1、DD ISO/TS27790:2009ICS 35.240.80NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWDRAFT FOR DEVELOPMENTHealth informatics Document registryframeworkThis Draft for Developmentwas published under theauthority of the StandardsPolicy and StrategyCommittee on 31 March2010 BSI 2010ISBN
2、 978 0 580 60640 3Amendments/corrigenda issued since publicationDate CommentsDD ISO/TS 27790:2009National forewordThis Draft for Development is the UK implementation of ISO/TS27790:2009.This publication is not to be regarded as a British Standard.It is being issued in the Draft for Development serie
3、s of publications andis of a provisional nature. It should be applied on this provisional basis,so that information and experience of its practical application can beobtained.Comments arising from the use of this Draft for Development arerequested so that UK experience can be reported to the interna
4、tionalorganization responsible for its conversion to an international standard.A review of this publication will be initiated not later than 3 years afterits publication by the international organization so that a decision can betaken on its status. Notification of the start of the review period wil
5、l bemade in an announcement in the appropriate issue of Update Standards.According to the replies received by the end of the review period,the responsible BSI Committee will decide whether to support theconversion into an international Standard, to extend the life of theTechnical Specification or to
6、 withdraw it. Comments should be sent tothe Secretary of the responsible BSI Technical Committee at BritishStandards House, 389 Chiswick High Road, London W4 4AL.The UK participation in its preparation was entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented
7、 on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisionsof a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunityfrom legal obligations.DD ISO/TS 27790:2009
8、Reference numberISO/TS 27790:2009(E)ISO 2009TECHNICAL SPECIFICATION ISO/TS27790First edition2009-12-01Health informatics Document registry framework Informatique de sant Cadre denregistrement de document DD ISO/TS 27790:2009ISO/TS 27790:2009(E) PDF disclaimer This PDF file may contain embedded typef
9、aces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infrin
10、ging Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optim
11、ized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2009 All rights reserved. Un
12、less otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO
13、 copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2009 All rights reservedDD ISO/TS 27790:2009ISO/TS 27790:2009(E) ISO 2009 All rights reserved iiiContents Page Foreword iv Introduc
14、tion.v 1 Scope1 2 Normative references2 3 Terms and definitions .2 4 Abbreviated terms .9 5 Document registry framework .10 5.1 General structure of the framework 10 5.2 Information model (ebRIM) and services (ebRS) web services10 5.3 Cross-enterprise document sharing (IHE-XDS) .10 5.4 Document sepa
15、ration XDS extension .12 5.5 Patient identification, security and privacy profiles 12 5.6 Document content profiles.12 Annex A (informative) Korean National Extension to IHE IT Infrastructure Technical Framework CDA Document Separation - XDS Extension14 Bibliography23 DD ISO/TS 27790:2009ISO/TS 2779
16、0:2009(E) iv ISO 2009 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member b
17、ody interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electro
18、technical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted
19、by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, a technical
20、 committee may decide to publish other types of document: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is approved by more than 50 % of the members of the parent committee casting a v
21、ote; an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it
22、will be confirmed for a further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn. Attention is dr
23、awn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TS 27790 was prepared by Technical Committee ISO/TC 215, Health informatics. DD ISO/TS 27790:2009ISO/TS 27790:20
24、09(E) ISO 2009 All rights reserved vIntroduction Development and implementation of electronic health records (EHR) are rapidly progressing around the world. An appropriate deployment of EHR will enhance various aspects of healthcare delivery in the future. EHR are thought to enable the provision of
25、essential care information to providers at point-of-care through information and telecommunications technologies. This includes a broad spectrum of capabilities including acquisition, storage, presentation, and management of patient information (represented in different digital forms such as video,
26、audio or data) and communication of this information between care facilities with the use of communications links. Recent development of health information exchange where the patients EHR are accessed securely whenever necessary (sharing EHR information at point-of-care and by the consumer citizen)
27、requires that electronic health records of an individual, although they originate from various health-related subjects distributed over space and time, remain accessible irrespective of their centralized or distributed storage. The use of centralized registry systems pointing to such records can gre
28、atly facilitate the discovery of their locations to allow effective access to the appropriate and secured EHR. This Technical Specification describes the principles and specification of interoperability needed to support a registry system for locating and accessing records grouped into documents. Th
29、e supported documents may contain any type of person-centric health information, structured or not, depending on the standard used for their content. The clinical document architecture (CDA) is one such standard that is a likely companion to this Technical Specification. This Technical Specification
30、 does not address the security and privacy considerations in detail but refers to related work in this critical area. The specification is not intended to be prescriptive either from a methodological or a technological perspective but rather to provide a coherent inclusive description of principles
31、and practices that could facilitate the formulation of policies and governance practices locally or nationally. DD ISO/TS 27790:2009DD ISO/TS 27790:2009TECHNICAL SPECIFICATION ISO/TS 27790:2009(E) ISO 2009 All rights reserved 1Health informatics Document registry framework 1 Scope This Technical Spe
32、cification specifies a general-purpose document registry framework for transmitting, storing and utilizing documents in clinical and personalized health environments. It is quite broad in its applicability to realise the goal of sharing health-related documents spanning a broad spectrum of health do
33、mains such as healthcare specialities covering laboratory, cardiology, eye care, etc. and the many areas of personalized health. This web services-based registry framework includes a document registry and associated repository to allow the sharing of any form of health documents including HL7 CDA (c
34、linical document architecture). It specializes in health, W3C Web Services Standards, ISO 15000 (ebXML registry standards) and OASIS ebXML Registry Information Model 3.0 through the use of the IHE Cross-Enterprise Document Sharing (XDS) from the Integrating the Healthcare Enterprise (IHE) Informatio
35、n Technology Infrastructure (ITI) technical framework, quoting from the Cross-Enterprise Document Sharing (XDS) Profile: “The Cross-Enterprise Document Sharing IHE Integration Profile facilitates the registration, distribution and access across health enterprises of patient and citizen electronic he
36、alth records. Cross-Enterprise Document Sharing (XDS) is focused on providing a standards-based specification for managing the sharing of documents between all health enterprises, ranging from private physician offices to clinics to acute care in-patient facilities to personal heath record systems.
37、The XDS IHE Integration Profile assumes that these enterprises belong to one or more affinity domains. An affinity domain is a group of healthcare enterprises that have agreed to work together using a common set of policies and that share a common registry infrastructure.” This Technical Specificati
38、on also supports document registration and retrieval via the federation of documents registries (see IHE Cross-Community Access) in terms of individual users to reduce health information extrusion possibilities. This Technical Specification supports the sharing of documents of any standardized conte
39、nt in the context of healthcare and well-being. It describes the means of locating and accessing documents among a diverse set of health organizations. It is designed for leverage of existing health informatics for structuring and semantically rich health information, if so desired. It does not requ
40、ire the development of new health informatics standards. This Technical Specification also references a number of companion standards-based specifications that offer optional extensions to enhance the basic capabilities offered by IHE XDS, as listed below. 1) An XDS extension supporting the fragment
41、ation of the content of the documents into two parts: a header fragment and a body fragment. This separation scheme enhances confidentiality because the gathering of both header and body and their relational information involves cracking into multiple repository servers. This has been developed as a
42、n IHE Korean Extension on the IHE XDS Profile. NOTE 1 The incremental effectiveness achieved by header/body separation will have to be re-evaluated once the effectiveness of the security solutions to protect data at rest (e.g. encryption) has been finalized. 2) A series of security- and privacy-rela
43、ted IHE profiles, such as Patient Identification Cross-Referencing (PIX), Patient Demographics Query (PDQ), Basic Patient Privacy Consent (BPPC), and Cross-Enterprise User Assertion (XUA). NOTE 2 The use of IHE Audit trail and Node Authentication (ATNA) as well as Consistent Time (CT) is required as
44、 part of IHE XDS. These Profiles are therefore not listed above. DD ISO/TS 27790:2009ISO/TS 27790:2009(E) 2 ISO 2009 All rights reserved2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited appli
45、es. For undated references, the latest edition of the referenced document (including any amendments) applies. OASIS Standards/ISO/TS 15000 (all parts), Electronic business eXtensible Markup Language (ebXML) ebXML RIM V 3.0, OASIS ebXML Registry Information Model ebXML RS V 3.0, OASIS ebXML Registry
46、Service Specification IHE IT Infrastructure Framework IHE ITI-TF-1 IHE IT Infrastructure Technical Framework V5.0: Cross-enterprise Document Sharing (XDS.b) Integration profile Audit Trail and Node Authentication (ATNA) Integration profile Consistent Time (CT) Integration profile Extensible Markup L
47、anguage (XML) 1.0 W3C Recommendation, http:/www.w3c.org/TR/REC-xml SOAP Version 1.2 specification, http:/www.w3.org/TR/soap12-part1/, March 2004 SOAP Message Transmission Optimization Mechanism http:/www.w3.org/TR/soap12-mtom/ WSDL 1.1 Note http:/www.w3.org/TR/wsdl 3 Terms and definitions For the pu
48、rposes of this document, the following terms and definitions apply. Only key terms and definitions are provided in this clause. 3.1 access control means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways 3.2 accountability proper
49、ty that ensures that the actions of an entity may be traced uniquely to that entity 3.3 actor user of the system-of-interest interacting with the system in a particular usage context (role) 3.4 agent device that provides data in a manager/agent communicating system 3.5 architecture that set of design artefacts or descriptive representations that are relevant for describing an object such that it can be produced to requirements (quality) as well as maintained over the period of its useful life (change) DD ISO/TS 27790:2009ISO/TS 27790:2
