1、BSI Standards PublicationHealth informatics Principles and data requirements for consent in the Collection, Use or Disclosure of personal health informationPD ISO/TS 17975:2015National forewordThis Published Document is the UK implementation of ISO/TS 17975:2015.The UK participation in its preparati
2、on was entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application
3、. The British Standards Institution 2015.Published by BSI Standards Limited 2015ISBN 978 0 580 79720 0ICS 35.240.80Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee o
4、n 31 October 2015.Amendments/corrigenda issued since publicationDate Text affectedPUBLISHED DOCUMENTPD ISO/TS 17975:2015 ISO 2015Health informatics Principles and data requirements for consent in the Collection, Use or Disclosure of personal health informationInformatique de sant Principes et exigen
5、ces des donnes pour le consentement dans la collecte, lutilisation ou la divulagation dinformations de sant personnellesTECHNICAL SPECIFICATIONISO/TS17975Reference numberISO/TS 17975:2015(E)First edition2015-09-15PD ISO/TS 17975:2015ISO/TS 17975:2015(E)ii ISO 2015 All rights reservedCOPYRIGHT PROTEC
6、TED DOCUMENT ISO 2015, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
7、written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgPD ISO/TS 179
8、75:2015ISO/TS 17975:2015(E)Foreword ivIntroduction v1 Scope . 12 Normative references 23 Terms and definitions . 24 Symbols and abbreviated terms . 75 Consent requirements 75.1 General . 75.2 What is Informational Consent? 85.3 Consent to Treatment versus Informational Consent . 85.4 How consent rel
9、ates to privacy, duty of confidence and to Authorization 85.5 Relationship of consent to OECD Guidelines . 95.6 Relationship of consent to legislation . 95.7 Expectations and rights of the individual . 105.8 Consent Directives 105.9 Consent is related strongly to Purpose of Use 105.10 Consent to Col
10、lect and Use versus Consent to Disclose 115.11 Consent is applicable to specified data . 125.12 Consent related to Disclosure . 125.13 Exceptional access 125.14 Challenges associated with obtaining consent .136 Consent frameworks 136.1 Giving consent meaning . 136.2 Types of consent . 156.3 Detailed
11、 requirements . 166.3.1 Express or Expressed (informed) Consent 166.3.2 Implied (Informed) Consent . 186.3.3 No Consent Sought 196.3.4 Assumed Consent (Deemed Consent) 207 Mechanisms and process: Denial, Opt-in and Opt-out, and Override 217.1 Express or Expressed (and Informed) Denial .217.2 Opt-in
12、and Opt-out 227.2.1 Opt-in 227.2.2 Opt-out. 227.3 Override . 228 Minimum data requirements .22Annex A (informative) Consent framework diagrams .24Annex B (informative) Jurisdictional implementation examples 30Bibliography .34 ISO 2015 All rights reserved iiiContents PagePD ISO/TS 17975:2015ISO/TS 17
13、975:2015(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for
14、 which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on a
15、ll matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. T
16、his document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any o
17、r all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users
18、 and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary
19、 informationThe committee responsible for this document is ISO/TC 215, Health informatics.iv ISO 2015 All rights reservedPD ISO/TS 17975:2015ISO/TS 17975:2015(E)IntroductionThis Technical Specification (TS) defines several frameworks for Informational Consent in healthcare (i.e. Consent to Collect,
20、Use or Disclose personal health information). These are frequently used by organizations who wish to obtain agreement from individuals1)in order to process their personal health information. Requirements arising from good practices are specified for each framework. Adherence to these requirements wi
21、ll ensure the individual, as well as the parties who process personal health information, that consent to do so has been properly obtained and correctly specified. This Technical Specification covers situations involving Informational Consent in routine healthcare service delivery. There may be situ
22、ations involving new and possibly difficult circumstances which are not covered in detail, but even in these situations the principles herein can still form the basis for potential resolution.As described in 5.6, none of the frameworks described are legally mandated, and it is important to note that
23、 a jurisdictions laws might align with one, some or even none of the frameworks described. While this Technical Specification seeks to describe what are commonly accepted as the requirements for a given framework, a jurisdictions legal requirements may supersede the requirements described herein, an
24、d so might not permit the requirements as described to be applied absolutely.In order to align with internationally accepted privacy principles, this Technical Specification is based on two international agreements. The first is the set of privacy principles specified by the Organization for Economi
25、c Co-operation and Development and known as the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These principles form the basis for legislation in many jurisdictions, and for policies addressing privacy and data protection. International policy convergence around
26、 these privacy principles has continued since they were first devised. The principles require the consent of the individual for data processing activities.The second international agreement used is the Declaration of Helsinki, which is used to define essential characteristics of best practices in In
27、formational Consent management. The Declaration is a set of ethical principles regarding human experimentation. It was developed for the medical community by the World Medical Association (WMA) and is widely regarded as a cornerstone document of human research ethics. While this agreement applies di
28、rectly to research on human subjects, it is intimately related to data processing, and can therefore be readily applied to the detailed requirements for Informational Consent management. It is important to note that in the context of the Declaration of Helsinki, the characteristics of Informational
29、Consent were defined and developed over a number of revisions in order to remain relevant to contemporary society.This Technical Specification specifies that a record be retained of the set of agreements and constraints granted via an Informational Consent process, and that the results of that proce
30、ss be made available to other parties to whom the corresponding personal health information is subsequently disclosed (see 5.10). It also defines a list of essential characteristics that the Informational Consent record should possess. These characteristics can be represented within information hand
31、ling policies and used as part of an automated negotiation between healthcare information systems to regulate processing and exchange of personal health information.Interoperability standards and their progressive adoption by e-health programmes expand the capacity for information systems to capture
32、, use and exchange clinical data. For this to occur on a wide scale, the majority of decisions regarding the processing of data will need to take place computationally and automatically. This will in turn require privacy policies to be defined in ways that are themselves interoperable, so that inter
33、actions between heterogeneous systems and services are consistent from a security perspective and supportive of policy (bridging) decisions regarding the processing of personal health information.A list of defined essential characteristics make up the record of the agreements granted via an Informat
34、ional Consent process so as to be made available to those who wish to use the data, as well 1) Various terms are used to refer to the recipients of healthcare services. The terms patients, subjects of care, data subjects, persons or clients are all used, depending upon the relationship of the indivi
35、dual with the data collector and the circumstances or setting of the transaction. The term individual is used to represent a person who is a subject of care and a data subject. ISO 2015 All rights reserved vPD ISO/TS 17975:2015ISO/TS 17975:2015(E)as to other parties to whom the corresponding persona
36、l health information is subsequently disclosed. These characteristics might therefore be represented within policies used as part of an automated negotiation between healthcare information systems to regulate processing and exchange of personal health information.Once consent agreement has been reac
37、hed, allowable constraints defined, and the authority for the organization to collect and use or to disclose data has been established, security processes are needed to support maintenance of the consent documentation itself. Security protects the data that the organization has the authority to coll
38、ect and to hold.Why standardization of consent terminology and frameworks is desirableThe specific practices applied in obtaining and using Informational Consent vary among jurisdictions and among healthcare service settings because of variations in legislation, subject of care types and intended pu
39、rposes of use. However, there is an increasing alignment globally on basic privacy principles and on a common understanding of the expectations of individuals in how their personal health data will be accessed, used and shared. International alignment of Informational Consent practices is of growing
40、 importance as personal health data are increasingly communicated across organizational and jurisdictional boundaries for clinical care, research and public health surveillance purposes. Agreed representations of Informational Consent frameworks help to clarify requirements for this international al
41、ignment. This Technical Specification describes the various Informational Consent frameworks and identifies the normative core principles that are common to all frameworks. This Technical Specification is not meant to challenge jurisdictional legislation or mandate the adoption of a specific framewo
42、rk. In fact, even where Informational Consent is required under legislation, the component requirements of that consent are not often specified. This Technical Specification seeks to fill that gap.Even if two or more parties share a common policy model, this is not sufficient to support policy bridg
43、ing (automated inter-policy negotiation), as the terms used for each characteristic within the shared policy model also need to be mutually understood between collectors and disclosers of health information. In other words, the characteristics of, and terms used in, the request-for-data policy need
44、to have a computable correspondence with the terms and policies of the disclosing partys policy in order for an automated decision to be made regarding the sharing of data. Clear and consistent use of Informational Consent frameworks are an important component of that interoperability.This Technical
45、 Specification is applicable regardless of frequency or scale of access, Use and Disclosure. However, it does assert that every access, Use and Disclosure be made in accordance with stated policies. It is possible that this might be affected on a per-data-request basis between discrete computational
46、 services, or on a per-user-session based on role, or on the basis of batch transfer of data pushed to a business area or activity. For example, claims processing might be permitted without consent as a direct and necessary purpose associated with healthcare service delivery. In this case, the busin
47、ess activity for which the data are used has a direct relationship to the original Purpose of Use, and purpose matching could be done for each batch transfer rather than for each individual record. The issue of how frequently the policy services are interrogated would be addressed in accordance with
48、 suitable policies applying to transactions or batches. In this way, a policy enforcement point need not consult a policy decision point nor determine consent for each record. The policy is, above all, an administrative decision that is part of the information governance activity: the policy engine
49、automates the decision within a business activity or business area wherein the datas Purpose of Use and Informational Consent framework will have been predefined. Such pre-specified or predefined uses cannot take place in a rigorously enforced, policy-compliant manner without interoperable policy specifications, which includes the use of consistent Informational Consent frameworks.No particular technical approach for implementing policy services or policy checking is mandated in this Technical Specification and implementers are therefore free to a
