1、BSI Standards PublicationDD ISO/TS 14265:2011Health informatics Classification of purposes for processing personal health informationPD CEN ISO/TS 14265:2013PD CEN ISO/TS 14265:2013 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN ISO/TS 14265:2013. It is id
2、entical to ISO/TS 14265:2011. It supersedes DD ISO/TS 14265:2011, which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee IST/35, Health informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publicat
3、ion does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014ISBN 978 0 580 77577 2ICS 35.240.80Compliance with a British Standard cannot confer immunity f
4、rom legal obligations.This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 November 2011.Amendments/corrigenda issued since publicationDate Text affected31 March 2014 This corrigendum renumbers DD ISO/TS 14265:2011 as PD CEN ISO/TS 14265:2013
5、TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN ISO/TS 14265 October 2013 ICS 35.240.80 English Version Health Informatics - Classification of purposes for processing personal health information (ISO/TS 14265:2011) Informatique de sant - Classification des besoins pour le
6、 traitement des informations de sant personnelles (ISO/TS 14265:2011) Medizinische Informatik - Klassifikation des Zwecks zur Verarbeitung von persnlichen Gesundheitsinformationen (ISO/TS 14265:2011) This Technical Specification (CEN/TS) was approved by CEN on 25 June 2012 for provisional applicatio
7、n. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence o
8、f this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN
9、 is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, N
10、orway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of ex
11、ploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN ISO/TS 14265:2013 ECEN ISO/TS 14265:2013 (E) 3 Foreword The text of ISO/TS 14265:2011 has been prepared by Technical Committee ISO/TC 215 “Health informatics” of the International Organization for Stand
12、ardization (ISO) and has been taken over as CEN ISO/TS 14265:2013 by Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC s
13、hall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republ
14、ic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endors
15、ement notice The text of ISO/TS 14265:2011 has been approved by CEN as CEN ISO/TS 14265:2013 without any modification. PD CEN ISO/TS 14265:2013CEN ISO/TS 14265:2013 (E)DD ISO/TS 14265:2011ISO/TS 14265:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword iv 0 Introduction v 0.1 Rationale v
16、0.2 Background v 0.3 Context for defining data purposes vi 1 Scope 1 2 Terms and definitions . 2 3 Abbreviated terms . 4 4 Conformance . 4 5 Context . 4 6 Terminology for classifying purposes for processing personal health information 5 Annex A (informative) Examples . 7 Bibliography 13 PD CEN ISO/T
17、S 14265:2013ISO/TS 14265:2011(E)DD ISO/TS 14265:2011ISO/TS 14265:2011(E) iv ISO 2011 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is norma
18、lly carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in th
19、e work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare
20、International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there
21、is an urgent market requirement for such documents, a technical committee may decide to publish other types of normative document: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is appr
22、oved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/P
23、AS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be tr
24、ansformed into an International Standard or be withdrawn. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TS 14265 was prepared by Technical Comm
25、ittee ISO/TC 215, Health informatics. PD CEN ISO/TS 14265:2013ISO/TS 14265:2011(E)DD ISO/TS 14265:2011ISO/TS 14265:2011(E) ISO 2011 All rights reserved v0 Introduction 0.1 Rationale A fundamental principle underlying the use of personal health data is that it is essential to know the purposes for wh
26、ich data was originally collected and that all subsequent processing activities be the same as, or consistent with, the original purpose. This principle, when applied in conjunction with a standardized list of purposes, forms the foundation for a correspondence of permitted purpose between different
27、 users, systems, organizations or policy domains who might need to share personal health information. Interoperability standards, and their progressive adoption by e-health programmes, are expanding the capacity for organizations to exchange health data. For this to occur on a wide scale, the majori
28、ty of decisions regarding requests for health data will need to take place automatically. In order that data processing activities (collection, storage, access, analysis, linkage, communication, disclosure and retention) are appropriate, it is important that policies are defined in fully computable
29、ways that are themselves interoperable. Interoperable policies will enable requests between heterogeneous systems and services to be evaluated consistently. In order for automatic processing policies to be defined and operationalized, it is important that governance structures, processes and rules a
30、re applied to the design of information and information technology at an enterprise or inter-enterprise level through a number of administrative mechanisms. These mechanisms include enterprise architecture/frameworks, standards, strategy, procedures, laws, regulations, principles and policy, and inc
31、lude operational controls such as committees, budgets, plans, and responsibility agreements (e.g. information sharing agreements, service level agreements and contracts). It is recognized that not all disclosures will take place automatically, and that individual (human) decisions will at times be m
32、ade, taking policies and governance arrangements into account. For ethical and legal reasons, it is normally the case that information is used only for the purpose for which it was collected or created. This purpose can be specified explicitly and consented to. Consent to use data for a particular p
33、urpose can also be implied, although it is almost always a requirement that the purposes be declared. Where data are intended for further and different purposes, a new purpose can require a new consent. For example, in some jurisdictions, data collected for health care cannot automatically be used f
34、or research, nor information collected for research used for care, without obtaining new consent. Knowing the purpose for which access to information is intended is essential in order to determine if access to data for processing activities are appropriate. Increasingly, this problem has become not
35、only one of determining that a user has permission to access particular items of information but also that the user has permission to use them for a specified purpose. It is therefore essential to ensure that the context within which access and use is asserted is the correct one. Purpose (or use, pu
36、rpose of use, or context of use) when clearly defined, helps to ensure that access to protected information items is granted to properly authorized users under a specific, appropriate and unambiguous policy. The explicit declaration of intended purpose prior to being granted access also helps to ens
37、ure that users understand that such access does not imply that use is also permitted for other undeclared, inconsistent purposes. Purpose of use helps bring clarity to situations where there are multiple and potentially conflicting contextually sensitive policies for identical users access to identi
38、cal information items. 0.2 Background ISO/TS 22600-1 defines a generic architectural approach for policy services, and a generic framework for defining policies in a formal way. However, like any generic architecture, a structural framework to support policy interoperability has to be instantiated f
39、or use. A policy domain needs also to specify which information properties they wish to take into account when making processing decisions. They need to specify a high level policy model containing those properties, to which all instances of that kind of policy must conform. PD CEN ISO/TS 14265:2013
40、ISO/TS 14265:2011(E)DD ISO/TS 14265:2011ISO/TS 14265:2011(E) vi ISO 2011 All rights reservedISO/TS 13606-4 defines such a policy model for requesting and providing electronic health record (EHR) extracts i.e. for one particular use case. Even if two or more parties share a common policy model, this
41、is not sufficient to support policy bridging (automated inter-policy negotiation): the terms used for each property within the shared policy model need to be mutually understood between requesters and providers of health information. In other words, the properties and terms used in the request (coll
42、ection) policy need to have a computable correspondence with the terms and policies of the recipients disclosure policy in order for an automated access decision to be made. Historically, data uses have been categorized as Primary and Secondary. Because these are relative terms, they only have meani
43、ng when one knows the perspective of the user. This then has the further problem of giving the impression that some purposes are more important than others when it could be argued that the secondary use of health information for the benefit of society is an important purpose. It is therefore propose
44、d that those terms be replaced with explicit and neutral but informative labels. Data collected for inclusion in an EHR is initially collected for the purpose of care, although it may be subsequently used for other purposes. Explicitly stating those uses rather than using a generic label such as “se
45、condary use” will improve communications, transparency and support appropriate use of data. This Technical Specification is intended to be a semantic complement to ISO/TS 22600-1 and ISO/TS 13606-4, which both provide formal architectural and modelled representations of policies, but do not themselv
46、es include a vocabulary for purpose. However, it is not a requirement for a jurisdiction to adopt either of these two specifications in order to use this classification of purposes. There are other standards that define interoperability vocabularies which might also be used to instantiate parts of a
47、 policy. ISO/TS 13606-4 defines a standard vocabulary for the sensitivity of EHR data, and for functional roles. ISO/TS 21298 defines a vocabulary for structural roles (and replicates the ISO/TS 13606-4 vocabulary for functional roles). ISO 10181-3 provides the definition of access control informati
48、on (ACI) essential for defining access control policy. 0.3 Context for defining data purposes Defining data purposes is the critical first step in subsequent activities of data collection and various kinds of processing. Only once the intended purpose of data is known is it possible to assess if acc
49、ess to data or other processing activities are appropriate, for example: what is appropriate to collect, how it should be used, to whom it should be disclosed, and for how long it should be retained. When making an access decision, authorization is a separate axis from purpose, and as such is not included in this classification. Authorization for collection, use or disclosure will be different in different jurisdictions, countries or situations, and will depend upon the environment within which the data are used. Authorization can be obtained in
