![Page 1: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/1.jpg)
Harmonized Privacy and Security Domain Analysis Model
Draft for Peer Reviewhttp://gforge.hl7.org/gf/project/security/frs/
![Page 2: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/2.jpg)
Overview
Draft Document Peer Review Form
http://gforge.hl7.org/gf/project/security/frs/
![Page 3: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/3.jpg)
Changes
• Harmonization – Security and Privacy view points identified and related to each other– Common classes resolved
• ProviderOrganization Organization
– Removed overlaps– Consolidated Security Privacy Use Cases and class definitions– Alignment with ISO 22600 (Part 2 Formal Models) Health informatics
— Privilege Mgmt and Access Control• Reconciliation January 2010 Ballot• To do:
– Alignment with ISO/IEC 15816 (SECURITY INFORMATION OBJECTS FOR ACCESS CONTROL)
![Page 4: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/4.jpg)
Secu
rity
View
poin
t
![Page 5: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/5.jpg)
Priv
acy
View
poin
t
![Page 6: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/6.jpg)
Cons
ent D
irecti
ve a
nd S
ecur
ity
Polic
y
Abstract
Implementation
![Page 7: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/7.jpg)
Cons
ent D
irecti
ve a
nd S
ecur
ity
Polic
yAbstract Class, Base class
Concrete
Specialization classes
Related classes
![Page 8: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/8.jpg)
Role-based Access Control Classes
![Page 9: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/9.jpg)
Business Use Cases
![Page 10: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/10.jpg)
![Page 11: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/11.jpg)
![Page 12: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/12.jpg)
![Page 13: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/13.jpg)
System Interactions
![Page 14: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/14.jpg)
![Page 15: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/15.jpg)
Consent Directive State Machine
Identifies business triggers
![Page 16: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/16.jpg)
Based on State Machine
![Page 17: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/17.jpg)
![Page 18: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/18.jpg)
Negotiate
![Page 19: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/19.jpg)
Evaluated Default Policy vs. Consent Directive
![Page 20: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/20.jpg)
Outstanding items
• Clinician-centric/business view-point– Security view-point– Privacy view-point
• Clarify differences
![Page 21: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/21.jpg)
Use Case: Negotiate Policy• Sam Jones has been provided with a form to register his privacy preferences. He indicates tha
t he does not want Dr. Bob to access his records. Sunnybrook Hospital has a rule that provides access to all patient records to treating physicians. Mr. Jones is alerted to this rule when he enters his preferences. Although Dr. Bob is not Mr. Jones’ primary physician, there may be occasions when Dr. Bob would be granted access to Mr. Jones’ medical record. Mr. Jones does not agree to the policy and does not sign the consent form. Because the hospital cannot provide service to Mr. Jones without a signed consent form, a privacy officer at the hospital is alerted to this and contacts Mr. Jones. The privacy officer explains the situation to Mr. Jones and explains the different options that are available and their consequences. Mr. Jones either selects an option that he is comfortable with or suggests an alternative option. The privacy officer then complies with Mr. Jones’ decision or evaluates the alternative option. This process continues until a mutually satisfactory option is reached.
• All jurisdictional policies are complied with and neither organizational policy nor consent directive has been changed without the stakeholders’ knowledge. One possible resolution to the conflict could be that the hospital and patient have not come to an agreement and the patient has decided to seek healthcare services at another hospital.
![Page 22: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/22.jpg)
Use CasesBusiness
Technical
Interactions elaborated
![Page 23: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/23.jpg)
![Page 24: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/24.jpg)
Interactions
![Page 25: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/25.jpg)
Interactions
![Page 26: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/26.jpg)
Related Information
![Page 27: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/27.jpg)
Associations
![Page 28: Harmonized Privacy and Security Domain Analysis Model](https://reader038.vdocuments.us/reader038/viewer/2022110210/56812b73550346895d8f959f/html5/thumbnails/28.jpg)