1、BSI Standards Publication Health informatics Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information PD ISO/TS 17975:2015National foreword This Published Document is the UK implementation of ISO/TS 17975:2015. The UK participation in its prepa
2、ration was entrusted to Technical Committee IST/35, Health informatics. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct ap
3、plication. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 79720 0 ICS 35.240.80 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Stra
4、tegy Committee on 31 October 2015. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD ISO/TS 17975:2015 ISO 2015 Health informatics Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information Informatique de sa
5、nt Principes et exigences des donnes pour le consentement dans la collecte, lutilisation ou la divulagation dinformations de sant personnelles TECHNICAL SPECIFICATION ISO/TS 17975 Reference number ISO/TS 17975:2015(E) First edition 2015-09-15 PD ISO/TS 17975:2015 ISO/TS 17975:2015(E)ii ISO 2015 All
6、rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the intern
7、et or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 c
8、opyrightiso.org www.iso.org PD ISO/TS 17975:2015 ISO/TS 17975:2015(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 2 3 T erms and definitions . 2 4 Symbols and abbreviated terms . 7 5 Consent requirements 7 5.1 General . 7 5.2 What is Informational Consent? 8 5.3 Consent to Treatment
9、 versus Informational Consent . 8 5.4 How consent relates to privacy, duty of confidence and to Authorization 8 5.5 Relationship of consent to OECD Guidelines . 9 5.6 Relationship of consent to legislation . 9 5.7 Expectations and rights of the individual .10 5.8 Consent Directives 10 5.9 Consent is
10、 related strongly to Purpose of Use 10 5.10 Consent to Collect and Use versus Consent to Disclose 11 5.11 Consent is applicable to specified data .12 5.12 Consent related to Disclosure .12 5.13 Exceptional access 12 5.14 Challenges associated with obtaining consent .13 6 Consent frameworks 13 6.1 Gi
11、ving consent meaning .13 6.2 Types of consent .15 6.3 Detailed requirements .16 6.3.1 Express or Expressed (informed) Consent 16 6.3.2 Implied (Informed) Consent .18 6.3.3 No Consent Sought 19 6.3.4 Assumed Consent (Deemed Consent) 20 7 Mechanisms and process: Denial, Opt-in and Opt-out, and Overrid
12、e 21 7.1 Express or Expressed (and Informed) Denial .21 7.2 Opt-in and Opt-out 22 7.2.1 Opt-in 22 7.2.2 Opt-out.22 7.3 Override .22 8 Minimum data requirements .22 Annex A (informative) Consent framework diagrams .24 Annex B (informative) Jurisdictional implementation examples 30 Bibliography .34 IS
13、O 2015 All rights reserved iii Contents Page PD ISO/TS 17975:2015 ISO/TS 17975:2015(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out t
14、hrough ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO colla
15、borates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approv
16、al criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the su
17、bject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any tr
18、ade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the
19、Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/TC 215, Health informatics.iv ISO 2015 All rights reserved PD ISO/TS 17975:2015 ISO/TS 17975:2015(E) Introduction This Technical Specification (TS) defines
20、 several frameworks for Informational Consent in healthcare (i.e. Consent to Collect, Use or Disclose personal health information). These are frequently used by organizations who wish to obtain agreement from individuals 1)in order to process their personal health information. Requirements arising f
21、rom good practices are specified for each framework. Adherence to these requirements will ensure the individual, as well as the parties who process personal health information, that consent to do so has been properly obtained and correctly specified. This Technical Specification covers situations in
22、volving Informational Consent in routine healthcare service delivery. There may be situations involving new and possibly difficult circumstances which are not covered in detail, but even in these situations the principles herein can still form the basis for potential resolution. As described in 5.6,
23、 none of the frameworks described are legally mandated, and it is important to note that a jurisdictions laws might align with one, some or even none of the frameworks described. While this Technical Specification seeks to describe what are commonly accepted as the requirements for a given framework
24、, a jurisdictions legal requirements may supersede the requirements described herein, and so might not permit the requirements as described to be applied absolutely. In order to align with internationally accepted privacy principles, this Technical Specification is based on two international agreeme
25、nts. The first is the set of privacy principles specified by the Organization for Economic Co-operation and Development and known as the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These principles form the basis for legislation in many jurisdictions, and for
26、 policies addressing privacy and data protection. International policy convergence around these privacy principles has continued since they were first devised. The principles require the consent of the individual for data processing activities. The second international agreement used is the Declarat
27、ion of Helsinki, which is used to define essential characteristics of best practices in Informational Consent management. The Declaration is a set of ethical principles regarding human experimentation. It was developed for the medical community by the World Medical Association (WMA) and is widely re
28、garded as a cornerstone document of human research ethics. While this agreement applies directly to research on human subjects, it is intimately related to data processing, and can therefore be readily applied to the detailed requirements for Informational Consent management. It is important to note
29、 that in the context of the Declaration of Helsinki, the characteristics of Informational Consent were defined and developed over a number of revisions in order to remain relevant to contemporary society. This Technical Specification specifies that a record be retained of the set of agreements and c
30、onstraints granted via an Informational Consent process, and that the results of that process be made available to other parties to whom the corresponding personal health information is subsequently disclosed (see 5.10). It also defines a list of essential characteristics that the Informational Cons
31、ent record should possess. These characteristics can be represented within information handling policies and used as part of an automated negotiation between healthcare information systems to regulate processing and exchange of personal health information. Interoperability standards and their progre
32、ssive adoption by e-health programmes expand the capacity for information systems to capture, use and exchange clinical data. For this to occur on a wide scale, the majority of decisions regarding the processing of data will need to take place computationally and automatically. This will in turn req
33、uire privacy policies to be defined in ways that are themselves interoperable, so that interactions between heterogeneous systems and services are consistent from a security perspective and supportive of policy (bridging) decisions regarding the processing of personal health information. A list of d
34、efined essential characteristics make up the record of the agreements granted via an Informational Consent process so as to be made available to those who wish to use the data, as well 1) Various terms are used to refer to the recipients of healthcare services. The terms patients, subjects of care,
35、data subjects, persons or clients are all used, depending upon the relationship of the individual with the data collector and the circumstances or setting of the transaction. The term individual is used to represent a person who is a subject of care and a data subject. ISO 2015 All rights reserved v
36、 PD ISO/TS 17975:2015 ISO/TS 17975:2015(E) as to other parties to whom the corresponding personal health information is subsequently disclosed. These characteristics might therefore be represented within policies used as part of an automated negotiation between healthcare information systems to regu
37、late processing and exchange of personal health information. Once consent agreement has been reached, allowable constraints defined, and the authority for the organization to collect and use or to disclose data has been established, security processes are needed to support maintenance of the consent
38、 documentation itself. Security protects the data that the organization has the authority to collect and to hold. Why standardization of consent terminology and frameworks is desirable The specific practices applied in obtaining and using Informational Consent vary among jurisdictions and among heal
39、thcare service settings because of variations in legislation, subject of care types and intended purposes of use. However, there is an increasing alignment globally on basic privacy principles and on a common understanding of the expectations of individuals in how their personal health data will be
40、accessed, used and shared. International alignment of Informational Consent practices is of growing importance as personal health data are increasingly communicated across organizational and jurisdictional boundaries for clinical care, research and public health surveillance purposes. Agreed represe
41、ntations of Informational Consent frameworks help to clarify requirements for this international alignment. This Technical Specification describes the various Informational Consent frameworks and identifies the normative core principles that are common to all frameworks. This Technical Specification
42、 is not meant to challenge jurisdictional legislation or mandate the adoption of a specific framework. In fact, even where Informational Consent is required under legislation, the component requirements of that consent are not often specified. This Technical Specification seeks to fill that gap. Eve
43、n if two or more parties share a common policy model, this is not sufficient to support policy bridging (automated inter-policy negotiation), as the terms used for each characteristic within the shared policy model also need to be mutually understood between collectors and disclosers of health infor
44、mation. In other words, the characteristics of, and terms used in, the request-for-data policy need to have a computable correspondence with the terms and policies of the disclosing partys policy in order for an automated decision to be made regarding the sharing of data. Clear and consistent use of
45、 Informational Consent frameworks are an important component of that interoperability. This Technical Specification is applicable regardless of frequency or scale of access, Use and Disclosure. However, it does assert that every access, Use and Disclosure be made in accordance with stated policies.
46、It is possible that this might be affected on a per-data-request basis between discrete computational services, or on a per-user-session based on role, or on the basis of batch transfer of data pushed to a business area or activity. For example, claims processing might be permitted without consent a
47、s a direct and necessary purpose associated with healthcare service delivery. In this case, the business activity for which the data are used has a direct relationship to the original Purpose of Use, and purpose matching could be done for each batch transfer rather than for each individual record. T
48、he issue of how frequently the policy services are interrogated would be addressed in accordance with suitable policies applying to transactions or batches. In this way, a policy enforcement point need not consult a policy decision point nor determine consent for each record. The policy is, above al
49、l, an administrative decision that is part of the information governance activity: the policy engine automates the decision within a business activity or business area wherein the datas Purpose of Use and Informational Consent framework will have been predefined. Such pre-specified or predefined uses cannot take place in a rigorously enforced, policy-compliant manner without interoperable policy specifications, which includes the use of consistent Informational Consent frameworks. No particular technical approach for implementing policy services or