 |
Return to detail page at www.hitsp.org | HITSP/TP20 |
| Prev TOC |
| HOME | ABOUT | MEMBERSHIP | NEWS & ANNOUNCEMENTS | MEETINGS | FAQ | CONTACT US | | Powered by American National Standards Institute |
|
Return to detail page at www.hitsp.org | HITSP/TP20 |
| Prev TOC |
The following sections provide the details of updates made to this document.
The changes in this cycle address the following comments received during the Public Comment and Inspection Testing period (July 23, 2006 - August 17, 2007):
272, 714, 869, 874, 877, 883, 887, 890, 892, 896, 899, 900, 902, 904, 982, 984, 1196, 1197, 1228, 1229, 1230, 1231, 1243, 1262, 1263, 1264, 1265, 1266
Upon approval by the HITSP Panel on October 15, 2007, this document has been moved to Version 1.1. This document is now Released for Implementation.
This document has been updated to reflect changes which are editorial in nature. This document has been moved to Version 1.1.1
Interface names have been corrected to more accurately reflect the corresponding names in the referenced Implementation Specification.
Updated to place standards into 3 categories: Regulatory, Selected, and Informative References.
Updated name/description of standard for ASTM PMI, and HL7 v3 RBAC
This document has been modified to reflect the updated HITSP approach to categorizing standards as Regulatory Guidance, Selected Standards, and Informative References.
The following standard was added as aninformative reference:
Integrating the Healthcare Enterprise (IHE) IT Infrastructure Technical Framework (ITI-TF) Revision4.0, Audit Trail and Node Authentication (ATNA) Integration Profile Added to Informative Reference Table
Upon approval by the HITSP Panel on August 27, 2008, this document is now Released for Implementation.
Minor editorial changes were made to this construct.
This Transaction Package has been updated with editorial and minor updates of a technical nature as follows:
The following technical changes have been made to Section 1.0:
Moved overview text that was more detailed from Section 1.1 to Section 2.1
Security and Privacy Technical Note no longer has glossary or description of application of Security and Privacy constructs to HITSP Interoperability Specifications, so updated Table 1-1 with this information.
The following technical changes have been made to Section 2.0:
Table 2-2 Interfaces
- Provided further clarification on the standards for which the interfaces will be used
- Corrected the optionality of the interfaces to indicate that at least one of the Service User or Service Provider interfaces is required to be implemented
Section 2.1.3 Interface Interactions
- Added high level overview narrative and Figure 2-1 to provide further details on the typical access control interactions between parties in the exchange of healthcare information
- Reorganized the section narrative to provide clarity by moving supplemental, supporting material from Section 2.1.3 into the appendix in Section 3.0
- Edited the narrative to improve readability and consistency
Table 2-4 Pre-conditions
- Minor edits to the preconditions to improve readability
Table 2-12 Selected Standards
- Moved the standard reference for OASIS WS-Federation from Table 2-12 Selected Standards to Table 2-13 Informative Reference Standards
- Updated the IHE ATNA profile reference to point to Revision 5.0 or later
Section 2.3.3 Informative Reference Standards
- Added informative references to the OASIS XSPA SAML, OASIS XSPA WS-Trust, and OASIS XSPA XACML profiles as roadmapped references
Upon approval by the HITSP Panel on December 18, 2008, this document is now Released for Implementation.
Minor editorial changes were made to the document, including the UML diagrams. Removed boilerplate text for simplification. The term actor was replaced with interface.
Upon approval by the HITSP Panel on July 8, 2009, this document is now Released for Implementation.
[1] The Access Control Service Interface is the normative name for the Service User Access Control Service and Service Provider Access Control Service Interfaces.
[2] Optionality = R for Required, O for Optional, or C for Conditional
[3] See ISO 10184-3 for a complete discussion of access control information types.
[4] The Cross Enterprise Security and Privacy Author (XSPA) SAML Profile is currently on track to become an OASIS standard.
[5] The Cross Enterprise Security and Privacy (XSPA) WS-Trust Profile is currently on track to become an OASIS standard.
[6] The Cross Enterprise Security and Privacy (XSPA) XACML Profile is currently on track to become an OASIS standard.
[7] ASTM E1986 lists healthcare roles for which access controls are warranted. These enterprise roles are referred to here as structural roles.
[8] ANSI INCITS 359-2004 Role Based Access Control
[9]
Source for Figure 3-6: NIST Interagency Report 7316 Assessment of Access Control Systems
Figure 2 XACML Architecture
|
Return to detail page at www.hitsp.org | HITSP/TP20 |
| Prev TOC |