Changes between Version 24 and Version 25 of Archtectural Overview Security

Timestamp:

Feb 28, 2008, 10:13:55 PM (16 years ago)

Author:

KOBAYASHI, Shinji

Comment:

--

Archtectural Overview Security

@@ -116 +116 @@
 In and of itself, the openEHR EHR imposes only a minimal security policy profile which could be regarded as necessary, but generally not sufficient for a deployed system (i.e. other aspects would still need to be implemented in layers whose semantics are not defined in openEHR). The following policy principles are embodied in openEHR. 
 
-=== 一般 ===
+==== 一般 ====
  * 整合性: ヘルス・レコード情報は削除できない。論理的な削除は、データがあたかも削除されたかのように見せる方法で実現される（バージョン制御で実装されている）。 
  * 監査証跡: コンテント・オブジェクト、及びEHRステータスやアクセス制御オブジェクトを含めEHRに対して行われたすべての変更について、ユーザー識別、タイム・スタンプ、理由、オプションとしての電子署名、及び該当バージョン情報による監査証跡が取られる。例外が一つあり、変更者が患者である場合には、シンボリックな識別子を用いることができる(openEHRでPARTY_SELF と呼ぶもの。次の点を参照のこと)。 
@@ -127 +127 @@
  * Anonymity: the content of the health record is separate from identifying demographic information. This can be configured such that theft of the EHR provides no direct clue to the identity of the owning patient (indirect clues are of course harder to control). Stealing an identified EHR involves theft of data from two servers, or even theft of two physical computers, depending on deployment configuration. 
 
-=== アクセス制御 ===
+==== アクセス制御 ====
 Access Control 
 
@@ -162 +162 @@
 A key feature of the policy is that it must scale to distributed environments in which health record information is maintained at multiple provider sites visited by the patient.  As Anderson points out in the BMA study, policy elements are also needed for guarding against users gaining access to massive numbers of EHRs, and inferencing attacks. Currently these are outside the scope of openEHR, and realistically, of most EHR implementations of any kind today.  The following sections describe how openEHR supports the first list of policy objectives. 
 
-== 7.3.3 一貫性 ==
+=== 7.3.3 一貫性 ===
 7.3.3 Integrity 
 
-=== バージョニング ===
+==== バージョニング ====
 Versioning
 
@@ -172 +172 @@
 The most basic security-related feature of openEHR is its support for data integrity. This is mainly provided by the versioning model, specified in the change_control package in the Common Information Model, and in the Extract Information Model. Change-set based versioning of all information in the EHR and demographic services constitutes a basic integrity measure for information, since no content is ever physically modified, only new versions are created. All logical changes and deletions as well as additions are therefore physically implemented as new Versions rather than changes to existing information items. Clearly the integrity of the information will depend on the quality of the implementation; however, the simplest possible implementations (1 Version = 1 copy) can provide very good safety due to being write-once systems.  The use of change-sets, known as Contributions in openEHR, provides a further unit of integrity corresponding to all items modified, created or deleted in a single unit of work by a user.  The openEHR versioning model defines audit records for all changed items, which can be basic audits and/or any number of additional digitally signed attestations (e.g. by senior staff). This means that every write access of any kind to any part of an openEHR record is logged with the user identification, time, reason, and potentially other meta-data. Versioning is described in detail in section 8 on page 45.
 
-=== デジタル署名 ===
+==== デジタル署名 ====
 Digital Signature