This wiki has undergone a migration to Confluence found Here
Security and Privacy Ontology Project Scope
Jump to navigation
Jump to search
Back to: Security and Privacy Ontology Main Page
- What is the domain that the ontology will cover?
The ontology will cover the security and privacy domains as they pertain to healthcare IT. Initial work will focus on to Role Based Access Control (RBAC) as defined by the HL7 RBAC Permission Catalog. - For what (or how) are we going to use the ontology?
The ontology will be a rigorous and unambiguous resource that can be used to inform the Composite Security Privacy DAM and other artifacts developed by the Security and CBCC Work Groups. - Who else will use the ontology?
The ontology will make an unambiguous and internally consistent vocabulary available to external SDOs and organizations such as OASIS, ANSI-INCITS and FHIMS, which can assist their implementation of domain specific standards. - For what types of questions will the information in the ontology provide answers?
One of the ways to determine the scope of the ontology is to sketch a list of questions that a knowledge base based on the ontology should be able to help answer.
- Access control
- Can Dr. Bob update Mr. Jones’ progress note?
- Does Mr. Jones’ consent directive conflict with organizational policy?
- Does Mr. Jones’ consent directive allow Dr. Bob to read his medical history?
- Is there information in Mr. Jones’ surgical report that requires a higher level of confidentiality because of its sensitivity? These are the types of questions that a fully automated EHR security system may be expected to resolve in real time.
Consent
Sensitivity
- Who will maintain the ontology?
The Security Privacy Ontology will be maintained by the HL7 Security and CBCC Work Groups. The ontology will be balloted as an HL7 standard and will be available as an HL7 SAIF artifact. Proposals to modify and update the ontology will be reviewed and approved by members of the Security and CBCC WGs as part of the approval process.