How is RBAC used in SUS?

Transcription

1 Role Based Access Control What is RBAC? SUS is a part of the NHS Care Record Service (NCRS) application from the National Programme for IT (NPfIT) and is accessed from the NHS national data network, the NPfIT Spine. Role Based Access Control (RBAC) is an integral part of the NPfIT Spine security process. When users go through the registration process to be granted a Smart Card and then register one or more Role Profiles for use within an application they are using RBAC. By registering a Role Profile details of the organisation for which that individual works and the job role they fulfil can be passed to an application. This job role may be associated with certain business functions and these are also passed to the application and allow or restrict access to certain parts of the application. An individual s Role Profile may also be associated with one or more Work Groups, Areas of Work or Business Functions and so can build up a complex profile of what they are allowed to see and do within an application. The relationship between these is illustrated below. Authorised User UUID Role Profile Organisation Job Role Work Group Area of Work Business Function Page 1 of 7

2 The diagram above shows that the Role Profile can have further structure associated with it to add definition to the profile. For each job role within an organisation; any Work Group(s) of which the Authorised User is a member; there can be zero, one or more Work Groups a Work Group is five numeric characters a Work Group is associated with an Organisation as there are no national agreed codes optional Area(s) of Work within which that user s Job Role may be exercised; there can be zero, one or more Areas of work an Area of Work is three 5 character fields Area of Work must be valid National Workforce Dataset codes optional identification of Business Function(s) that the Authorised User will be permitted to perform; there can be zero, one or more Business Functions; Business Function is a five character numeric code Business Functions are associated with specific applications (such as SUS), these must be agreed with the application designers for any given application User registration and the definition of RBAC is delivered by an organisation s Registration Authority. The details for which can be found at: How is RBAC used in SUS? It is the stated policy of SUS to make historical patient based data available to as wide an audience as possible. SUS provides a secure environment in which these data can be used for all secondary uses such as commissioner planning, audit, research and analysis. SUS will also provide the functions necessary to enable data management and extraction as well as report processing and presentation. As SUS develops and more functions are added, such as support for National Clinical Audit Support Programme (NCASP), then the use of RBAC s functionality will increase. It is likely that Work Groups will be identified which will group together certain functions within an application area. It will also be possible to identify certain job roles that can be associated with business functions within SUS. In this way registering against a given job role will automatically assign the user the correct Activities without the need to identify these individually. Please note that these facilities will not be available within the first SUS release. In future it will also be possible to alter the view of the data which a user is given. In the first delivery of SUS the sensitive data is held as either encrypted or derived values. Work has taken place with various interest groups to Page 2 of 7

3 identify specific examples where access to these data items as clear values is required for uses other than direct patient care. So in the future sensitive data will be made available for specific requirements and access to this data will be tightly controlled using the RBAC facility. Users will need specific permission to register using a small range of Activities which will give access to the sensitive data items for very specific purposes. Registration Why must I register? SUS is an application delivered across the NPfIT Spine. All such applications must work within the security arrangements laid down by the NPfIT team. All users must be registered with the Registration Authority responsible for their organisation. Registration provides each user with a Smart Card and PIN code and registers them on the central system with a Unique User Id (UUID). SUS can only be accessed via a workstation which is configured as a Spine Portal. To make use of the workstation a user must have a Smart Card and PIN code, if the Smart Card is removed at anytime during a work session then that user will be automatically logged out of the session. What else must I do? The first part of the registration process enables a user to log on to a Spine Portal workstation. In addition users must register one or more Role Profiles which give access to the various applications on the Spine of which SUS is one. A Role Profile carries a record of the organisation for which the user works and the job role normally carried out for that organisation. If the user carries out different job roles for a given organisation or works for more than one organisation then they may need to register a Role Profile for each. This depends on the type of work a user wishes to carry out within any given application. Within SUS, for example, if a user wishes only to make use of the on-line query function then they need have only one role profile registered for SUS use. We are currently working on a solution for multiple organisation access by individuals, for example staff working in Health Informatics Services. How do I know what Activities to register for? Within the current version of SUS only the organisation for which a user works and the business functions for which they are registered have any bearing on that user s access to the application. Work groups and areas of work are not used. Within SUS the job role under which a user is registered does not have any direct affect on the data to which they are given access. Page 3 of 7

4 The Activities that a user registers for in SUS are directly linked to the business functions within RBAC. So when that user logs on to SUS the application knows the organisation for which they work and the Activities they are allowed to carry out. At the end of this document is a list of the SUS Activities that can be registered against a Role Profile. They relate directly to the business functions that can be carried out in the SUS application. It should be noted that as the functionality within the SUS application increases then this list will become more comprehensive. Users should ensure that they liaise with their Registration Authority to ensure that they have up-to-date copies of the IG RBAC Control Names and Codes sheet from which this list comes. SUS Activities appear on version 13 or later. Guidance on SUS Activities Query the SUS data sets B1500 All SUS users must register this Activity against their Role Profile. It allows the user to: Access the SUS application from the NPfIT Spine Access the on-line query function View the SIM data mart Please note that: Users will need to register this Activity against all Role Profiles which they intend to use for SUS access. To view additional data marts using the on-line query function users will need to register additional Activities National Data Set Extracts Users who wish to run the predefined queries that produce the NDS extracts as a file to view on screen or download directly to a local workstation must register for one of the Activities which allow this. Execute Commissioner NDS Extract B1505 o Runs the NDS extracts for a given commissioning organisation Execute Provider NDS Extracts B1510 o Runs the NDS extracts for a given NHS Provider These NDS extract functions use the organisation code within the user s Role Profile under which they are currently logged in. If, for example a user registers the Activity B1510 (Execute Provider NDS Extracts) but their organisation is not a provider of NHS services then they will get a blank report returned. Users should therefore ensure that the Activities they register for are reasonable. Page 4 of 7

5 National Data Set Submissions NHS service provider organisations currently submit data to the NHS Wide Clearing Service (NWCS). SUS will replace the functionality of this service. As part of this service a nominated user is ed to notify them that their latest data submission has been received into the first stage of the update process. They then have the opportunity to review the data quality report (DQR) and confirm or reject the data passing through to the next stages. The following activity should be given to this user (and a small group to act as deputies) to enable the DQR to be generated and read within SUS: View Data Quality Reports for Data Submissions B1530 Electronic Data Quality Reporting Service (edqrs) SUS provides all of the functionality of the edqr service. All users of SUS may register for any or all of the following edqrs business functions using the following Activities: Reports (Inpatients) B1535 Reports (Mental Health) B1540 Reports (Outpatients) B1545 Reports Toolkit Service Tracking Reports SUS provides all of the functionality of the service tracking facility. All users of SUS may register for this Activity; Execute Service Tracking Reports B1525 Payment by Results (PbR) SUS provides the functionality to support Payment by Results (PbR) and gives consistent views of the data to support dialogue between commissioning and providing organisations. The PbR function provides access to all of the data necessary to resolve data quality issues between commissioner and provider and carry out reporting and data matching tasks. Authorised users will therefore have access to data in clear for the organisations they represent. The PbR Mart will include data for 2004/5 1 as well as 2005/6 and, in time, will maintain up to 7 years historic data. For a user to be provided with a view of these data from the on-line query function, they must register the following Activity in their User Profile: Query the PbR data sets B Discussions are presently under way about whether 2003/4 data relating to 2004/5 spells should be maintained to support the 2006/7 base lining exercise. Page 5 of 7

6 In addition users may carry out pre defined PbR data extracts dependant on whether they represent a NHS service commissioner or service provider organisation. Where an organisation acts as both, then a user from such an organisation can register for both of the following Activities: Execute PbR Commissioning Extracts B1560 Execute PbR Provider Extracts B1565 Restricted Activities Some Activities are restricted to being run by particular users. For example the following two Activities are run once in a period and the results communicated to the NHS IC. Execute Health Episode Statistics Extracts B1515 Execute Provider Mental Health Minimum Data Set Extracts B1520 They are not functions that will be generally available to users. The guidebook for the RAs has up-to-date information about any such restricted Activities and they will be able to offer further guidance. Further Information SUS: This web site contains up-to-date information about SUS delivery, implementation issues and FAQs. It also contains a full glossary of terms and allows you to submit questions to the SUS help desk. Registration: This NHS web site contains information regarding how to register for using any Spine application and all of the issues regarding the process not covered in this document. Page 6 of 7

7 SECONDARY USES SERVICE (SUS) Activity Name BF Code Activity Description Query the SUS data sets B1500 Allows a user access to the Secondary Uses Service (SUS) and gives access to general repository of historical National Data Set (NDS) data and allows the user to see all Central Returns. Execute Commissioner NDS Extracts B1505 Allows a user to run the predefined standard NDS data extracts for a commissioning organisation within the NHS Execute Provider NDS Extracts B1510 Allows a user to run predefined standard NDS data extracts for a provider organisation within the NHS Execute Health Episode Statistics Extracts Execute Provider Mental Health Minimum Data Set Extracts B1515 B1520 Allows a user to run predefined standard HES data extracts for an organisation within the NHS Allows a user to run predefined standard MHMDS data extracts for an organisation within the NHS Execute Service Tracking Reports B1525 Allows a user to run predefined standard service tracking reports for submitted data View Data Quality Reports for data submissions Reports (Inpatients) Reports (Mental Health) Reports (Outpatients) Reports Toolkit B1530 B1535 B1540 B1545 B1550 Allows a user to view the latest data quality report, for data they have submitted through the Data Transfer Service (DTS), and accept or reject the submission. Allows a user to generate a data quality report against an existing inpatient data set. Allows a user to generate a data quality report against an existing mental health data set. Allows a user to generate a data quality report against an existing outpatient data set. Allows a user access to the edqrs toolkit functions Query the PbR data sets B1555 Allows a user access to the general repository of historical PbR data and the capability to generate ad hoc reports against this database. Execute PbR Commissioning Extracts B1560 Allows a user to run a predefined data extract from the PbR Commissioning data set Execute PbR Provider Extracts B1565 Allows a user to run a predefined data extract from the PbR Provider data set Page 7 of 7