1 / 7

Obligation Vocabulary Work in Progress

Obligation Vocabulary Work in Progress. HL7 Security WG Kathleen Connor VA (ESC) January 2012. DAM Privacy Rule Obligation Attribute. DAM Privacy Rule Obligation Attribute. A PrivacyRule specifies the permission allowed to a user type by the consenter for a specific type of information

love
Download Presentation

Obligation Vocabulary Work in Progress

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Obligation VocabularyWork in Progress HL7 Security WG Kathleen Connor VA (ESC) January 2012

  2. DAM Privacy Rule Obligation Attribute

  3. DAM Privacy Rule Obligation Attribute A PrivacyRule specifies the permission allowed to a user type by the consenter for a specific type of information The person consenting may be either the subject of the record (the client) or the client's designated Substitute Decision Maker One or more PrivacyRule instances comprise a privacy Consent Directive or PrivacyPolicy. A PrivacyRule is equivalent to a BasicPolicy A specific individual’s privacy consent directive consists of several rules that map to BasicPolicy instances A PrivacyRule, from the Privacy viewpoint perspective, is equivalent to a BasicPolicy from a Security viewpoint perspective BasicPolicy instances comprise a CompositePolicy and PrivacyRule instances are grouped together to form a ConsentDirective. • Attribute 'PrivacyRule.obligation' of type ' ObligationCode' with cardinality of [0..1] • This coded attribute specifies a pre-defined obligation associated with a policy or consent.

  4. Proposed Obligation Value Set Description This is a value set for the obligation attribute on ObligationPolicy associated with BasicPolicy and on PrivacyRule. • Attribute 'ObligationPolicy.eventCode' of type ' ObligationCode' with cardinality of [*] • This attribute identifies the action required before completing a step in the workflow that complies with a Basic Policy or a Refrain Policy. It is a coded concept for a policy domain rule reference. For example, in order to comply with a Basic Policy, there may be an obligation to audit operations. In addition, there may be a Refrain policy not to disclose information until the information is attested to by author with an associated obligation policy requiring the author's signature. This information is passed as rule for an application to enforce. • Attribute 'PrivacyRule.obligation' of type ' ObligationCode' with cardinality of [0..1] • This coded attribute specifies a pre-defined obligation associated with a policy or consent • An obligation policy may be used to specify additional privacy preferences specified by a client/patient. • From the Security and Privacy DAM: An ObligationPolicy may be specified in addition to a ConstraintPolicy to fully describe a client's access control preferences. In some cases, an obligation policy may be used to indicate that the receiver of an information object may not be allowed to re-disclose or persist that information object indefinitely. • Suggested edit: For example, an obligation policy may be used to indicate that the receiver of the information must execute 1…* system procedures to comply with commitments to enforce the sender’s information handling requirements. • According to ISO 22600-2, ObligationPolicy instances 'are event-triggered and define actions to be performed by manager agent'.

  5. DAM Security Obligation Policy

  6. Proposed Obligation Policy Codes (Starter Set)

  7. Proposed Obligation Policy Codes (Starter Set)

More Related