Browse Prior Art Database

Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications (RFC3881)

IP.com Disclosure Number: IPCOM000031625D
Original Publication Date: 2004-Sep-01
Included in the Prior Art Database: 2004-Oct-01
Document File: 48 page(s) / 87K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Marshall: AUTHOR

Abstract

This document defines the format of data to be collected and minimum set of attributes that need to be captured for security auditing in healthcare application systems. The format is defined as an XML schema, which is intended as a reference for healthcare standards developers and application designers. It consolidates several previous documents on security auditing of healthcare data.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group                                        G. Marshall

Request for Comments: 3881                                       Siemens

Category: Informational                                   September 2004

           Security Audit and Access Accountability Message

           XML Data Definitions for Healthcare Applications

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  The

   IETF disclaims any knowledge of the fitness of this RFC for any

   purpose, and notes that it has not had IETF review.  The RFC Editor

   has chosen to publish this document at its discretion.

Abstract

   This document defines the format of data to be collected and minimum

   set of attributes that need to be captured for security auditing in

   healthcare application systems.  The format is defined as an XML

   schema, which is intended as a reference for healthcare standards

   developers and application designers.  It consolidates several

   previous documents on security auditing of healthcare data.

Marshall                     Informational                      [Page 1]

RFC 3881         Security Audit & Access Accountability   September 2004

Table of Contents

   1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . .  2

   2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  4

      2.1.  Data Collection . . . . . . . . . . . . . . . . . . . . .  4

      2.2.  Anticipated Data End-uses . . . . . . . . . . . . . . . .  5

      2.3.  Conformance . . . . . . . . . . . . . . . . . . . . . . .  6

   3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  6

      3.1.  Effective Data Gathering. . . . . . . . . . . . . . . . .  6

      3.2.  Efficiency. . . . . . . . . . . . . . . . . . . . . . . .  7

   4. Trigger Events. . . . . . . . . . . . . . . . . . . . . . . . .  8

      4.1.  Security Administration . . . . . . . . . . . . . . . . .  8

      4.2.  Audit Administration and Data Access. . . . . . . . . . .  9

      4.3.  User Access . . . . . . . . . . . . . . . . . . . . . . . 10

   5. Data Definitions. . . . . . . . . . . . . . . . . . . . . . . . 13

      5.1.  Event Identification. . . . . . . . . . . . . . . . . . . 13

      5.2.  Active Participant Identification . . . . . . . . . . . . 17

      5.3.  Network Access Point Identification . . . . . . . . . . . 20

      5.4.  Audit Source Identification . . . . . . . . . . . . . . . 22

...