1、PUBLISHED DOCUMENT Machine readable cards - Healthcare applications - Logical organisation of data on healthcare professional cards ICs 35.240.15; 35.240.80 NO COPYiNG WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW PD CR 13644:200 1 STD-BSI PD CR L3b44-ENGL*ZlIOL e lb24bh7 fl9L0020 971
2、W PD CR 13644:2001 National foreword This Published Document reproduces verbatim CR 13644:ZOOO. The UK participation in its preparation was entrusted to Technical Committee ISTI17, Identification cards and related devices, which has the responsibility to: - - aid enquirers to understand the text; pr
3、esent to the responsible European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. - A list of organizations represented on this committee can be obtained
4、 on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facil
5、ity of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligat
6、ions. This Published Document. having been prepared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 May 2001 Summary of pages This document comprises a front cover, an inside front cover, the CR title page, pages 2 to 31
7、 and a back cover. The BSI copyright date displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. IDate I Comments O BSI 05-2001 ISBN O 580 37333 9 CEN REPORT PD CR 13644:2001 CR 13644 RAPPORT CEN CEN BERICHT December 2000 ICs English vers
8、ion Machine readable cards - Healthcare applications - Logical organisation of data on healthcare professional cards This CEN Report was approved by CEN on 25 November 2000. It has been drawn up by the Technical Committee CENiTC 224. CEN members are the national standards bodies of Austria, Belgium,
9、 Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION EUROPISCHES KOMITEE FR NORMUNG CO MIT EUROPEEN DE NORMALISATION Management Centre: rue
10、 de Stassart, 36 8-1050 Brussels O 2000 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. _ Ref. No. CR 13644:2000 E . - . STD-BSI PD CR L3brlV-EMGL 2001 M Lb2ibbS 0710022 7111 = Page 2 PD CR 13644:2001 Contents Foreword 4 Introduction . 5 1 2 3
11、 4 5 5.1 5.2 6 6.1 6.2 6.2.1 6.2.2 6.3 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.5 6.6 6.7 7 7.1 7.1.1 7.1.2 7.1.3 8 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.1.5 8.1.6 8.2 8.2.1 8.3 8.3.1 8.4 8.4.1 8.5 8.5.1 8.6 8.6.1 8.7 8.7.1 9 9.1 9.2 9.3 Scope 6 Normative references 6 Terms and definitions 7 Symbols and abbreviations
12、7 Notations . 8 Data status 9 Logical data-set of HP-cards 9 The “HealthCareCardData“ data object . 9 The “DeviceData“ data object . 9 The “DevDirectory“ data object 10 The “Devldentification“ data object . 11 Format descriptors 8 The “CardHolderData“ data object . 12 The “HealtCareProfData“ data ob
13、ject 13 The “HCPNatlnfo“ data object 13 The “HCPSpecialisation“ data object 14 The “Situation“ data object . 14 The “HealthCareWorkerData“ data object . 15 Identification of card issuers and registered application providers 15 HP-cards memory lay-out . 16 Structure of card memory . 16 Identification
14、 of directories and files . 17 Access conditions to data in a standard EF . 17 The allocation of tags for data objects 17 The memory organisation of the HP-card . 19 Device data . 19 Template 60 : DevType 19 Template 62 : DevApplications . 20 Templates 79 and 61 : Device directory information 20 Dev
15、ldentif ication 20 ATR information . 21 Template 66 : HPCDevSecurity . 21 Card Holder data . Template 67 : Card Holder information . HealthCareSites 23 Template 68 : HealthCareSites 23 Coding SchemesUsed 24 Template 6A : CodingSchemesUsed 24 Linkages 24 Template 6B : Linkages . 24 Healthcare Profess
16、ional data . 25 Healthcare Worker data 25 Template 6E : Healthcare Worker data 26 Adding proprietary data to the HC card 26 Private templates and data objects 26 Private EFs 27 Private DFs . 27 The “Diploma“ data object 14 General data objects 15 Template 6D : Healthcare Professional data 25 Page 3
17、PD CR 13644:2001 IO 11 Part 3 : HP-cards visual aspects 28 The hierarchy of the data objects of a HP-card 29 Page 4 PD CR 13644:2001 Foreword This document has been prepared by CEN TC 224, “Machine readable cards, related device interfaces and operations“. This CEN Report is published to provide ava
18、ilability of the work undertaken by CEN/TC 224 during the years 1992-1 997 which was aiming to produce a European standard entitled “Machine readable cards - Healthcare applications - Logical data structures and concepts for different card technologies for use by patients in health applications“. CE
19、N/TC 224 has decided to close its own work towards completing this standards work being convinced that the work effort should be concentrated and will be better continued in ISOTTC 251 “Health informatics“. The scope of the work presented herein was intended to provide solutions for IC-cards only. H
20、owever, many of the data structures have a generic approach facilitating the integration of card applications with various health related applications using databases and network communication in addition to the information stored on cards. However, the security functions crucial for implementation
21、of health professional cards were not addressed in this work. After the completion of the work presented here, several standards initiatives have addressed such security requirements and should be taken into account in providing a stable standard for such applications. One available result is the Eu
22、ropean prestandard ENV 13729 “Health informatics - Secure user identification for healthcare strong authentication using microprocessor cards“. Other important developments are the European Electronic Signature Standardization initiative and the ISOAECJTC 1/SC 17 work on ISOAEC 18027 “Identification
23、 cards - Cryptographic token information application“. The work of CENTC 224 started in parallel with CENTC 251, to a large extent with the same experts. CEN/TC 251 received a mandate from EU and ERA and developed the ENV 12018 entitled “Medical informatics - Identification, administrative, and comm
24、on clinical data structure for Intermittently Connected Devices used in healthcare (including machine readable cards)“ which was adopted in 1997. This standard is currently undergoing a major revision in preparation for being transferred to a European Standard. This CEN Report is partly based on ENV
25、 12018 and contains parts of this standard. The reason for including those initially was that as it had not been finalized, it could not safely be referenced. This CEN Report is proposed to ISO/TC 215 and it is expected that the basic ideas and many details will be able to provide the basis for one
26、or very likely several International Standards on this topic. It is important to understand that the specification provided in this CEN Report although expressed as normative requirements, is not a European Standard. Page 5 PD CR 13644:2001 Introduction This CEN Report defines the logical data stora
27、ge format for data in machine readable cards to be used by persons, healthcare professionals and other workers, in health applications. Data objects have been defined within ENV 12018:1997 that, with respect to fitness of purpose, had simular attributes and thence fitted a common data storage such a
28、s encompassed by a dedicated file (DF) as described within a smart card. This strategy has a number of advantages, the most important being that the “master file“ containing the data objects with all their sub components can be transmitted and thence stored as a single super object within media lack
29、ing processing capability. However for media with processing capabilities such objects can be subdivided into different logical files as described above and re-assembled on transmission. Because of the technological limitations of some types of media it is necessary that some data transformation tak
30、e Aace when transferring data between some different types of technologies. However, as the interface devices to :hese technologies are dissimilar the software interface will always be aware of the technology with which it is interfacing and therefore able to perform these transformations. This appr
31、oach to logical data storage can enable the storage of all types of information theoretically on any type of device and does away with the redundancy produced by the common core approach. In the case of some media ( in particular IS0 compatible magnetic stripe media ) it is expected that the interfa
32、ce will carry out transformation of the data when transferring it between different card technologies ( to cope with differential encoding rules and the application of ASN.l context specific tags). This CEN report contains 3 parts : - first part : Logical data-set of HP-cards (clause 6), this logica
33、l data set is an abstract and adaptation for healthcare professionals of ENV 12018:1997 ; some modifications have been made in order to be compliant with ISO/IEC 7816 and some additional fields have been added which are specific to healthcare professionals ; - second part : HP-cards memory lay-out (
34、clauses 7 to 9), : description of the storage of the logical data-set in the cards memory ; - third part : HP-cards visual aspects (clause 1 O), it takes into account EN 1387:1996. NOTE sites) are also covered by this document. For the sake of completeness, cards for healthcare workers (non healthca
35、re professionals working in healthcare These cards allow access to healthcare applications with adapted privileges. 1 scope This CEN Report specifies the logical organisation of data of healthcare professional cards implemented on integrated circuit(s) cards only. In order to allow interoperability
36、between applications on European level for HP-cards, the following aspects are taken into account : - non-ambiguous international identification of healthcare professionals ; - identification of the profession(s) and the specialisation(s) of the HPC ; - identification of the situations in which the
37、HPC is allowed to work ; - codification of data objects needed for interoperability ; - cryptographic procedures (algorithms, modes of use, used data elements). This CEN Report is applicable to healthcare professionals and non healthcare professionals working in healthcare sites (healthcare workers)
38、. 2 Normative references This CEN Report incorporates by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions o
39、f any of these publications apply to this CEN Report only when incorporated in it by amendment or revision. For undated references the latest edition of the publication referred to applies. EN 1387:1996, Machine readable cards - Health care applications - Cards : General characteristics. EN 1867: 19
40、97, Machine readable cards - Health care applications - Numbering system and registration procedure for issuer identifiers. EN IS0 31 66-1:1997, Codes for the representation of names of countries and their subdivisions - Part 1 : Country codes (IS0 3 166- 1 : 1997). EN ISOAEC 781 6-4:1996, Informati
41、on technology, Identification cards - Integrated circuit(s) cards with contacts - Part 4 : Interindustry commands for interchange (ISO/lEC 7816-4: 1995). EN ISO/IEC 7816-5:1995, Identification cards - Integrated circuit(s) cards with contacts - Part 5 : Numbering system and registration procedure fo
42、r application identifiers (lSO/lEC 78 16-5: 1994). EN ISOAEC 7816-6:1997, Identification cards - Integrated circuit(s) cards with contacts - Part 6 : Interindustry data elements (ISOAEC 7816-6: 1996). ENV 1201 8: 1 997, Identification, administrative, and common clinical data structure for Intermitt
43、ently Connected Devices used in healthcare (including machine readable cards). IS0 639:1988, Code for the representation of names of languages. IS0 639-2:1998, Code for the representation of names of languages - Part 2 Alpha9 code. IS0 8859-1 : 1987, Information processing - 8-bit single-byte coded
44、graphic character sets - Part 1 : Latin alphabet No. 1. ISO/IEC 781 6 (all parts), Identification cards - Integrated circuit(s) cards with contacts. ISOAEC 781 6-3: 1 997, Information technology, Identification cards - Integrated circuit(s) cards with contacts - Part 3 Electronic signals and transmi
45、ssion protocols. - - STD-BSI PD CR 13bLiY-ENGL 2OOL 0 Lb24bb7 0730027 223 = Page 7 PD CR 136442001 3 Terms and definitions For the purposes of this CEN Report, the following terms and definitions apply. 3.1 healthcare person (HCP) an healthcare professional or an healthcare worker 3.2 healthcare pro
46、fessional person disposing of a registered diploma according to national law or an equivalent certificate (recognised by state- authorities) authorising him to work within healthcare (in personal practice or in a healthcare site) 3.3 healthcare worker (HCW) person (not being an healthcare profession
47、al) working for an healthcare site. He can be employed but this is not compulsory. An HCW is not allowed to have an HP-card, but need a card with the same functionalities in order to use common applications such as “logical access control to information systems“, physical access control to protected
48、 areas, etc. EXAMPLE Administrative agent, medical secretary, receptionist, information systems operators, maintenance people,. . . 3.4 healthcare site (HCS) any organisation in which healthcare professionals work, such as hospitals, pharmacies, private pratices, laboratories 3.5 HP-card (HPC) card
49、of an healthcare person issued by a trustworthy issuer who has the obligation to check the authorisation to exercise (registered diploma) 3.6 healthcare card (HCC) card of a patient or an healthcare person 4 Symbols and abbreviations IC ICC ICD BCD DF EF HCC HCW HCP HCS Integrated circuit Integrated circuit card Intermittently Connected Device Binary coded digit Dedicated file Elementary file Healthcare card Healthcare worker (not a Healthcare person) Healthcare person Healthcare site - STDoBJI PD CR 13bLiLi-EN
