DIN EN ISO 21298:2017-07

This document defines a model for expressing functional and structural roles and populates it with a basic set of roles for international use in health applications. Roles are generally assigned to entities that are actors. This will focus on roles of persons (such as the roles of health professionals) and their roles in the context of the provision of care (for example, subject of care). Roles can be structural (for example, licensed general practitioner, non-licensed transcriptionist, etcetera) or functional (such as a provider who is a member of a therapeutic team, an attending physician, prescriber, etcetera). Structural roles are relatively static, often lasting for many years. They deal with relationships between entities expressed at a level of complex concepts. Functional roles are bound to the realization of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained concepts. Roles addressed in this document are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this document. This document does not address specifications related to permissions. This document treats the role and the permission as separate constructs. Further details regarding the relationship with permissions, policy, and access control are provided in ISO 22600. This document (EN ISO 21298:2017) has been prepared by Technical Committee ISO/TC 215 "Health Informatics" (secretariat: ANSI, United States) with the collaboration of Technical Committee CEN/TC 251 "Medical Informatics" (secretariat: NEN, the Netherlands) with the participation of German experts. The responsible national standardization committee is Working Committee NA 063-07-04 AA "Sicherheit" ("Security") at DIN Standards Committee Medicine (NAMed).