IHE Patient Care Coordination Technical Framework Vol I
IHE Patient Care Coordination Technical Framework Vol I
IHE Patient Care Coordination Technical Framework Vol I
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
PCC <strong>Technical</strong> <strong>Framework</strong> V3.0, vol. 1<br />
________________________________________________________________________<br />
3.3.2.1 References<br />
1215<br />
1220<br />
The following list of references is provided as good references to understand the terms<br />
and concepts presented here. These references are not required by this profile.<br />
• ISO/TS 21298 "Health informatics – Functional and structural roles".<br />
• ISO/TS 22600 "Health Informatics – Privilege Management and Access<br />
Controls".<br />
• CEN prEN 13606-4 "Health informatics — Electronic health record<br />
communication — Part 4: Security requirements and distribution rules"<br />
3.3.3 Creating Privacy Consent Policies<br />
1225<br />
1230<br />
1235<br />
1240<br />
1245<br />
1250<br />
A Privacy Consent Policy shall identify who has access to information, and what<br />
information is governed by the policy (e.g., under what conditions will a document be<br />
marked as containing that type of information). The XDS Affinity Domain shall publish<br />
privacy Consent Policies. The mechanism for publishing these policies is not described<br />
by this profile. The Privacy Consent Policies written by the XDS Affinity Domain must<br />
be able to be implemented by the technologies in all of the systems that have access to<br />
the XDS Affinity Domain. This means that the Privacy Consent Policies must be created<br />
with great care to ensure they are enforceable.<br />
The implementation of Privacy Consent Polices under this profile makes it strongly<br />
advisable that policies describe under what situations a functional role shall have access<br />
to information, and do not include situations in which a functional role is not granted<br />
access. Take care when writing access control policies. The two policy statement<br />
examples below illustrate the problem.<br />
1. A Researcher may >>only>only>only