ISO TS 27790-2009 Health informatics - Document registry framework《保健信息学 文件登记框架》.pdf

1、 Reference number ISO/TS 27790:2009(E) ISO 2009TECHNICAL SPECIFICATION ISO/TS 27790 First edition 2009-12-01 Health informatics Document registry framework Informatique de sant Cadre denregistrement de document ISO/TS 27790:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In acco

2、rdance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes l

3、icensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for prin

4、ting. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2009 All rights reserved. Unless otherwis

5、e specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright of

6、fice Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2009 All rights reservedISO/TS 27790:2009(E) ISO 2009 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative refer

7、ences2 3 Terms and definitions .2 4 Abbreviated terms .9 5 Document registry framework .10 5.1 General structure of the framework 10 5.2 Information model (ebRIM) and services (ebRS) web services10 5.3 Cross-enterprise document sharing (IHE-XDS) .10 5.4 Document separation XDS extension .12 5.5 Pati

8、ent identification, security and privacy profiles 12 5.6 Document content profiles.12 Annex A (informative) Korean National Extension to IHE IT Infrastructure Technical Framework CDA Document Separation - XDS Extension14 Bibliography23 ISO/TS 27790:2009(E) iv ISO 2009 All rights reservedForeword ISO

9、 (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical com

10、mittee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrot

11、echnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the mem

12、ber bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, a technical committee may decide to publish other types of docum

13、ent: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is approved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specification (ISO/TS) represen

14、ts an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised

15、to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn. Attention is drawn to the possibility that some of the elements of t

16、his document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TS 27790 was prepared by Technical Committee ISO/TC 215, Health informatics. ISO/TS 27790:2009(E) ISO 2009 All rights reserved vIntroduction Development and implemen

17、tation of electronic health records (EHR) are rapidly progressing around the world. An appropriate deployment of EHR will enhance various aspects of healthcare delivery in the future. EHR are thought to enable the provision of essential care information to providers at point-of-care through informat

18、ion and telecommunications technologies. This includes a broad spectrum of capabilities including acquisition, storage, presentation, and management of patient information (represented in different digital forms such as video, audio or data) and communication of this information between care facilit

19、ies with the use of communications links. Recent development of health information exchange where the patients EHR are accessed securely whenever necessary (sharing EHR information at point-of-care and by the consumer citizen) requires that electronic health records of an individual, although they o

20、riginate from various health-related subjects distributed over space and time, remain accessible irrespective of their centralized or distributed storage. The use of centralized registry systems pointing to such records can greatly facilitate the discovery of their locations to allow effective acces

21、s to the appropriate and secured EHR. This Technical Specification describes the principles and specification of interoperability needed to support a registry system for locating and accessing records grouped into documents. The supported documents may contain any type of person-centric health infor

22、mation, structured or not, depending on the standard used for their content. The clinical document architecture (CDA) is one such standard that is a likely companion to this Technical Specification. This Technical Specification does not address the security and privacy considerations in detail but r

23、efers to related work in this critical area. The specification is not intended to be prescriptive either from a methodological or a technological perspective but rather to provide a coherent inclusive description of principles and practices that could facilitate the formulation of policies and gover

24、nance practices locally or nationally. TECHNICAL SPECIFICATION ISO/TS 27790:2009(E) ISO 2009 All rights reserved 1Health informatics Document registry framework 1 Scope This Technical Specification specifies a general-purpose document registry framework for transmitting, storing and utilizing docume

25、nts in clinical and personalized health environments. It is quite broad in its applicability to realise the goal of sharing health-related documents spanning a broad spectrum of health domains such as healthcare specialities covering laboratory, cardiology, eye care, etc. and the many areas of perso

26、nalized health. This web services-based registry framework includes a document registry and associated repository to allow the sharing of any form of health documents including HL7 CDA (clinical document architecture). It specializes in health, W3C Web Services Standards, ISO 15000 (ebXML registry s

27、tandards) and OASIS ebXML Registry Information Model 3.0 through the use of the IHE Cross-Enterprise Document Sharing (XDS) from the Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) technical framework, quoting from the Cross-Enterprise Document Sharing (XDS) P

28、rofile: “The Cross-Enterprise Document Sharing IHE Integration Profile facilitates the registration, distribution and access across health enterprises of patient and citizen electronic health records. Cross-Enterprise Document Sharing (XDS) is focused on providing a standards-based specification for

29、 managing the sharing of documents between all health enterprises, ranging from private physician offices to clinics to acute care in-patient facilities to personal heath record systems. The XDS IHE Integration Profile assumes that these enterprises belong to one or more affinity domains. An affinit

30、y domain is a group of healthcare enterprises that have agreed to work together using a common set of policies and that share a common registry infrastructure.” This Technical Specification also supports document registration and retrieval via the federation of documents registries (see IHE Cross-Co

31、mmunity Access) in terms of individual users to reduce health information extrusion possibilities. This Technical Specification supports the sharing of documents of any standardized content in the context of healthcare and well-being. It describes the means of locating and accessing documents among

32、a diverse set of health organizations. It is designed for leverage of existing health informatics for structuring and semantically rich health information, if so desired. It does not require the development of new health informatics standards. This Technical Specification also references a number of

33、 companion standards-based specifications that offer optional extensions to enhance the basic capabilities offered by IHE XDS, as listed below. 1) An XDS extension supporting the fragmentation of the content of the documents into two parts: a header fragment and a body fragment. This separation sche

34、me enhances confidentiality because the gathering of both header and body and their relational information involves cracking into multiple repository servers. This has been developed as an IHE Korean Extension on the IHE XDS Profile. NOTE 1 The incremental effectiveness achieved by header/body separ

35、ation will have to be re-evaluated once the effectiveness of the security solutions to protect data at rest (e.g. encryption) has been finalized. 2) A series of security- and privacy-related IHE profiles, such as Patient Identification Cross- Referencing (PIX), Patient Demographics Query (PDQ), Basi

36、c Patient Privacy Consent (BPPC), and Cross-Enterprise User Assertion (XUA). NOTE 2 The use of IHE Audit trail and Node Authentication (ATNA) as well as Consistent Time (CT) is required as part of IHE XDS. These Profiles are therefore not listed above. ISO/TS 27790:2009(E) 2 ISO 2009 All rights rese

37、rved2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. OASIS Standards/ISO/TS

38、 15000 (all parts), Electronic business eXtensible Markup Language (ebXML) ebXML RIM V 3.0, OASIS ebXML Registry Information Model ebXML RS V 3.0, OASIS ebXML Registry Service Specification IHE IT Infrastructure Framework IHE ITI-TF-1 IHE IT Infrastructure Technical Framework V5.0: Cross-enterprise

39、Document Sharing (XDS.b) Integration profile Audit Trail and Node Authentication (ATNA) Integration profile Consistent Time (CT) Integration profile Extensible Markup Language (XML) 1.0 W3C Recommendation, http:/www.w3c.org/TR/REC-xml SOAP Version 1.2 specification, http:/www.w3.org/TR/soap12-part1/

40、, March 2004 SOAP Message Transmission Optimization Mechanism http:/www.w3.org/TR/soap12-mtom/ WSDL 1.1 Note http:/www.w3.org/TR/wsdl 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. Only key terms and definitions are provided in this clause. 3.1

41、access control means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways 3.2 accountability property that ensures that the actions of an entity may be traced uniquely to that entity 3.3 actor user of the system-of-interest interac

42、ting with the system in a particular usage context (role) 3.4 agent device that provides data in a manager/agent communicating system 3.5 architecture that set of design artefacts or descriptive representations that are relevant for describing an object such that it can be produced to requirements (

43、quality) as well as maintained over the period of its useful life (change) ISO/TS 27790:2009(E) ISO 2009 All rights reserved 33.6 archival relating to the storage of data over a prolonged period 3.7 attestation process of certifying and recording legal responsibility for a particular unit of informa

44、tion 3.8 authentication act of verifying the claimed identity of an entity 3.9 authorization granting of rights, including the granting of access based on access rights 3.10 availability in computer science property of data or of resources being accessible and usable on demand by an authorized entit

45、y 3.11 class description of a set of objects that share the same attributes, methods and associations 3.12 clinical process steps that are involved in the delivery of healthcare services to a patient/consumer 3.13 clinician healthcare professional who delivers healthcare services directly to a patie

46、nt/consumer 3.14 confidentiality property that information is not made available or disclosed to unauthorized individuals, entities or processes 3.15 consumer person requiring, scheduled to receive, receiving or having received a healthcare service 3.16 controller natural or legal person, public aut

47、hority, agency or any other body that, alone or jointly with others, determines the purposes and means of the processing of personal data 3.17 data aggregation process by which information is collected, manipulated and expressed in summary form NOTE Data aggregation is primarily performed for report

48、ing purposes, policy development, health service management, research, statistical analysis and population health studies. 3.18 data format arrangement of data in a file or stream ISO/TS 27790:2009(E) 4 ISO 2009 All rights reserved3.19 data integrity property that data have not been altered or destr

49、oyed in an unauthorized manner ISO 7498-2:1989, definition 3.3.21 3.20 data object collection of data that have a natural grouping and may be identified as a complete entity 3.21 data structure manner in which application entities construct the data set information resulting from the use of an information object 3.22 data subjects consent any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed 3.23 data validation proc