systems such as the Electronic Health Record (EHR), for
instance, should have one policy per Structural Role as well as one policy per Functional Role. Further details
regarding policy specification and the relationship to privilege management and access control are provided in
ISO 22600.
Roles can be instantiated through numerous mechanisms, including directory entries, database variables,
certificates among others Role assignment certificates may be attribute certificates or public-key certificates.
Specific privileges are assigned to a role rather than to individual through role specification certificates. The
indirect assignment enables the privileges assigned to a role to be updated, without impacting the certificates
that assign roles to individuals. Role specification certificates must be attribute certificates, and not public-key
certificates. If role specification certificates are not used, the assignment of privileges to a role may be done
through other means (e.g. may be locally configured at a privilege verifier).
The following are all possible:
a) any number of roles can be defined by any Attribute Authority;
b) the role itself and the members of a role can be defined and administered separately, by different
Attribute Authorities;
c) a privilege, may be delegated; and
d) roles may be assigned any suitable lifetime.
Further discussion regarding assignment of multiplicity of structural and functional roles is addressed in the
discussion of structural and functional roles below. Further details regarding the expression of roles through
digital certificates are provided in ISO 17090. Further details regarding the representation of rol
...