INTERNATIONAL STANDARD ISO 21298 First edition 2017-02 Health informatics — Functional and structural roles Informatique de santé — Rôles fonctionnels et structurels Reference number ISO 21298:2017(E) © ISO 2017 ISO 21298:2017(E) COPYRIGHT PROTECTED DOCUMENT © ISO 2017, Published in Switzerland All rights reserved Unless otherwise specified, no part o f this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission Permission can be requested from either ISO at the address below or ISO’s member body in the country o f the requester ISO copyright o ffice Ch de Blandonnet • CP 401 CH-1214 Vernier, Geneva, Switzerland Tel +41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org ii © ISO 2017 – All rights reserved ISO 21298:2017(E) Page Contents Foreword iv Introduction v Scope Normative references Terms and definitions Abbreviated terms Modeling roles in an architectural context 5.1 5.3 5.5 5 5.6 Ro les and p o licy as p ects Relatio ns o this s tandard to related p rivilege management s p ecificatio ns Formally modelling roles 14 6.1 6.2 6.3 Roles within the Generic Component Model Roles in privilege management f Structural roles 10 5.5.1 General 10 5.5.2 Structural roles of healthcare professions from the International Labour Organization for trans-jurisdiction mapping 10 5.5.3 Healthcare specialties 11 Functional roles 12 Roles within the Generic Component Model 14 Developing the role model 14 6.2.1 Relationships and transformation 14 6.2.2 Assignment of structural roles 15 16 Relationships between structural and functional roles 18 6.2 Generic ro le s p ecificatio n Use cases for the use of structural and functional roles in an interregional or international context 19 (informative) ISCO-08 sample mapping 20 Annex B (informative) Sample certificate profile for regulated healthcare pro fessional 31 Annex A Bibliography 33 © ISO 2017 – All rights reserved iii ISO 21298:2017(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies) The work o f preparing International Standards is normally carried out through ISO technical committees Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters o f electrotechnical standardization The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part In particular the different approval criteria needed for the di fferent types o f ISO documents should be noted This document was dra fted in accordance with the editorial rules of the ISO/IEC Directives, Part (see www.iso org/directives) Attention is drawn to the possibility that some o f the elements o f this document may be the subject o f patent rights ISO shall not be held responsible for identi fying any or all such patent rights Details o f any patent rights identified during the development o f the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso org/patents) Any trade name used in this document is in formation given for the convenience o f users and does not constitute an endorsement For an explanation on the meaning o f ISO specific terms and expressions related to formity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html This first edition o f ISO 21298 cancels and replaces ISO/TS 21298:2008, which has been technically revised The committee responsible for this document is ISO/TC 215, Health informatics iv © ISO 2017 – All rights reserved ISO 21298:2017(E) Introduction This document contains a specification for encoding in formation related to roles for health pro fessionals and consumers At least five areas have been identified where a model for encoding role information is needed a) Privilege management and access control: role-based access control is not possible without an effective means of recording role information for healthcare actors b) Directory services: structural roles are usefully recorded within directories of healthcare providers (see for example, ISO 21091) c) Audit trails: functional roles are usefully recorded within audit trails for health in formation applications d) Public key infrastructure (PKI) : The ISO 17090 series allows for the encoding of healthcare roles in certificate extensions, but no structured vocabulary for such roles is specified This document identifies such a coded vocabulary e) Purpose of use: A role specification determines for what purposes healthcare in formation can be used Purposes o f use are tied to specific roles in many cases (see for example, ISO 21091) In addition to these security-related applications, there are several other possible applications o f this standard, such as follows — Clinical care provision: finding and identi fying the right professional for a health service — Support of care: billing of healthcare services — Communication management: directing healthcare-related messages by means of a specific role — Health service management and quality assurance: defining the purpose of use for specific data This document is complementary to other relevant standards that also describe and define roles for the purpose o f access control It extends the model through the separation o f role and policy This separation allows for a richer and more flexible capability to instantiate business rules across multiple domains and jurisdictions Backward compatibility with ANSI International Committee for In formation Technology Standards (INCITS) and HL7 RBAC (Role-Based Access Control) is provided through simplification by combining policy and role into a single construct The role concepts defined in this document are re ferenced and reused in many international standards created, for example, by ISO, CEN, HL7 International Examples are ISO 22600, Re ference [9], Re ference [10 ] and Re ference [11] The European Commission and the EU Parliament have established a Pro fessional Qualifications Directive (2005/36/EC) defining medical specialties (see http://eur-lex europa eu/ legal-content/ EN/ TXT/HTML/?uri= CELEX: 02005L0036 -20140117&from= EN) Annex A provides ISOCO-08 sample mapping while Annex B provides sample certificate profile for regulated healthcare professionals © ISO 2017 – All rights reserved v INTERNATIONAL STANDARD ISO 21298:2017(E) Health informatics — Functional and structural roles Scope T h i s c u ment defi ne s a mo del b a s ic s e t o f role s for for e xpre s s i ng func tiona l and s tr uc tu l role s and p opu late s it with a i nternationa l u s e i n he a lth appl ication s Role s are genera l ly as s igne d to entitie s that are actors This will focus on roles of persons (e.g the roles of health professionals) and their roles in the context of the provision of care (e.g subject of care) Roles can be structural (e.g licensed general practitioner, non-licensed transcriptionist, etc.) or fu nc tiona l (e g a provider who i s a memb er o f a therap eutic te am, a n attend i ng phys ic ia n, pre s crib er, e tc ) Struc tu l role s are rel atively s tatic, o ften la s ti ng for many ye a rs T hey de a l with relation sh ip s between entities expressed at a level of complex concepts Functional roles are bound to the realization f f concepts Roles addressed in this document are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this document This document does not o ac tion s and a re h igh ly dynam ic T hey are norma l ly expre s s e d at a de comp o s e d level o fi ne - grai ne d add re s s s p e c i fic ation s rel ate d to p erm i s s ion s T h i s c u ment tre ats the role and the p erm i s s ion a s s ep arate s tr uc ts Fu r ther de tai l s regard i ng the relation s h ip with p erm i s s ion s , p ol ic y, a nd acce s s control are provided in ISO 22600 Normative references There are no normative references in this document Terms and definitions For the pu r p o s e s o f th i s c u ment, the fol lowi ng term s and defi n ition s apply ISO and IEC maintain terminological databases for use in standardization at the following addresses: — IEC Electropedia: available at http://www.electropedia org/ — ISO Online browsing platform: available at http://www.iso org/obp 3.1 access control me an s o f en s u ri ng th at the re s ou rce s o f a data pro ce s s i ng s ys tem c an b e acce s s e d on ly b y authori z e d entitie s i n authori ze d ways [S OU RC E : I S O/I E C - : 01 , 2 62 4] 3.2 attribute certificate authority AA authority wh ich as s ign s privi lege s b y i s s u i ng attribute certificates (3.3) [S OU RC E : I S O/I E C 59 - : 014, , mo d i fie d] © ISO 2017 – All rights reserved ISO 21298:2017(E) 3.3 data structure, digitally signed by an Attribute Authority, that binds some attribute values with a t t r i b u t e c e r t i f i c a t e (3.12) about its holder identification [SOURCE: ISO/IEC 9594-8:2014, 3.5.1] 3.4 authorization granting of privileges, which includes the granting of privileges to access data and functions Note to entry: Derived from ISO 7498-2: the granting o f rights, which includes the granting o f access based on access rights [SOURCE: ISO 22600-1:2014, 3.6] 3.5 c e r t i f i c a t i o n a u t h o r i t y CA certificate issuer; an authority trusted by one or more relying parties to create, assign and manage certificates Note to entry: Optionally, the certification authority can create the relying parties’ keys [ISO 9594-8] The CA issues certificates by signing certificate data with its private signing key Note to entry: Authority in the CA term does not imply any government authorization, only that it is trusted Certificate issuer can be a better term but CA is used very broadly [SOURCE: ISO 22600-1:2014, 3.8] 3.6 delegation conveyance o f privilege from one entity (3.8 ) that holds such privilege, to another entity [SOURCE: ISO 22600-1:2014, 3.10] 3.7 delegation path ordered sequence o f certificates which, together with authentication o f a privilege identity, can be processed to veri fy the authenticity o f a privilege asserter’s privilege asserter’s (3.19) [SOURCE: ISO 22600-2:2014, 3.15] 3.8 entity any concrete or abstract thing o f interest Note to entry: While in general, the word entity can be used to re fer to anything, in the context o f modelling it is reserved to refer to things in the universe of discourse being modelled 3.9 functional role role (3.21) which is bound to an act Note to entry: Functional roles can be assigned to be per formed during an act Note to entry: Functional roles have been specified in this document Note to entry: Functional roles correspond to the ISO/HL7 21731 RIM participation Note to entry: See also structural role (3.26) © ISO 2017 – All rights reserved ISO 21298:2017(E) 3.10 healthcare organization o ffici a l ly regi s tere d organ i z ation that s promotion EXAMPLE a mai n ac tivity relate d to role or he a lth Hospitals, Internet healthcare website providers, and healthcare research institutions N o te to entr y: T he orga n i z ation i s re co gn i z e d to b e le ga l l y l i ab le its s p e c i fic he a lthc a re s er vice s (3.21) in health for its ac ti vitie s b ut ne e d no t b e re gi s tere d for [S OU RC E : I S O 170 -1 : 01 , 4] 3.11 healthcare professional healthcare personnel having a healthcare professional entitlement recognized in a given jurisdiction N o te to entr y: T he he a lthc a re p ro fe s s io n a l entitlement entitle s a he a lthc a re pro fe s s ion a l to pro vide he a lthc a re independent of a role (3.21) in a healthcare organization (3.10) EXAMPLE GP, medical consultant, therapist, dentist, etc 3.12 identification p er forma nce o f te s ts to enable a d ata pro ce s s i ng s ys tem to re co gn i z e entitie s 3.13 non-regulated healthcare personnel p ers on employe d by a EXAMPLE healthcare organization (3.10), but who is not a regulated health professional Massage therapist, music therapist, etc [S OU RC E : I S O 170 -1 : 01 , , mo d i fie d] 3.14 organization employee p ers on employe d by a EXAMPLE healthcare organization (3.10) or a supporting organization (3.27) Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical order entr y clerks 3.15 policy set of legal, political, organizational, functional and technical obligations for communication and cooperation [S OU RC E : I S O 2 0 -1 : 014, 3 ] 3.16 policy agreement written agre ement where a l l i nvolve d p ar tie s com m it them s elve s to a s p e ci fie d s e t o f p ol icie s [S OU RC E : I S O 2 0 -1 : 014, 14] 3.17 principal human users and objects that need to operate under their own rights [S OU RC E : OM G S e c urity S er vice s Sp e ci fic ation: 01] © ISO 2017 – All rights reserved ISO 21298:2017(E) 3.18 privilege capacity assigned to an entity (3.8 ) by an authority according to the entity’s attribute Note to entry: Per OASIS Extensible Access Control Markup Language (XACML) V2.0, privilege, permissions, authorization, entitlement and rights are replaced by the term ‘rule’ [SOURCE: ISO 22600-1:2014, 3.17] 3.19 privilege asserter privilege holder using their attribute certificate (3.3 ) or public-key certificate to assert privilege (3.18) [SOURCE: ISO 22600-2:2014, 3.27] 3.20 p r i v i l (3.8) veri fying certificates against a privilege policy e entity g e v e r i f i e r [SOURCE: ISO 22600-2:2014, 3.30] 3.21 role set of competencies and/or performances that are associated with a task [SOURCE: ISO 22600-2:2014, 3.33] 3.22 certificate that contains the role attribute, assigning one or more roles (3.21) to the certificate holder r o l e a s s i g n m e n t c e r t i f i c a t e [SOURCE: ISO 22600-2:2014, 3.34] 3.23 certificate that assigns privileges (3.18) to a role (3.21) rather than directly to individuals r o l e c e r t i f i c a t e Note to entry: Individuals assigned to a role, through an attribute certificate (3.3 ) or public-key certificate with a subject directory attributes extension containing that assignment, are indirectly assigned the privileges contained in the role certificate 3.24 certificate that contains the assignment o f privileges (3.18) to a role (3.21) r o l e s p e c i f i c a t i o n c e r t i f i c a t e [SOURCE: ISO 22600-2:2014, 3.35] 3.25 sponsored healthcare provider health services provider who is not a regulated professional in the jurisdiction of his/her practice, but who is active in his/her healthcare community and sponsored by a regulated healthcare organization (3.10) EXAMPLE Drug and alcohol education o fficer who is working with a particular ethnic group, or a healthcare aid worker in a developing country [SOURCE: ISO 17090-1:2013, 3.1.10] 3.26 structural role role (3.21) speci fying relations between entities organizational or structural relations (hierarchies) in the sense o f competence, o ften reflecting Note to entry: Structural roles have been specified in this document © ISO 2017 – All rights reserved ISO 21298:2017(E) Annex A (informative) ISCO-08 sample mapping Table A.1 provides a sample mapping of multiple national regulated professionals to ISCO-08 Blank cells indicate that there is no regulation of the corresponding ISCO-08 profession in a particular jurisdiction Table A.1 — Sample mapping of multiple national regulated professionals to ISCO-08 ISCO-08 SNOMEDCT Japan 2211 Generalist medical practitioners (including District medical doctor – practitioner, General practitioner, Medical doctor (gener- 112247003 Doctor’ f f cializing in general practice, France Finland Ontario Netherlands the rap i s t, Fa m i l y me d ic a l Phys ic i a n s Medical practitioner p hys ic i a n and Surgeons Phys ic i a n s dentist Dental Surgeons Dentists Dentist Dental specialist head - Pharmacists dispenser, Pharmacists Pharmacist’ cists pharmacist Pharmacists ‘M e d ic a l GPs Australia a l ) , M e d ic a l o fice r ( ge ne l ) , Re s ident me d ic a l o fice r s p e Phys ic i a n ( ge ne l ) , P r i m a r y he a l thc a re p hys ic i a n) 2212 Specialist medical practitioners (including Anaesthetist, Cardiologist, Emerge nc y me d ic i ne s p e c i a l i s t, Gyn ae co lo gi s t, O b s te tr ic i a n , Ophthalmologist, Paediatrician, Pathologist, Preventive 69280009 atrist, Radiologist, Resident specialists me d ic i ne s p e c i a l i s t, P s ych i me d ic a l o ffic er i n s p e c i a l i s t tra i n i ng , S p e c i a l i s t p hys ic i a n (internal medicine), Surgeon, etc.) 2261 Dentists (including Dental Practitioner, Dental Surgeon, Dentist, Endodontist, Oral and Maxillofacial 106289002 Surgeon, Oral Pathologist, Orthodontist, Paedodontist, Periodontist, Prosthodontist, Stomatologist 2262 Pharmacists (including Dispensing chemist, Hospital 46255001 pharmacist, Industrial pharmacist, Retail pharmacist) 20 ‘D e nti s t’ ‘Ph a r m a Dental surgeons Interns © ISO 2017 – All rights reserved ISO 21298:2017(E) Table A.1 (continued) SNOMEDCT ISCO-08 Japan France Finland Netherlands Ontario Australia 2131 Biologists, botanists, zoologists and related professionals (including Animal Behaviourist, Bacteriologist, Biologist, Biotechnologist, 31641003 Botanist, Cell Geneticist, Marine Biologist, Microbiologist, Molecular Biologist, Molecular Geneticist, Zoologist, Pharmacologist) 3213 Pharmaceutical technician (including Pharmaceuti- 159040006 cal technician, Pharmaceutical assistant) Pharmaceutical Assistant 3212 Medical and patholoTechnolo(including Blood-bank tech- 159285000 gist’ Technician’ ‘M e d ic a l g y l ab o rato r y te ch n ic i a n s ‘C l i n ic a l n ic i a n , C y to lo g y te ch n ic i a n , L ab o rato r y M e d ic a l l ab o rato r y te ch n i medical Medical technolo- Technician gist Medical technologist Clinical technologist Medical radiation practitioner Diagnostic radiographer Nuclear medicine technologist Radiation therapist Sonographer l ab o r ato r y L ab o rato r y l ab o rato r y c i a n , P atho lo g y te ch n ic i a n) 2119 Forensic science technician 159285000 3211 Medical imaging and therapeutic equipment technicians (including Diagnostic medical radiographer, Mam- 386626000 cal Technologist’ mographer, Medical radiation therapist, Nuclear medicine technologist, Sonographer) ‘Rad io lo gi 2221 Nursing professionals (including Clinical nurse, District nurse, Nurse anaesthetist, Nurse educator, Nurse 224569005 practitioner, Professional Nurse, Public health nurse, Specialist nurse) 2 2 M idw i fer y p ro fe s s io n als (including Professional midwife) - 106294002 Radiation Technologist, Manipulateur d’electroradiologie medicale radiographe Medical Radiation Technologists Nurses nurse public health nurse Nurses Nurses Registered nurse Midwifes midwife Midwives Midwives Midwife ‘G ene l Nurse’ Health Nurse’ ‘P ub l ic ‘M id w i fe ’ 2 Phys io the rap i s ts (i nclud i n g G e r i atr ic p hys ic a l - 36682004 Therapist’ the rap i s t, P ae d i atr ic p hys ic a l the rap i s t, O r tho p ae d ic p hys ic a l the rap i s t, P hys io the pist) - © ISO 2017 – All rights reserved ‘Phys ic a l P hys io the pists - p hys io ther apist - Phys io the pists - Phys io the r apists - P hys io the r apist - 21 ISO 21298:2017(E) Table A.1 (continued) ISCO-08 SNOMEDCT Japan France 2269 Health professionals Occupationnot elsewhere classified (in al Therapist ‘Occucluding Arts therapist, Dance and movement therapist, 309398001 pational Podiatrist Therapist’ Psychomo Occupational therapist, Podiatrist, Recreational therapist, trician etc.) 2267 Optometrists and ophthalmic opticians (including Ophthalmic Optician, Optom- 28229004 etrist, Orthoptist) ‘Orthoptist’ Orthoptists Optician Finland Ontario Netherlands Australia occupational therapist protected occupa- Occupationtional title: al Therapists podiatrist, protected Chiropodists occupational title: chiropodist Occupational therapist Podiatrist Medical laboratory scientist Clinical scientist optician Optometrist Opticians Optometrist Orthoptist 2266 Audiologists and speech Audiolotherapists (including AudiSpeech and speech Speech Audiologists gists and ‘Speech ologist, Language therapist, 159026005 Therapist’ language therapist Speech-Lan- Pathology, Speech paSpeech therapist, Speech, pathologist guage Pa- Audiologist thologist Pathologist) thologists ‘Dental 3214 Medical and dental Technician’ prosthetic technicians (including Dental technician, 309428008 Prosthetics and OrthcDenturist, Orthotic technitic’ cian, Orthotist, Prosthetic ‘Artificial technician, Prosthetist) limb fitter’ Audioprothesist Prothésiste dentaire/ tech- Dental Techtechnicien dental nician nologists dentaire Prosthetist, Orthotist 3221 Nursing associate professionals (including Associate professional nurse, 224576000 Assistant nurse, Enrolled nurse, Practical nurse) Enrolled nurse 3222 Midwi fery associate professionals (including As- 309452001 sistant midwife, Traditional midwife) 2265 Dieticians and nutritionists (including Clinical ‘National dietician, Food service Registered Dieticians 159033005 dietician, Nutritionist, Public ‘Dietitian’ health nutritionist, Sports nutritionist) 22 Audiometrist Dental prosthetist Dental technician Orthotist/ prosthetist Mothercraft nurse dietitian Dieticians Dietician Nutritionist © ISO 2017 – All rights reserved ISO 21298:2017(E) Table A.1 (continued) ISCO-08 2635 Social work and counselling professionals (including Addictions counsellor, Bereavement counsellor, Child and youth counsellor, Family counsellor, Marriage counsellor, Parole o fficer, Probation o fficer, Social SNOMEDCT 106328005 Japan France ‘Certified Assistant en service social Social Worker’ Finland Ontario Netherlands Australia Social worker Welfare support worker worker, Women’s welfare organizer) Nursing support worker Personal care assistant Aged or disabled care worker 5321 Healthcare assistants, Nursing aide (including Birth ‘Certified assistant (clinic or hospital), 224577009 Care WorkNursing aide (clinic or hoser’ pital), Patient care assistant, Psychiatric aid, etc.) 5322 Home-based personal care workers (including Home care aide, Home birth 224577009 assistant, Nursing aide (home), Personal care provider, etc.) 2240 Paramedical practitioner (including Advanced care paramedic, Clinical o fficer 397897005 (paramedical), Feldscher, Primary care paramedic, Surgical technician) 3258 Ambulance workers (including Ambulance o fficer, ‘Emergency Ambulance paramedic, Emer- 409971007 Medical gency medical technician, Technician’ Emergency paramedic) 2634 Psychologists (includ ing Clinical Psychologist, Educational Psychologist, Organizational Psychologist, Psychotherapist, Sports psy- chologist) ‘Psychiat- 59944000 ric Social Worker’ © ISO 2017 – All rights reserved protected occupational title: hospital and ambulance attendant Ambulance O fficers and Paramedics, Intensive Care Ambulance Paramedic Intensive care ambulance paramedic Ambulance Psychologue psycholo gist Healthcare Psycholo - Psycholo gists, gists Psycho therapists Psychologist Clinical Psy- o fficer chologist 23 ISO 21298:2017(E) Table A.1 (continued) ISCO-08 SNOMEDCT Japan France Finland Netherlands Ontario 2149 Engineering professionals not elsewhere classiengineer, Explosive ordnance 106269003 Engineer’ engineer, Marine salvage engineer, Materials engineer, f neer, etc.) fie d (i nclud i n g B io me d ic a l Australia Biomedical engineer ‘C l i n ic a l O p tic a l en gi ne e r, S a e t y e n gi cians and assistants (including Acupressure therapist, - 309404006 apist, Massage therapist, nician, Shiatsu therapist, etc.) 5 Phys io the rap y te ch n i E le c tro therap i s t, H yd ro the r ‘M a s s e u r ’ Phys io the rap y te ch n ic i a n , Phys ic a l re h ab i l i tatio n te ch 3251 Dental assistants and therapists (including Dental 26042002 Dental therapist) a s s i s ta nt, D e nta l hyg ien i s t, protected occupational title: trained masseur Massage protected Therapists occupational title: assistant p hys io Massage therapist T he rap y a ide therapist’s assistant P hys io the rap y ‘D enta l H ygie n i s t’ dental hyg ien i s t - D enta l H y gienists gienist Dental therapist D e nta l hy 5329 Personal care workers in health services not elseing Dental aid, First-aid 184152007 Medical imaging assistant, Sterilization aid) Dental assistant Dental nurse Phlebotomist P h a r m ac y a id , Ph le b o to m i s t, T he rap y a ide 1120 Managing directors and chief executives (including Chief executive, Managing 265911003 director, Regional manager) Chief execuf General manager 1342 Health service managers (including Clinical care coordinator, Director 224579007 of nursing, Hospital matron, Medical administrator) Medical administrator, Nursing clinical director, Health service manager Nurse manager whe re cl a s s i fie d (i nclud atte nd a nt, H o s p i ta l o rderl y, d i re c to r, C o m mu n i t y he a l th 24 ti ve o fic er © ISO 2017 – All rights reserved ISO 21298:2017(E) Table A.1 (continued) ISCO-08 1343 Aged care service managers (Aged care home director, Community aged care coordinator, Nursing home director, Retirement village coordinator) SNOMEDCT Japan France Finland Ontario Netherlands Australia 224608005 1344 Social welfare managers (including Community centre manager, Family services manager, Housing services manager, Welfare Centre Manager, etc.) 158932008 ‘Care Man- ager’ 3254 Dispensing opticians (including Contact lens optician, Dispensing optician, 159023002 etc.) 3259 Health associate professionals not elsewhere classi- 106288005 fied (including Chiropractors, Osteopath, Naprapaths) Optical dispenser protected occupational title: trained chiropractor protected occupa- Chiropractional title: tors trained osteopath protected occupational title: naprapath Chiropractor Osteopath 3413 Religious associate professionals (including Faith 54503009 healer, Lay preacher, Monk, Nun) 2230 Traditional and complementary medicine practitioners (including Acupuncturist, 225423004 Ayurvedic practitioner, Chinese herbal medicine practitioner, Homeopath, Naturopath, Unani practitioner) © ISO 2017 – All rights reserved Acupuncturist Chinese herbal medicine practitioner Chinese herbal dispenser Naturopath Homeopath 25 ISO 21298:2017(E) Table A.1 (continued) SNOMEDCT ISCO-08 Japan France Finland Ontario Netherlands Australia 3230 Traditional and compleprofessionals (including Bonesetter, Herbalist, Witch 224609002 doctor, Village healer, Scraping and cupping therapist) me nta r y me d ic i ne a s s o c i ate 5321 Healthcare assistants (including Birth assistant (clinic or hospital), Nursing 224577009 aide (clinic or hospital), chiatric aid) P atie nt c a re a s s i s ta nt, P s y 3256 Medical assistant (including Advanced care f (paramedical), Feldscher, Surgical technician) 2263 Environmental and occupational health and protected occupaAide soign- tional title: ant assistant nurse Nursing Assistant 22515006 p a me d ic , C l i n ic a l o fice r P r i m a r y c a re p a me d ic , 307969004 hyg ie ne p ro fe s s io n a l s 2133 Environmental protec- 265926001 tion professional 3257 Environmental and occupational health inspectors and associates (including Health inspector , Occupational health and s a fe ty i n s p e c to r O cc up ation a l Environmental Health f Occupational Health and 45956004 O fice r he a lth a nd s a fe ty i n s p e c to r , S a n ita r i a n, S an ita r y i n s p e c tor, Workplace health and - S a fe t y O ffice r s a fe ty) mers (including Astronomer, 106257006 1 Phys ic i s ts a nd a s tro no M e d ic a l Phys ic i s t, N ucle a r Phys ic i s t, P hys ic i s t) protected occupational title: hospital M e d ic a l p hys icist - p hys ic i s t 2352 Special needs teachers (including Learning Disabilities Special Education Teacher, Learning support teacher, 281569003 Remedial teacher, Teacher of gifted children, Teacher of the hearing impaired, Teacher of the sight impaired) 2250 Veterinarians (including Animal pathologist, Ve ter i n a r i a n , Ve te r i n a r y 106290006 e p ide m io lo gi s t, Ve te r i n a r y i nte r n , Ve te r i n a r y s u r ge o n) 26 © ISO 2017 – All rights reserved ISO 21298:2017(E) Table A.1 (continued) ISCO-08 SNOMEDCT 3240 Veterinary technician (including Artificial insemi nator, Veterinary assistant, Veterinary nurse, Veterinary 53216000 Japan France Finland Ontario Netherlands Australia vaccinator) 3344 Medical secretaries (including Medical secretary, Medical practice manager, Medical o ffice administrative assistant, Hospital ward secretary, Patient care sec- 394572006 retary, Medical stenographer, Medical insurance, Billing secretary, Pathology secre tary, Medical transcription ist, Medical stenographer) 3252 Medical records and health information technicians (including Clinical coder, Disease registry tech- 56542007 nician, Health information clerk, Medical records analyst, Medical records clerk, Medical records technician) 4132 Data entry clerk, Filing clerk (including Data entry operator, Data input clerk, Payment entry clerk) 68758003 2621 Archivists and curators (including Health Informa- 106326009 tion Management) 3253 Community health workers (including Commu- nity health aide, Community health promoter, Community health worker, Village health worker) Medical reMedical record clerk Health information o fficer Health information manager Health information technology specialists cords o fficer 307982007 Health Information Manager Aboriginal and Torres Strait Islander health practitioner Indigenous health worker Table A.2 provides a sample US national role mapping to ISCO-08 classification © ISO 2017 – All rights reserved 27 ISO 21298:2017(E) T a b l e A — S a m p l e U S n a t i o n a l r o l e m a p p i n g SNOMED-CT HCFA Role (National) Licensed acupuncturist 225423004 171100000N Athletic trainer 40677000 2255A2300X Audiologist 309418004 159039009 231H00000X 2355A2700X 3842006 111N00000X State role description Audiology assistant Chiropractic physician t o I S C O - c l a s s i f i c a t o n ISCO-88 Role Description ISCO-08 Role (International) plementary medicine 2230 Traditional and compractitioners Fitness and recreation instructors and program leaders Audiologists and speech therapists Healthcare assistants Health associate professionals not elsewhere classified Physiotherapy techni- Registered chiropractic assistant 309404006 Clinical lab director 265911003 Clinical lab technician 159285000 Clinical lab technologist 159285000 Clinical social worker Dentist 158950001 106289002 Dental hygienist 26042002 Dental radiographer 159016003 Dietetics/Nutritionist 159033005 Nutrition counselors 159033005 Electrologist 106288005 246QM0706X cians and assistants Managing directors 246QL0901X and chief executives Medical and pa247200000X thology laboratory technicians Medical and pa246QM0706N thology laboratory technicians work and coun1041C0700X Social selling professionals 122300000X Dentists Dental assistants and (Den124Q00000X tal therapists hygienists and therapists) Medical imaging and 2471R0002X therapeutic equipment technicians and nutri133V00000X Dieticians tionists and nutri133NN1002X Dieticians tionists Health associate 246QM0706X professionals not Hearing aid specialists 309421002 237700000X Massage therapist 45419001 Medical doctor 112247003 Medical doctor public psychiatry certificate 80584001 technicians and 225700000X assistants (massage therapists) 2211 Generalist medical 208D00000X ers, 2212practitionSpecialist medical practitioners medical 2084P0800X Specialist practitioners 28 i elsewhere classified Medical and dental prosthetic technicians (Dental) Physiotherapy 3433 2266 5321 3259 3255 1120 3212 3212 2635 2261 3251 3211 2265 2265 3259 3214 3255 2211, 2212 2212 © ISO 2017 – All rights reserved ISO 21298:2017(E) Table A.2 (continued) SNOMED-CT Medical doctor public health cer- HCFA Role (National) tificate 56466003 2083P0901X Medical doctor area critical need 112247003 208D00000X Diagnostic radiological physicist 386626000 2085R0205X Therapeutic radiological physicist 386626000 2085R0203X Medical nuclear radio physicist 386626000 2085N0904X Medical health physicist 386626000 246QM0706X Mental health counselor 310190000 101YM0800N Midwife 106294002 176B00000X Naturopathic physician 225423004 175F00000X Advanced registered nurse practitioner Registered nurse Licensed practical nurse 224571005 224535009 224576000 363L00000X 163W0000X 164W00000X Nursing home administrator 224608005 376G00000X Ancillary service providers - Occupational therapy 80546007 225X00000X Occupational therapy assistant 224587008 224Z00000X Dispensing optician 49203003 156FX1800X Optometrist 28229004 152W00000X Orthotist 309428008 222Z00000X Orthotic fi fter 309429000 225000000X Orthotic fi fter assistant 309429000 246QM0706X Prosthetist-Orthotist 309428008 224P00000X Osteopathic physician 416889001 46255001 208D00000X 183500000X State role description Pharmacist © ISO 2017 – All rights reserved ISCO-88 Role Description Specialist medical practitioners Specialist medical practitioners Medical imaging and therapeutic equipment technicians Medical imaging and therapeutic equipment technicians Medical imaging and therapeutic equipment technicians Physicists and as tronomers Social work and counselling professionals Midwi fery pro fes sionals Traditional and complementary medicine practitioners Nursing professionals Nursing professionals Nursing associate professionals Aged care service managers Health professionals not elsewhere classified (Occupational therapists) Physiotherapy technicians and assistants Optometrists and ophthalmic opticians Optometrists and ophthalmic opticians Medical and dental prosthetic technicians Medical and dental prosthetic technicians Medical and dental prosthetic technicians Medical and dental prosthetic technicians Specialist medical practitioners Pharmacists ISCO-08 Role (International) 2212 2212 3211 3211 3211 2111 2635 2222 2230 2221 2221 3221 1343 2269 3235 2267 2267 3214 3214 3214 3214 2212 2262 29 ISO 21298:2017(E) Table A.2 (continued) State role description Nuclear pharmacist Ancillary service providers - Phys - ical Therapist Physical therapist assistant Physician assistant Podiatric physician Prosthetist Respiratory care Certified radiation therapy tech- nician Respiratory care practitioner criti - SNOMED-CT 46255001 36682004 309404006 449161006 159034004 309428008 442867008 309404006 1835N0905X 225100000X ISCO-88 Role Description Pharmacists Physiotherapists techni225200000X Physiotherapy cians and assistants 363A00000X Doctor’s assistants medical 213E00000X Specialist practitioners Medical and dental 224P00000X prosthetic technicians 227900000X Physiotherapists techni227800000X Physiotherapy cians and assistants ISCO-08 Role (International) 2262 2264 3255 3211 2212 3214 2264 3255 2279C0205X Physiotherapists 2264 227900000X 103TS0200X 235Z00000X Physiotherapists Speech-language pathology 442867008 310192008 159026005 2264 2634 2266 Audiologist Speech-language pathology assis - 309418004 231H00000X tant 309404006 2355S0801X Audiology assistant 224594006 Homeopath 225423004 Licensed vocational nurse (same as licensed practical nurse) 224576000 cal care Respiratory care practitioner non-critical care School psychologist 30 442867008 HCFA Role (National) Psychologists Audiologists and speech therapists Audiologists and speech therapists Physiotherapy techni- cians and assistants techni2355A2700X Physiotherapy cians and assistants Traditional and com175L00000X plementary medicine practitioners associate 164W00000X Nursing professionals 2266 3255 3255 2230 3221 © ISO 2017 – All rights reserved ISO 21298:2017(E) Annex B (informative) S a m p l e c e r t i f i c a t e p r o f i l e f o r r e g u l a t e d h e a l t h c a r e p r o f e s s i o n a l The following is adapted from annex material from ISO 17090-2 NOTE The following example is for illustrative purposes only and is not intended to state the future format o f health certificates issued in the jurisdiction John Stuart Woolley; license issued by State o f Cali fornia Medical License Board, license number 20A4073, license status code 17 (‘01’ is ‘active and current’), issue date 22 March 2007 — expiration date 21 March 2010 Version (2 – decimal code for version certificates) SerialNumber (unique number) Signature (sha-1WithRSAEncryption {1,2,840,113549,1,1,5}) Issuer countryName localityName organizationName commonName (US=United States of America) (California) (Name-of-CA-for-California-Health-Care) (Name-of-CA-for-California-Health-Care) (validity period coded as UTCTime) Validity Subject organizationName (US=United States of America) (California) (CertHolderOrganization) commonName (Woolley, John Stuart) surname (Woolley) givenName (John Stuart) countryName localityName subjectPublicKeyInfo algorithm (public RSA key, 1024 bit {1,2,840,113549,1,1,1}) subjectPublicKey (Subject’s PUBLIC KEY) Extensions a u t h o r i t y K e y I d e n t i f i e r © ISO 2017 – All rights reserved (unique identifier o f CA public key) 31 ISO 21298:2017(E) subjectKeyIdentifier (unique identifier o f subject public key) keyUsage (digitalSignature or non-repudiation or keyEnci- certificatePolicies (appropriate policy OID) cRLDistributionPoints (CRL X.500 entry location) pherment) subjectDirectoryAttributes ( hcRole OBJECT IDENTIFIER ::= id-hcpki-at-healthcareactor hcActorData SET OF { codedData CodedData ::= { codingSchemeReference OBJECT IDENTIFIER ::= 21 298.1 , codeDataValue NUMERIC STRING ::= 2211 , codeDataFreeText DirectoryString ::= Medical Doctor} regionalHCData Sequence o f RegionalData ::= { type OBJECT IDENTIFIER ::= OID-for-this-regional-encoding, country PrintableString (SIZE (2) ::= US, issuingAuthority DirectoryString ::= (C=US, L=CA, OU=Cali fornia Medical License Board), nameAsIssued DirectoryString ::= (CN= John Stuart Woolley) hcMajorClassCode CodedData ::= { codingSchemeReference OBJECT IDENTIFIER ::= ASTM-Coding-Scheme- for-Type-OID, codeDataValue NUMERIC STRING ::= 111N00000X} codeDataFreeText UTF8String ::= “license number 20A4073”} hcMinorClassCode CodedData ::= { codingSchemeReference OBJECT IDENTIFIER ::= ASTM-Coding-Scheme-for-Licen se-Status-OID codeDataValue NUMERIC STRING ::= (unrestricted) , codeDataFreeText UTF8String ::= “unrestricted”} } ) Note that, in this example, a license number and license status have been encoded as regional data Such regional data is optional, and the decision to include or exclude such regional data is left up to the issuing CA 32 © ISO 2017 – All rights reserved ISO 21298:2017(E) Bibliography [1] ISO 2382-8, Information technology — Vocabulary — Part 8: Security [2] ISO/IEC 9594-8, Information technology — Open System s Interconnection — The Directory: Authentication framework [3] ISO/IEC 10746-2, Information technology — Open Distributed Processing — Reference Model: Foundation s [4] [5] ISO 17090-1, Health informatics — Public Key Infrastructure ISO 22600-1:2014, Health informatics — Privilege management and access control — Part : Overview and policy management [6] ISO 22600-2:2014, Health informatics — Privilege management and access control — Part 2: Formal models [8] B Architectural approach to eHealth for enabling paradigm changes in health Methods 2010, 49 (2) pp 123–134 B lobel B., Ruotsalainen P., G onz lez C., L ó pez D Policy-Driven Management o f Personal Health In formation for Enhancing Interoperability Stud Health Technol Inform 2014, 205 pp 463–467 [9] HL7 International Inc HL7 Healthcare Privacy and Security Classification System (HCS) – Release Ann Arbor: HL7 International; May 2013 [10] HL7 International Inc The HL7 Healthcare (Security and Privacy) Access Control Catalog Release Ann Arbor: HL7 International; 2016 [11] HL7 International Inc HL7 Composite Security and Privacy Domain Analysis Model Ann Arbor: HL7 International; 2009 [12] HL7 International Inc HL7 Version Standard: XML Implementation Technology Specification Ann Arbor: HL7 International; 2014 [13] International Labour Organization: International Standard Classification o f Occupations 2008 [7] B lobel Inf Med (ISCO-08) © ISO 2017 – All rights reserved 33 ISO 2 98: 01 7(E) ICS  35.240.80 Price based on 33 pages © ISO 2017 – All rights reserved