1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 18308:2011Health informatics Requirements for an electronichealth record architectureBS ISO 18308:2011 BRITISH STANDARDNational forewordThis British Standard is the UK imp
2、lementation of ISO 18308:2011. It supersedes DD ISO/TS 18308:2004, which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee IST/35, Health informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publica
3、tion does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 65575 3 ICS 35.240.80 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the
4、 authority of the Standards Policy and Strategy Committee on 30 June 2011.Amendments issued since publicationDate T e x t a f f e c t e dBS ISO 18308:2011Reference numberISO 18308:2011(E)ISO 2011INTERNATIONAL STANDARD ISO18308First edition2011-04-15Health informatics Requirements for an electronic h
5、ealth record architecture Informatique de sant Exigences relatives une architecture de lenregistrement lectronique en matire de sant BS ISO 18308:2011ISO 18308:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced
6、 or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01
7、 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2011 All rights reservedBS ISO 18308:2011ISO 18308:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Notation 1 3 Terms and definitions .1 4 Abbreviations.7 5 E
8、HR business objectives7 5.1 Introduction7 5.2 Health system objectives .7 5.3 Clinical practice objectives 9 5.4 Citizen inclusion objectives .9 6 Requirements for an electronic health record architecture10 6.1 Requirements for the representation of clinical information10 6.2 Communication and inter
9、operability requirements.16 6.3 Ethical and legal requirements 17 6.4 Fair information principles .20 Bibliography23 BS ISO 18308:2011ISO 18308:2011(E) iv ISO 2011 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bod
10、ies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organization
11、s, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the I
12、SO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the
13、 member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 18308 was prepared by Technical Committee ISO/TC 215, Health infor
14、matics. This first edition cancels and replaces ISO/TS 18308:2004, of which it constitutes a technical revision. BS ISO 18308:2011ISO 18308:2011(E) ISO 2011 All rights reserved vIntroduction Context This International Standard defines the set of requirements that shall be met by the architecture of
15、systems and services processing, managing and communicating electronic health record (EHR) information. This is in order to ensure that these EHRs are faithful to the needs of healthcare delivery, are clinically valid and reliable, are ethically sound, meet prevailing legal requirements, support goo
16、d clinical practice and facilitate data analysis for a multitude of purposes. For the purposes of this International Standard, the EHR is defined as: “one or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health and healt
17、hcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model. Its primary purpose is the support of life-long, effective, high quality and safe inte
18、grated healthcare.” To complement this definition, the ideal vision of health (and consequently health information) is reflected in the WHO definition from 19461): “Health is a state of complete physical, mental and social well-being and not merely the absence of disease or infirmity.” The scope of
19、the EHR is recognized as being broader than the documentation of illnesses and their prevention and treatment. The systems and services that are deemed potential contributors to an EHR will increasingly include systems capturing complementary therapy, wellness, and home care information in addition
20、to the conventional clinical systems within healthcare provider organizations. The notion of the personal health record (PHR)2)is also maturing internationally and, while this International Standard does not specifically focus on the PHR, its requirements have been deliberately worded to be inclusiv
21、e of the PHR in general terms, i.e. most of these EHR requirements will also apply to the PHR. It is recognized, as a limitation, that no authoritative source of requirements has been found for the records of any of the complementary or traditional forms of healthcare practised internationally. Inde
22、ed, a recent literature review has suggested that there is a real lack of published work on the use of electronic health records within complementary healthcare or on the sharing of these health records (paper or electronic) with allopathic medicine23. It is equally the case that there is a lack of
23、consensus requirements for systems to support wellness, social, and home care, but these systems will increasingly play an interactive role with EHRs, and information in them might become part of the EHR. This International Standard is intended to be used when designing the architecture of health in
24、formation services that incorporate or interact with electronic health record systems (EHR-Ss) or repositories. 1) WHO. Preamble to the Constitution of the World Health Organization as adopted by the International Health Conference, New York, 19-22 June 1946, and entered into force on 7 April 1948.
25、Available from: http:/www.who.int/governance/eb/who_constitution_en.pdf 2) The personal health record is generally taken to mean a health record whose content is primarily managed by an individual, while the EHR is generally taken to mean a health record that is controlled and managed by a healthcar
26、e provider (organization or person), but to which the subject of care normally has certain rights. It is recognized that a clear distinction does not always exist between these kinds of records. BS ISO 18308:2011ISO 18308:2011(E) vi ISO 2011 All rights reservedEHR architectures The requirements in t
27、his International Standard relate to shared EHR information sometimes referred to as the “shared health record” (SHR), “shared care record” (SCR), or “health information exchange” (HIE) and those aspects of governance within and between EHR systems that may be used to support and coordinate patient-
28、centred continuity of care. The EHR for a subject of care might be scattered physically across multiple (discrete or interconnected) clinical systems and repositories, each of which will hold and manage a partial EHR for each of its subjects of care, scoped according to the service or community sett
29、ings, clinical domains and time periods of use of that system in the life of each person. The use of distributed computing mechanisms could permit a more holistic EHR to be realized, subject to relevant permissions. This holistic EHR will sometimes be stored and regularly updated in a centralized EH
30、R repository (e.g. through a national e-health infrastructure), might be organized and accessed according to national indexing structures, or might only materialize just in time as a result of distributed querying across a distributed set of repositories. The formal (structural and functional) descr
31、iption of a system of components and services for recording, retrieving, and handling information in EHRs is known as an EHR architecture: this International Standard therefore defines the requirements for an EHR architecture (EHRA). The Open Group Architecture Framework (TOGAF)3)explains an archite
32、cture as: “a formal description of a system, organized in a way that supports reasoning about the structural properties of the system. It defines the system components or building blocksand provides a plan from which products can be procured, and systems developed, that will work together to impleme
33、nt the overall system.” This International Standard is not concerned with the specific requirements that individual (localized) applications and EHR repositories and services need to meet, but with the common set of requirements that ALL shall meet in order to permit their EHR data to be safely comm
34、unicated and combined to form richer and more complete EHRs. It is therefore primarily concerned with the EHR from the perspective of a user or purchaser, and corresponds to the RM-ODP enterprise viewpoint perspective (reference model of Open Distributed Processing ISO/IEC 10746-1) rather than its t
35、echnical specification. It should be noted that the progressive adoption of electronic health records and systems globally will often be complemented by other changes to the business processes of healthcare and health services, some of which might be mediated through the functions and workflows of E
36、HR systems, and other changes effected through training and the development of new staff roles and new healthcare resources. The business objectives defined in Clause 5 are likely to require a holistic approach to their realization rather than to arise as a direct result of the EHR in isolation. EHR
37、 architecture and EHR system requirements An EHR system will comprise one or more data repositories, directory services listing human and other resource entities, knowledge services containing terminological systems, care pathways and workflows, end user applications, reporting modules, security ser
38、vices, etc. The requirements for an EHR system relate closely to the functionality that end users will experience directly, and will reflect the business processes to be supported at the care setting in which the system is deployed. In contrast, an EHRA focuses on the infrastructure (the structure a
39、nd functional relationships of components) managing the health information assets, which might include multiple EHR systems and repositories, and other systems that are beyond the scope of a single care setting (such as national registries of healthcare professionals). Inevitably, though, some requi
40、rements for EHR systems and EHR architectures will be common. A separate and complementary International Standard, ISO/HL7 10781:2009, the HL7 EHR-S functional model, defines the requirements that shall be met by individual EHR systems. The authors of this International Standard and ISO/HL7 10781:20
41、09 have reviewed both standards and verified that there are no conflicting requirements between them. It has not been possible to produce a detailed mapping of common themes, because the requirements statements are expressed at different levels of granularity between the two 3) See http:/www.opengro
42、up.org/togaf/ for more information. BS ISO 18308:2011ISO 18308:2011(E) ISO 2011 All rights reserved viiInternational Standards. However, it is recognized that a more precise indication of overlap is a desirable future strategy for both International Standards, when they are next due for revision. IS
43、O has two complementary documents that specify the requirements of good practice for a clinical data warehouse: ISO/TR 22221 and ISO/TS 29585. These publications clarify good practice in information governance, the protection of privacy, the handling of metadata, management of data quality and gener
44、al architectural principles. It is anticipated that many clinical data warehouses, used for health system quality monitoring, research and data mining, will be derived from EHR repositories, and many of the information provenance and governance requirements overlap. It is also possible for data flow
45、s to work in the opposite direction: for a clinical data warehouse to feed an EHR. There is growing interest internationally in exploring how best to unify these two functions within a single implemented repository; in this case, the requirements and principles for both an EHR architecture and a cli
46、nical data warehouse will need to be met. Approach to defining these requirements This International Standard updates and replaces ISO/TS 18308:2004, the first normative set of comprehensive requirements for an EHR architecture. Much has been learned since 2004, and several other complementary stand
47、ards relating to the EHR have been published or are in development. Whereas ISO/TS 18308:2004 drew on and synthesized a significant body of requirements published by research and national projects, this International Standard has been able additionally to draw on a now more mature experience base in
48、 the design and use of EHR systems and early experience of large scale e-health infrastructures. Further, it has been possible to build on work done to develop other EHR quality and interoperability standards such as ISO 13606, HL7 v3 Clinical Document Architecture, HL7 v3 Care Provision Message for
49、 Record Exchange, the HL7 EHR System Functional Model, and the work of the openEHR Foundation. The inputs to this International Standard have therefore included expertise from many standards developers, as well as member bodies who now have experience using ISO/TS 18308:2004. Requirements statements for computer systems and software should ideally comply with IEEE 830-1998, and should be verifiable, traceable, unambiguous, correct, and relevant. Many of the requirements in this International Standard, particularly those in the ethico-legal c
