1、DD ISO/TS21547:2010ICS 35.240.80NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWDRAFT FOR DEVELOPMENTHealth informatics Security requirementsfor archiving ofelectronic healthrecords PrinciplesThis Draft for Developmentwas published under theauthority of the StandardsPolicy and
2、StrategyCommittee on 31 March2010. BSI 2010ISBN 978 0 580 63721 6Amendments/corrigenda issued since publicationDate CommentsDD ISO/TS 21547:2010National forewordThis Draft for Development is the UK implementation of ISO/TS21547:2010.This publication is not to be regarded as a British Standard.It is
3、being issued in the Draft for Development series of publications andis of a provisional nature. It should be applied on this provisional basis,so that information and experience of its practical application can beobtained.Comments arising from the use of this Draft for Development arerequested so th
4、at UK experience can be reported to the internationalorganization responsible for its conversion to an international standard.A review of this publication will be initiated not later than 3 years afterits publication by the international organization so that a decision can betaken on its status. Not
5、ification of the start of the review period will bemade in an announcement in the appropriate issue of Update Standards.According to the replies received by the end of the review period,the responsible BSI Committee will decide whether to support theconversion into an international Standard, to exte
6、nd the life of theTechnical Specification or to withdraw it. Comments should be sent tothe Secretary of the responsible BSI Technical Committee at BritishStandards House, 389 Chiswick High Road, London W4 4AL.The UK participation in its preparation was entrusted to TechnicalCommittee IST/35, Health
7、informatics.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisionsof a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immu
8、nityfrom legal obligations.DD ISO/TS 21547:2010Reference numberISO/TS 21547:2010(E)ISO 2010TECHNICAL SPECIFICATION ISO/TS21547First edition2010-02-15Health informatics Security requirements for archiving of electronic health records Principles Informatique de sant Exigences de scurit pour larchivage
9、 des dossiers de sant lectroniques Principes DD ISO/TS 21547:2010ISO/TS 21547:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licens
10、ed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the
11、 software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to
12、 it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2010 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopyi
13、ng and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerla
14、nd ii ISO 2010 All rights reservedDD ISO/TS 21547:2010ISO/TS 21547:2010(E) ISO 2010 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references2 3 Terms and definitions .2 3.1 General terms 2 3.2 Security services terms 5 4 Abbreviated terms .8 5 General .9 6 EHR-
15、archive and eArchiving process .10 6.1 EHR and record .10 6.2 Archiving 12 6.3 EHR-archive .13 6.4 Backup versus EHR-archive 14 6.5 Elements of the EHR-archive .14 6.6 Types of EHR-archive .15 6.7 Online storage .17 6.8 The eArchiving process for EHRs .17 6.9 eArchiving process and records managemen
16、t 19 7 Environment of the EHR-archive .21 8 Policies and responsibilities 22 8.1 Responsibilities .22 8.2 Policies .24 9 Security and privacy protection architecture.25 10 Security and privacy protection requirements for the eArchiving process25 10.1 Overview.25 10.2 Policies and responsibilities 26
17、 10.3 Requirements derived from legislation.27 10.4 Requirements for availability .30 10.5 Requirements for integrity34 10.6 Requirements for confidentiality .36 10.7 Requirement for non-repudiation 37 Annex A (informative) Framework for long-term archiving of EHRs in Finland.39 Annex B (informative
18、) Framework for digital archiving of health records in the UK.45 Annex C (informative) Framework for digital archiving of health records in Japan53 Annex D (informative) Framework for digital archiving of health records in the USA Rules and requirements derived from HIPAA.56 Annex E (informative) Co
19、mparison of ISO 15489-1 and ISO/TS 21547 security requirements for archiving of electronic health records 59 Annex F (normative) Summary of normative requirements .71 Bibliography76 DD ISO/TS 21547:2010ISO/TS 21547:2010(E) iv ISO 2010 All rights reservedForeword ISO (the International Organization f
20、or Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has th
21、e right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. Internat
22、ional Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication
23、 as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, a technical committee may decide to publish other types of document: an ISO Publicly Available Spe
24、cification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is approved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specification (ISO/TS) represents an agreement between the member
25、s of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised to become an International Standar
26、d, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn. Attention is drawn to the possibility that some of the elements of this document may be the subject of
27、 patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TS 21547 was prepared by Technical Committee ISO/TC 215, Health informatics. DD ISO/TS 21547:2010ISO/TS 21547:2010(E) ISO 2010 All rights reserved vIntroduction The healthcare industry is faced with
28、the challenge of reducing costs by moving from paper-based processes to automated electronic processes. New models of healthcare delivery emphasise the need for patient information to be shared among a growing number of specialist healthcare providers and across traditional organizational boundaries
29、. Paper-based patient records have traditionally been stored in archives which were once located near work sites; however, it is now common that these documents are located in the organizations centralized archive. Due to lack of space or to ensure safekeeping, paper data from archives have been tra
30、nsferred to microfilm. When patient data are transferred to an electronic format, data are either maintained in a simple database or on paper printouts in an archive. During the past few years, electronic archives independent of basic systems have been created, such as DICOM a standard archival syst
31、em for medical images. An electronic archive can become a shared information storage system, an archive containing different software and even different organizations. Centralized administration provides opportunities for managing good data security and utilization of archival information in accorda
32、nce with the patients requests. Electronic data storage is threatened by the same basic hazards as paper storage. Data can disappear or the ability to read and understand it can be lost. Electronic media such as magnetic tapes, diskettes and hard disks can break, be destroyed or get lost. We only ha
33、ve a few decades of experience as to their durability. Merely retaining the media does not guarantee that the data will be available. As computer hardware and software are quickly upgraded, older, yet still-functioning media cannot be used with current readers or software because they are no longer
34、able to read the stored data. With the development of technology, we must be prepared to transfer old data to new media whenever necessary. Data structures must also be converted or else unstructured data must be used. Issues of stability and integrity threaten the storage of electronic data more th
35、an paper-based data. The unlawful usurping or copying of data must also be effectively prevented. Electronic patient records must be available throughout their whole lifecycle. The need to access patient records regardless of place and time has increased data transfer between service provider organi
36、zations and healthcare professionals within the last few years. Particularly, data transfer involving different software has greatly increased over the past few years. The objective to reinforce patient rights to self-determination and participation in healthcare at its different stages invites the
37、opportunity for the patient to gain more information concerning his or her care. An EHR-archive (web-based, regionally centralized or organization-specifically distributed) can manage the aforementioned data usage and transfer needs in a cost-effective and information-secure way. The use of health s
38、ervices across national borders is continuously increasing due to mobility of inhabitants, internationalization of companies and virtualization of health services. In cases where the EHR-archive discloses records over borderlines, it is necessary that the archive be trusted. The healthcare environme
39、nt is unique. Any information system planned for use in this domain should understand healthcare-specific features such as: specific ethical and legal environments; in cases where personal health information is accessed, used or disclosed, privacy protection should be taken into account; strong regu
40、lations for who can access or disclose healthcare records, when and for what purpose; DD ISO/TS 21547:2010ISO/TS 21547:2010(E) vi ISO 2010 All rights reserved in many countries, citizens/patients have the right to control the use or disclosure of their records using opt-out and/or consent methods; c
41、itizens/patients can have the right to know who has used their electronic health records (EHRs) and for what purpose; health service providers or service provider organizations have the responsibility for managing the records; EHRs have a very long preservation time; EHR content is sensitive and has
42、 specific context and purpose; EHR content can grow (e.g. be dynamic) during the preservation time; specific responsibilities for EHR management or use; the information content of the EHR has context, purpose and sensitivity based access and disclosure rules; the nature of the EHR or its parts can c
43、hange during the preservation time; EHR content should be understandable during the whole preservation time; for confidentiality and legal purposes, it might be necessary to prove the non-repudiation of events occurring during the preservation time of the EHR. Not all of the above-mentioned features
44、 are unique for healthcare. Features described are common for most countries in the world, but there are also variations depending on national regulatory and normative environments. In any case, it is clear that healthcare forms a unique environment for records management and archiving. Digital arch
45、iving is not a healthcare-specific question. Digital libraries and many other organizations are developing both the necessary technology and the requirements for digital archiving. However, based on the unique nature of healthcare information, the following healthcare-specific questions remain to be
46、 solved: a) health information has a very long preservation time (up to 100+ years); b) the content (e.g. data objects/documents) of the EHR can be dynamic during its lifetime (e.g. the service provider can add new fixed parts to the record before it is sent to the eArchive); c) data content is sens
47、itive; d) a high degree of security, confidentiality and privacy protection is required; e) there is a strong legal framework regulating who can access, what and when; f) data objects have context, purpose and sensitivity based access/disclosure rules; g) the nature of data can be legal for a given
48、period; h) non-repudiation of data and evidence should be secured during the whole preservation time. Standards already exist for long-term preservation of digital documents. For example ISO 14721 defines a reference model for open archival information systems (OAIS). The ISO 15489 series, clearly s
49、hows how any organization can systematically and effectively improve their record-keeping. ISO 19005-1 defines a standard file format for preservation. DD ISO/TS 21547:2010ISO/TS 21547:2010(E) ISO 2010 All rights reserved viiMany countries have already developed frameworks or “codes of practice” for preservation of health records (Annexes B to F). It is possible, based on already existing standards and national frameworks, to develop an international standard and guidelines, setting requirements for the se
