Section 1e: Version 3 (V3)
HL7 Version 3 Standard: Privacy and Security Architecture Framework (PSAF), Release 1
DESCRIPTION
The Privacy and Security Architecture Framework (PSAF) is the overarching package that contains four balloted specifications and an informative guide. The specific normative components include: 1) Trust Framework for Federated Authorization Conceptual Model, 2) Trust Framework for Federated Authorization Behavioral Model, 3) Provenance Domain Analysis Model and 4) Audit. The intent of these standards is to provide an integrated package of a set of standards to advance communication and interoperability among partners in a shared trust framework environment.
ALTERNATIVE NAMES
HL7 Version 3 Standard: Privacy and Security Architecture Framework (PSAF), Release 1 may also go by the following names or acronyms:
BENEFITS
- Exposes specific semantic or behavioral aspects of the process of establishing a Trust Framework in a healthcare environment from creating an initial trust proposal for interoperable exchange to a decision to accept, reject, or counter a proposal, through the policy bridging process to develop a counter proposal, and the decisions as to whether to continue negotiations or to stop the process
- Provides include a scientifically oriented healthcare trust framework for data provenance as well as an audit specific volume as an underlying trust service
IMPLEMENTATIONS/CASE STUDIES
- Sponsoring organizations include Department of Veterans Affairs, and SAMHSA.
- The Trust Framework, Provenance, and Audit specifications are conceptual. Implementations include HL7 FHIR AuditEvent and Provenance Resources, and Basic Provenance Implementation Guide. Basic Provenance may be required to fulfill US CEHRT product certification to the USCDI provenance standard.
DEVELOPMENT BACKGROUND
The Privacy and Security Architecture Framework (PSAF) documents are part of a series of interrelated specifications that address core security, policy, and traceability topics needed to enable trustworthy interoperability for information exchange. The series of documents are:
- PSAF Volume 1, Trust Framework for Federated Authorization (TF4FA), Conceptual Model [HL7 PSAF TF4FA Vol. 1]: Presents a general architecture for creating a trusted relationship with a healthcare partner supporting policy derivation for security and privacy. This document provides a general conceptual overview of what defines interoperable authorized exchange and what is needed to achieve it.
- PSAF Volume 2, Trust Framework for Federated Authorization (TF4FA), Behavioral Model [HL7 PSAF TF4FA Vol. 2]: Presents a more technical behavioral model describing logical interaction among Federated Authorization components.
- PSAF TF4FA Guide [HL7 PSAF Guide]: presents an informative supplement that amplifies information contained in Volumes 1 and 2.
- PSAF Volume 3, Provenance: Presents a general conceptual overview of what defines resource lifecycle events and associated provenance events, and what is needed to process, share, and leverage that provenance data for resource trustworthiness decisions (i.e., “fitness for use” decisions by resource recipients).
- PSAF Volume 4, Audit [HL7 PSAF Vol. 4 Audit] – Presents a general conceptual overview of security audit and audit services in a healthcare environment.
RELATED DOCUMENTS
HL7 Version 3 Standard: Privacy and Security Architecture Framework (PSAF), Release 1 |
(Download) (5.60 MB) |
BALLOT TYPE
- Normative
STATUS DATE
2020-07-28RESPONSIBLE WORK GROUPS
PRODUCT TYPE
- Document
STAKEHOLDERS
- Clinical and Public Health Laboratories
- EHR, PHR Vendors
- Health Care IT Vendors
- HIS Vendors
- Payors
- Standards Development Organizations (SDOs)
FAMILY
- V3
CURRENT STATE
- Stable
REALM
- Universal