1、M rz 2004DEUTSCHE NORM Normenausschuss Medizin (NAMed) im DINPreisgruppe 24DIN Deutsches Institut f r Normung e.V. Jede Art der Vervielf ltigung, auch auszugsweise, nur mit Genehmigung des DIN Deutsches Institut f r Normung e. V., Berlin, gestattet.ICS 35.240.808 ; 9502553www.din.deXDIN EN 14485Medi
2、zinische Informatik Anleitung zur Verwendung von pers nlichen Gesundheitsdaten in internationalen Anwendungen vor dem Hintergrund der EUDatenschutzrichtlinie;Deutsche Fassung EN 14485:2003, Text in EnglischHealth informatics Guidance for handling personal health data in international applications in
3、 the context of the EU data protection directive; German version EN 14485:2003, text in EnglishInformatique de sant Guide pour manipuler des donnes personnelles de sant dans des applications internationales dans le contexte de la directive europenne sur la protection des donnes personelles;Version a
4、llemande EN 14485 : 2003, texte en anglaisAlleinverkauf der Normen durch Beuth Verlag GmbH, 10772 Berlinwww.beuth.deGesamtumfang 79 SeitenB55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 DIN EN 14485:2004-032Die Europische Norm EN 14485:2003 hat den Status einer DeutschenNorm.Nat
5、ionales VorwortDiese Norm enthlt unter Bercksichtigung des Prsidialbeschlusses 13/1983 die Englische Fassung derEuropischen Norm EN 14485:2003. Diese Europische Norm wurde in der WG III Security, Safety andQuality des CEN/TC 251 Medizinische Informatik erarbeitet. Der Fachbereich G Medizinische Info
6、rmatik undinsbesondere die Mitarbeiter des Arbeitsausschusses G 4 Sicherheit des Normenausschusses Medizin(NAMed) im DIN haben an der Erarbeitung mitgewirkt.B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 14485December 2003ICS 35
7、.240.80English versionHealth informatics - Guidance for handling personal health datain international applications in the context of the EU dataprotection directiveInformatique de sant - Guide pour manipuler des donnespersonnelles de sant dans des applicationsinternationales dans le contexte de la d
8、irective europennesur la protection des donnes personellesMedizinische Informatik - Anleitung zur Verwendung vonpersnlichen Gesundheitsdaten in internationalenAnwendungen vor dem Hintergrund der EU-DatenschutzrichtlinieThis European Standard was approved by CEN on 13 November 2003.CEN members are bo
9、und to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the Ma
10、nagement Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the Management Centre has the same status as the
11、officialversions.CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece,Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal, Slovakia, Spain, Sweden, Switzerland and UnitedKingdom.EUROPEAN COMMITTEE
12、FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGManagement Centre: rue de Stassart, 36 B-1050 Brussels 2003 CEN All rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 14485:2003 EB55EB1B3E14C22109E918E8EA43EDB30F0
13、9CC9B7EF8DD9NormCD - Stand 2007-03 EN 14485:2003 (E)2Contents PageForeword . 5Introduction. 61 Scope 92 Normative references 93 Terms and definitions. 94 Abbreviated terms. 115 General solutions to exchanging personal health data between compliant and non-compliantcountries 115.1 General approach 11
14、6 Judging the adequacy of data protection. 126.1 General . 126.2 Content Principles. 126.3 Procedural/Enforcement Mechanisms 146.4 Third Countries that have ratified the Council of Europe Convention 108 . 146.5 Industry self-regulation 157 Making adequate provisions 167.1 Introduction . 167.2 Meetin
15、g the “Content Principles“ 167.3 Providing for the “Procedural/Enforcement Mechanisms“ 177.3.1 General . 177.3.2 Providing redress 177.3.3 Support and help to data subjects 177.3.4 Adequate compliance . 187.3.5 Onward transfers. 187.3.5 Direct marketing and sale of data 187.4 Overriding law . 188 Pe
16、rmissible derogations, Articles 26.1 and 26.2 198.1 Article 26.1 . 198.1.1 General . 198.1.2 Consent 208.2 Article 26.2 . 209 Anonymisation 209.1 Definition of personal data. 209.2 Rendering personal data anonymous. 2110 Notification to Supervisory Authorities 2110.1 Introduction . 2110.2 Implementa
17、tion of Articles 18 to 20. 2111 Steps in establishing an international application with adequate data protection safeguardsfrom the view point of an EU data controller2211.1 Introduction . 2211.2 Step One: Can the data be non-personal? . 2211.3 Step Two: Is the recipient third country an EEA country
18、? . 2311.4 Step Three: Is the recipient country recognised by the Commission as having adequatedata protection provisions?. 2311.5 Step Four: Is the recipient organisation in compliance with arrangements formally recognisedby the Commission as providing adequate data protection provisions? . 24B55EB
19、1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 14485:2003 (E)3Page11.6 Step Five; If the recipient third country is not EEA, has it signed the Council of EuropeConvention 108? . 2411.7 Step Six: Is the recipient country applying to become a member of the EU? 2411.8 Step Seven: Ca
20、n adequacy of data protection be established? 2411.9 Step Eight: If adequacy of data protection cannot be established can the derogations inArticle 26.1 provide a solution? 2411.10 Step Nine: If adequacy of data protection cannot be established can the derogation inArticle 26.2 regarding contractual
21、 clauses provide a solution? 2611.11 Step Ten: If transfer of personal data health data to the recipient third country is permissible hasthe recipient implemented adequate security measures and can the application proceed? . 2612 Steps in establishing an international application with adequate data
22、protection safeguardsfrom the viewpoint of a non-EU data controller. 2612.1 Establishing data protection adequacy in the EU . 2613 Model contract clauses 27Published models . 2714 Security measures 2714.1 Introduction . 2714.2 General security 2814.3 Security contracts with processors and with contr
23、ollers in non-compliant countries. 2814.4 Security policy 2814.5 Risk analysis . 2914.6 Security organisation and allocation of duties 2914.7 Reporting of security incidents or breaches . 2914.8 Staff and contractor contracts. 2914.9 Training and awareness. 3014.10 Transmission of data 3014.11 Limit
24、ations of purpose and access. 3014.12 Onward transfers 3014.13 Audit trails . 3114.14 Loss, damage and destruction 3114.15 Business Continuity Plans. 3114.16 Network Security. 3114.17 Patients Rights 3114.18 Compliance 3214.19 Standards. 3215 Declaration of grounds on which transfers are to take pla
25、ce 3215.1 Statement of grounds. 32Annex A (informative) Key primary international documents on data protection. 33A.1 EU Data Protection Directive . 33A.1.1 General. 33A.1.2 Coverage 33A.1.3 Rules for lawfulness of processing 33A.1.4 Special categories of processing 34A.1.5 Data subjects rights. 34A
26、.1.6 Security of processing . 35A.1.7 Supervisory Authorities . 35A.1.8 Remedies and sanctions 35A.1.9 Transfer of personal data to third countries 35A.2 Organisation for Economic Co-operation and Development (OECD) . 36A.3 Council of Europe . 36A.4 United Nations General Assembly 37A.4.1 General. 3
27、7A.4.2 Principles concerning minimum guarantees that should be provided in any nationalegislation . 37B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 14485:2003 (E)4PageA.4.3 Application of the Guidelines to personal data files kept by governmental internationalorganisations.
28、 38Annex B (informative) Text of Articles 25 and 26 of the EU Data Protection Directive . 39B.1 Article 25: Principles. 39B.2 Article 26: Derogations. 39Annex C (informative) Text of Article 28 of the EU Data Protection Directive 41Annex D (informative) Questionnaire for Assessing Data Protection Ad
29、equacy 43Annex E (informative) Safe harbour privacy principles 49Annex F (informative) Standards and sources of advice . 52F.1 EU Security projects . 52F.2 CEN/ISSS 52F.3 Non-CEN Standards 52F.4 Selected web sites 53Annex G (informative) Model Declaration of Grounds upon which Transfer of Personal H
30、ealth Datais Regarded as in Compliance with the EU Data Protection Directive 54Annex H (informative) Model contractual clauses for controller to controller transfers to a countrywith inadequate data protection provisions56H.1 Introduction . 56H.2 Model standard contractual clauses . 57Annex I (infor
31、mative) Model contractual clauses for controller to processor transfers to a countrywith inadequate data protection provisions.67I.1 Introduction . 67I.2 Model standard contractual clauses . 68Bibliography 76B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 14485:2003 (E)5Forew
32、ordThis document (EN 14485:2003) has been prepared by Technical Committee CEN/TC 251 “EuropeanStandardization of Health Informatics“, the secretariat of which is held by SIS.This European Standard shall be given the status of a national standard, either by publication of an identical text orby endor
33、sement, at the latest by June 2004, and conflicting national standards shall be withdrawn at the latest byJune 2004.The annexes A, B, C, D, E, F, G, H and I are informative.According to the CEN/CENELEC Internal Regulations, the national standards organizations of the followingcountries are bound to
34、implement this European Standard: Austria, Belgium, Czech Republic, Denmark, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal,Slovakia, Spain, Sweden, Switzerland and the United Kingdom.B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9N
35、ormCD - Stand 2007-03 EN 14485:2003 (E)6IntroductionIn the health context, information about individuals needs to be collected, stored and processed for many purposes,the main being: administrative processes e.g. booking appointments; direct delivery of care e.g. patient records; clinical research;
36、statistics.The data required will depend on the purpose. In the context of identification of individuals, data may be needed: to allow an individual to be readily and uniquely identified e.g. a combination of name, address, age, sex,identification number; to confirm that two data sets belong to the
37、same individual without any need to identify the individual himselfe.g. for record linkage and/or longitudinal statistics; for statistical purposes with the desire positively to prevent identification of any individual.In all of these circumstances data about individuals are now, and will increasing
38、ly in the future, be transmittedacross national borders or be deliberately made accessible to countries other than where they are collected orstored. Data may be collected in one country and stored in another, be processed in a third, and be accessiblefrom many countries or even globally.Internation
39、al health-related applications will require health-related data to be transmitted from one nation toanother.That is very evident in telemedicine or when data are electronically dispatched for example in an email or as a datafile to be added to an international database. It also occurs, but less obvi
40、ously, when a database in one country isviewed from the other for example over the Internet. That application may appear passive but the very act ofviewing involves disclosure of that data and is deemed processing. Moreover it requires a download that may beautomatically placed in a cache and held t
41、here until emptied - this also is processing.In all applications involving personal health data there can be a potential threat to the privacy of an individual. Thatthreat and its extent will depend on: the level to which data is protected from unauthorised access in storage or transmission; the num
42、ber of persons who have authorised access; the nature of the personal data stored; the level of difficulty in identifying an individual if access to the data is obtained.Wherever health data are collected, stored, processed or published (including electronically on the Internet) thepotential threat
43、to privacy needs to be assessed and appropriate protective measures taken. Some form of riskanalysis should be undertaken to ascertain the required level of security measures.In addition to the standards bodies CEN, CENELEC, ISO and IEC there are three major trans-national bodies thathave produced i
44、nternationally authoritative documents relating to security and data protection: the European Union (EU); the Organisation for Economic Co-operation and Development (OECD);B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 14485:2003 (E)7 the Council of Europe; the United Nation
45、s (UN).The primary documents from these bodies are: EU Data Protection Directive “on the protection of individuals with regard to the processing of personaldata and free movement of that data“ 1; OECD “Guidelines on the Protection of Privacy and Trans-border flows of Personal Data“ 2; OECD “Guidelines for the Security of Information Systems“ 3; Council of Europe “Convention for the Protection of individuals with regard to Automatic Processing ofPersonal Da