ISO 22600定义了管理数据和/或功能的权限和访问控制所需的原则和服务。 它侧重于跨政策领域边界传播和使用卫生信息。这包括通过个人和应用系统（从本地情况到区域甚至国家情况）在非关联的医疗保健提供商、医疗保健组织、医疗保险公司、其患者、员工和贸易伙伴之间共享医疗保健信息。 它规定了必要的基于组件的概念，旨在支持它们的技术实现。它不会具体说明这些概念在特定临床过程路径中的使用。 ISO 22600-3:2014例示了访问控制策略存储库的要求和权限管理基础设施的要求。它提供了ISO 22600？2中规定的正式模型的实施示例。

ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions. It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation. It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways. ISO 22600-3:2014 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO 22600？2.