Where is the security information model?

The landing page of specifications does not contain the word security.

The EHR information model specifications refer to ACCESS_CONTROL_SETTINGS claiming it is in the Security Information model :

…by an instance of a subclass of the abstract class ACCESS_CONTROL_SETTINGS , defined in the Security Information Model

and architecture overview refers to it in 5.5.1.5 :

The Security Information Model defines the semantics of access control and privacy setting for information in the EHR.

A google search for openEhr “security information model” brings no direct results, but brings an issue I created in 2019 which shows I was looking for this before (and I have absolutely no memory of that…)

So let me ask before I forget why I opened this topic: where is the security information model?

ACCESS_CONTROL_SETTINGS is a placeholder class which should be specialised according to specific security models. A long time ago, we assumed that something produced by either ISO 13606 or ISO PMAC would be the origin of such a model. The latter might still be.

Anyway, things have changed a bit since the original modelling, and we now have GDPR, and a better idea of what ‘consent’ might mean, including computationally. So anything that looked like an RBAC model of access is probably today something designated by a patient consent, rather than an institutional system.

There are 2 models of consent in IHE, here’s the advanced one (APPC).

There is still no clear model of content-based EHR access that I know of. The key is that whatever it is has to be patient- and clinician- comprehensible i.e. someone could be an app with an intuitive UI to represent the gatekeeping possibilities.

Obviously a lot of other things have changed since the original modelling, including cloud-based computing, a theory of distributed computing based on moving algorithms around not data etc etc.

We need a newer analysis. For me, the starting point would be the re-purposing of the ACCESS_CONTROL_SETTINGS as a managed computable consent object for each EHR. There’s a lot more to do of course.

Thanks. That’s helpful, but unless I’m missing something here, there is no security information model but it is mentioned across the specs. Shouldn’t we remove references to it in this case?

1 Like