Privacy Enforcement

The Open Immunize IMS system has been designed to protected PHI (protected health information). This is done via a flexible access control system based loosely on XACML concepts. OpenIZ’s plugin model allows third party access control schemes to be used, however the general call structure is illustrated below:

  1. An external service (such as a message handler, workflow, forecasting process, etc.) makes a request for disclosure of a piece of information from the data store known as a securable.
  2. The data persistence service retrieves the data from the data persistence store
  3. The data persistence service fires the Queried or Retrieved event which a policy enforcement provider subscribes to.
  4. The PEP will make a call to the policy decision service configured in the IMS’ application context. The policy decision provider uses information from the current authorization context (i.e. security principal in the current request pipeline) and collects a “most restrictive” series of decisions based on policies.
  5. If the PDP has made a GRANT or ELEVATE decision an policy identifier, it may contact the policy information provider to retrieve additional information about the policy to determine if elevation or grant is permitted.
  6. The policy enforcement service will use this information to filter/censor the results.

image

There are three outcomes of a policy decision :