Role-Based Access Control (RBAC)Semi-Annual Report
PRESENTATION TO xxxHigh Performance Technologies Group (HPTG), a DRC Company
Period of Performance August 2011 to January 2012
VETERANS HEALTH ADMINISTRATION
Report Objectives and Background
Present a review of all accumulated changes conducted to RBAC documentation. Include a summary of documents of what has changed.
Support the development of security and privacy vocabulary and standards within Health Level 7 (HL7) crucial to creating the rules that express who can see what information under what conditions.
Software Security Architecture provides support for the development of VHA line of business role definitions and standardization of such roles for interoperability purposes where feasible.
2
VETERANS HEALTH ADMINISTRATION
RBAC Activities within the Past Six Months
3
The following RBAC deliverables have been reviewed and updated:
HL7 Permission Catalog
HL7 Constraint Catalog
VHA Functional Role Catalog
VHA Structural Role Catalog
RBAC Roadmap
RBAC Database
RBAC Task Force Charter
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Permission Catalog
Healthcare Permission Catalog, Release 2HL7 Security Technical Committee
Description: The Permission Catalog as an HL7 standard presents normative language to the HL7 permission vocabulary by constructing {operation, object} pairs.
Editorial update performed. The updated document (version 4.13) of the HL7 Permission
Catalog will be presented at the upcoming January WGM in San Antonio.
If the changes made to the document are substantial the Permission Catalog will need to go through an additional ballot cycle.
VETERANS HEALTH ADMINISTRATION
Illustration of Updates – HL7 RBAC Permission Catalog
5
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Constraint Catalog
Constraint Catalog, Version 1.41HL7 Security Technical Committee
Description: The Constraint Catalog introduces a process and a catalog of constraints on identified healthcare permissions as presented in the HL7 RBAC Permission Catalog, a normative HL7 standard.
Reviewed the content, performed editorial update and updated references.
Updated versions of the HL7 Constraint Catalog will be presented at
the upcoming January WGM in San Antonio.
VETERANS HEALTH ADMINISTRATION
Illustration of Updates – HL7 Constraint Catalog
7
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Functional Roles
VA Functional Role Catalog, Version 11.4
Description: The VA Functional Role Catalog defines functional roles for use within the Department of Veteran Affairs (VA). The Functional Role Catalog includes support for functional roles needed for authorizing VA healthcare provider access to Protected Health Information (PHI), as well as other categories of roles needed throughout the Department.
Document template updated Updated citations and references RBAC Roadmap V13.3 embedded into document
VETERANS HEALTH ADMINISTRATION
Illustration of Updates – VA Functional Role Catalog
9
REFERENCES UPDATED
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Structural Roles
VA Structural Role Catalog, Version 11.2Description: The VA Structural Role Catalog defines structural roles within the Department of Veteran Affairs Veterans Health Administration (VHA) and represents the consensus work product of the VA RBAC Task Force.
Role descriptions and NUCC references updated. Additional roles accepted in the referenced ASTM E1986-09
added SNOMED code values column added Numeric identifier added as found in ASTM E1986-09 and
RBAC Permission Catalog, Release 2 The Structural Role document table has been rearranged
to correspond in-line with data found in the ASTM E1986.
VETERANS HEALTH ADMINISTRATION
Illustration of Updates – VA Structural Roles
11
NUCC
SNOMED CT
NUMERIC ID
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Role Roadmap
VA Role Roadmap, Version 13.3
Description: The RBAC Roadmap contains mappings between roles and permissions as defined by the VHA RBAC Task Force.
ReadMe descriptive tab added to spreadsheet Consolidated previously listed “non-ASTM” and “VHA-specific”
tabs to the main spreadsheet to coincide with the new ASTM E1986-09 accepted standard.
The RBAC Roadmap now contains only two tabs: Licensed and Non-Licensed Providers and has been
Roles reorganized to directly correspond to both the ASTM E1986-09 standard and the Structural Roles Catalog
VETERANS HEALTH ADMINISTRATION
Illustration of Changes – RBAC Roadmap
13
NEW
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Role Database
Role Based Access Control (RBAC) DatabaseVersion 2.0
Description: The RBAC Database implemented in Microsoft Access contains the information provided by the previously mentioned RBAC catalogs. The RBAC Database supports a generation of queries and reports to be used for various purposes.
Database reviewed for consistency with the current RBAC documentation.
Database will be updated with the 2012 versions of: Structural Roles Functional Roles Permission Catalog, Version 2
VETERANS HEALTH ADMINISTRATION
Role Based Access Control (RBAC) – Task Force Charter
RBAC Task Force CharterVA RBAC Support Group Charter
Description: The purpose of the RBAC charter is to establish the Department of Veterans Affairs (VA) RBAC Support Group (SG), define mission, scope of authority, responsibilities, executive sponsors, stakeholders, membership, and communication modes. Collaboration between VA and DoD is envisioned and the development of a new RBAC SG will be established.
Support Group Charter reflects a VA-wide RBAC support. Further instruction and guidance on VA organization will be
provided by VA
Scope of the RBAC TF is being redefined. Collaboration of VA with DoD is a possibility. The RBAC Support Group charter will reflect current focus and scope once established. Coordination is being pursued by VA and DoDrepresentatives. Detailed information is not available at the time of this report.