213 | 213 | Overview Access control is completely specified in an openEHR EHR in the EHR_ACCESS object for the EHR. This object acts as a gateway for all information access, and any access decision must be made based on the policies and rules it contains. One of the problems with defining the semantics of the EHR Access object is that there is currently no published formal, proven model of access control for shared health information. Various efforts underway include the CEN EN13606 part 4 work, the ISO PMAC (Privilege Management and Access Control) work being done in TC/215 based on the generic security standard ISO/IEC 17799. Undoubtedly experimental and even some limited production health information security implementations exist. In reality however, no large-scale shared EHR deployments exist, and so security solutions to date are still developmental. The openEHR architecture is therefore designed to accommodate alternative models of access control, each defined by a subtype of the class ACCESS_CONTROL_SETTING (Security IM). This approach means that a simplistic access control model can be defined and implemented initially, with more sophisticated models being used later. The "scheme" in use at any given time is always indicated in the EHR Access object. 1see e.g. Ross Anderson - "Security in Clinical Information Systems" available at [http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html]. 2IETF RFC 2440 - [http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt] |