Describes principles and also specifies services needed for managing privileges and access control to data and/or functions.

This multi-part International Standard defines principles and specifies services needed for managing privileges and access control to data and/or functions.

It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation.

It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.

This part of ISO22600 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO22600-2.

This part of ISO22600 excludes platform-specific and implementation details. It does not specify technical communication security services, authentication techniques, and protocols that have been established in other International Standards such as e.g. ISO7498-2, ISO/IEC10745 (ITU-T X.803), ISO/IEC/TR13594 (ITU-T X.802), ISO/IEC10181-1 (ITU-T X.810), ISO/IEC9594-8 (ITU-T X.509), ISO/IEC9796 (all parts), ISO/IEC9797 (all parts), and ISO/IEC9798 (all parts).