The FHIM Security and Privacy domain models information related to access-control policies and their enforcement. While historically security and patient-defined consent have been viewed as separate subjects, in effect they are enforced the same way, especially in a distributed environment. For example, there is no functional difference between the enforcement of a corporate policy that declares that only mental health specialists can see mental health data and the enforcement of a patient’s directive to grant visibility of their mental-health related medications to their primary physician, but not to their dentist.
The FHIM Security and Privacy domain is closely based on the HL7 Security and Privacy Domain Analysis Model (DAM) of May 2010. There are however, several important differences between this FHIM model and the DAM: a) The DAM has SecurityRole as a subtype of CompositePolicy. We made it an association instead. Then, because both BasicPolicy and CompositePolicy have associations to SecurityRole, we moved the association to Policy, which is the common supertype of both BasicPolicy and CompositePolicy. b) The DAM models JurisdictionalOrganization and ProviderOrganization as subtypes of Authority. Indeed, ProviderOrganization is also a subtype of Grantee (multiple-inheritance). In the FHIM, ProviderOrganization and JurisidictionalOrganization are existing stand-alone concepts. So we changed the inheritance relationship to association relationships. c) The DAM models Patient and Population as subtypes of SubjectOfRecord. In the FHIM, Patient and Population are existing stand-alone concepts. So we changed the inheritance relationship to association relationships.
There are some outstanding issues as well. We need to better understand the PrivateInsurance and PublicServices classes. These appear to mimic E/E/COB classes, but the purpose for these is unclear. HL7 already has an exhaustive list of coverage types. Should OrganizationalProvider be an Entity rather than a Role?

Classifiers

AtomicPolicy

AuthenticationToken

Authority

AuthorizationPolicy

Clearance

ClearancePolicy

ClinicalCondition

CompositePolicy

ConfidentialityType

ConsentDirective

Consenter

ConstraintPolicy

ContextualPolicy

DelegationPolicy

FunctionalGroup

FunctionalRole

Grantee

Grantor

GroupPolicy

HierarchicalGroup

InformationObject

InformationResource

Initiator

InitiatorBasedPolicy

ObligationPolicy

Operation

OperationType

Permission

PermissionCatalog

Policy

PolicyConstraint

PolicyProgramSource

Population

PrivacyMarkPolicy

PrivacyPolicy

PrivacyRule

Provision

ProvisionActor

ProvisionData

PurposeOfUsePolicy

RefrainPolicy

RelationshipPolicy

ResourcePolicy

RolePolicy

SecurityContext

SecurityGroup

SecurityLabel

SecurityLabelCategory

SecurityLabelHandling

SecurityLabelHeader

SecurityPolicyInformationFile

SecurityRole

StructuralRole

SubjectOfRecord

TrustContract

TrustFramework

UserIdentity

Verification

Diagrams

_SecurityAndPrivacy

Properties: