diff --git a/ITI/SeR/index.html b/ITI/SeR/index.html index 4c8f3d317..c9cb8111c 100644 --- a/ITI/SeR/index.html +++ b/ITI/SeR/index.html @@ -137,7 +137,7 @@

Please verify you have the most recent version of this document. See here for Trial Implementation and Final Text versions and here for Public Comment versions.

Foreword

This is a supplement to the IHE IT Infrastructure Technical Framework. Each supplement undergoes a process of public comment and trial implementation before being incorporated into the volumes of the Technical Frameworks.

-

This supplement is published on August 12, 2022 for public comment. Comments are invited and can be submitted using the ITI Public Comment form or by creating a GitHub Issue. In order to be considered in development of the trial implementation version of the supplement, comments must be received by September 12, 2022.

+

This supplement is published on October 24, 2022 for trial implementation and may be available for testing at subsequent IHE Connectathons. The supplement may be amended based on the results of testing. Following successful testing it will be incorporated into the IT Infrastructure Technical Framework. Comments are invited and can be submitted using the ITI Public Comment form or by creating a GitHub Issue.

This supplement describes changes to the existing technical framework documents.

"Boxed" instructions like the sample below indicate to the Volume Editor how to integrate the relevant section(s) into the relevant Technical Framework volume.

@@ -532,7 +532,8 @@
39.4.2.1.2 XDS Repositories with a centralized Authorization Decision Manager Process Flow
-

Figure 39.4.2.1.2-1: Basic Process Flow in SeR Profile Figure 39.4.2.1.2-1: Process Flow of the use case. Note: The source code for the UML diagram is available here.

+

Figure 39.4.2.1.2-1: Basic Process Flow in SeR Profile Figure 39.4.2.1.2-1: Process Flow of the use case.

+

Note: The source code for the UML diagram is available here.

39.4.2.2 Use Case #2: Query Type Extension Use Case

This use case describes how a Community uses the SeR Profile to enforce authorization for all actors which manage sensitive data and uses various query types in a national extensions.

In this use case sensitive information has been identified to be:

@@ -566,7 +567,8 @@
39.4.2.2.1 Query Type
  • enforce the Authorization Decision returning only the data the healthcare professional is authorized for.
    • 39.4.2.2.2 Query Type Extension Process Flow
    -

    Figure 39.4.2.2.2-1: Query Type Extension Process Flow Figure 39.4.2.2.2-1: Process Flow of the use case with query type extension Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines.The source code for the UML diagram is available here.

    +

    Figure 39.4.2.2.2-1: Query Type Extension Process Flow Figure 39.4.2.2.2-1: Process Flow of the use case with query type extension

    +

    Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines.The source code for the UML diagram is available here.

    39.4.2.3 Use Case #3: Mobile Health Use Case

    This use case describes how an MHD Document Responder uses Authorization Decisions made by the Authorization Decisions Manager.

    To protect the sensitive information against malicious misuse the MHD Document Responder is grouped with the Authorization Decisions Verifier and performs an Authorization Decisions Query [ITI-79] messages whenever a MHD Document Consumer queries for the sensitive data to disclose the data based on the Access Decision.

    @@ -577,7 +579,8 @@
    39.4.2.3.1 Mobile Health Use

    Dr. Brown uses her tablet to query the laboratory reports of her patient Mr. White. The hospitals mHealth app has previously been registered and authorized by the hospital IT authorizing the mHealth app to perform the transactions defined in the MHD Profile.

    The mHealth infrastructure enforces Authorization Decisions in the background and discloses the laboratory reports depending on the access policies of the hospital (e.g., identity and role of Dr. Brown, employment state, etc.).

    39.4.2.3.2 Mobile Health Use Case Process Flow
    -

    Figure 39.4.2.3.2-1: Mobile Health Process Flow Figure 39.4.2.3.2-1: Process Flow of the mhealth use case. Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines. The source code for the UML diagram is available here.

    +

    Figure 39.4.2.3.2-1: Mobile Health Process Flow Figure 39.4.2.3.2-1: Process Flow of the mhealth use case.

    +

    Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines. The source code for the UML diagram is available here.

    39.5 SeR Security Considerations

    To prevent interaction with malicious third parties, a closed system of trust based on TLS digital identities is strongly recommended. Authorization Decisions Manager should accept queries only from a restricted set of Secure Nodes/Applications. The Authorization Decisions Verifier should perform queries only to the domain-identified Authorization Decisions Manager.

    Authorization Decisions my be collected by the Authorization Decisions Manager. These Authorization Decisions should not be exposed to other systems and encryption may be used (when stored by the Authorization Decisions Manager) to avoid the disclosure of sensitive information.