| Description | A Patient Summary-CA Solution should adhere to the minimum industry standards for role-based access control and security mechanisms for the Patient Summary, including defining the security level and authorization profile of all authorized actors and mapping each user to one or more roles and each role to one or more system functions, dictated by jurisdictional standards and system requirements. Note: For example, jurisdictional standards for role-based access control should consider the following standards such as ISO 22600-1:2014, which describes the scenarios and the critical parameters in information exchange across policy domains. Another example of a standard is ISO 22600-2:2014, which describes and explains, in a more detailed manner, the architectures and underlying models for privilege management and access control which are necessary for secure information sharing including the formal representation of policies. |
|---|