Framework di architettura di servizi per la sanita'

       HSSP PASS


The HSSP project Privacy, Access and Security Services (PASS) deals with the general topic of interoperability of security procedures in health-clinical processes, with the aim of defining a suite of basic services, necessary to meet the requirements of security, such as privacy, control and manage access to clinical data, consensus and identity management.

As part of the application services for health care, the main security requirement under the right to privacy, exercised by the person, the patient first, on own personal, clinical and health data. Privacy is the actual capacity of the subject to disaggregate the data concerning him and selectively grant permit access to those data, or to withdraw such grant at any time with immediate effect. Imposing and monitoring of privacy are part of the basic operation of the ecosystem services for Healthcare.


Respect for privacy is ensured by the fact that the safe storage of the data must be made in advance and that, in the face of a request for access to clinical health data of a particular person, it must be verified if the applicant has the required permission. In retrospect, it must be possible to verify that the privacy directives have been applied correctly and that there have been violations.  


The work done so far, has been structured in different subject areas, including active ones are:


Ø  Privacy, Access and Security Services - Access Control (PASS AC), whose purpose concerns the interoperability of access control procedures to social care information, with the aim of defining a set of standard service interfaces, for those functional skills necessary to protect the resources (in terms of authorization and access control), preserved in the management of clinical data present in a distributed environment, particularly the ability to implement and convey that the patient gives informed consent for the 'access to information relating to it. In fact, the patient becomes "everywhere" administrator of access rights to his own data.

Ø  Privacy, Access and Security Services – Healthcare Audit (PASS Audit),  whose purpose concerns to the interoperability of the procedures relating to inspection (audit) of operations, performed within the system, with the objective of defining a collection of standard service interfaces for logging and audit capabilities, to assist the protection of patient’s health and clinical information. The purpose of the audit service is to implement the principle of accountability, or to trace the disclosure of sensitive data and to identify and characterize any violations of the privacy directives.

The reference standards for safety management in service architectures, generally accepted and whose implementation is available and widespread, are:

Ø  Formal generalized models, applied in various contexts, in which no component is explicitly limited to a healthcare environment:

ü  ISO TS 22600-2:2006 – Privilege Management and Access Control - Part 2: Formal Models for the the control template concepts, according to which, when a request is made for a service, the service access control protects the service provider from unauthorized access, according to the policy control;

ü  ISO 10181-3 Access Control framework for Authorization Reference Model, which describes a service, in the context of its general access control information types, with associated activities Service Provider Security and Consent Management;

ü  ISO 10181-7 Security Audit and Alarms Framework, which refines the concept of security audits described in ITU-T Rec X.810 / ISO / IEC 1018l-l and includes the discovery of events and resulting actions; it focuses on 2 capabilities provided to an external entity " Privacy Accounting"..   

Ø  Standard implementation:

ü  the stack WS-Security (on the WS * Platform);

ü  SAML (Security Assertion Markup Language);

ü  XACML (eXtensible Access Control Markup Language).

WS-Security Infrastructure (servers and interceptors that implement the authentication and confidentiality of messages), SAML (SAML identity provider, SAML service provider) and XACML are part of the ecosystem SOA standards.

Ø  Standard that direct the technical mechanisms to provide the collection of audit records in the health sector:

ü  ISO/CD 27789 - Health informatics - Audit trails for electronic health records;

ü  IHE Audit Trail and Node Authentication (ATNA)  - Integration Profile Audit Trails User Accountability;

ü  [DICOM95] - Digital Imaging and Communications in Medicine (DICOM) Supplement 95: Audit Trail Messages;

ü  The Open Group - Distributed Audit Service (XDAS), Preliminary Specification;

ü  ISTPA – Privacy Management Reference Model.