1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T H.812 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2017) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMS E-health multimedia services and applications Personal health systems Interoperability design guidelines for perso
2、nal connected health systems: Services interface Recommendation ITU-T H.812 ITU-T H-SERIES RECOMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization
3、 H.220H.229 Systems aspects H.230H.239 Communication procedures H.240H.259 Coding of moving video H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Qualit
4、y of service architecture for audiovisual and multimedia services H.360H.369 Telepresence H.420H.429 Supplementary services for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series m
5、ultimedia systems and services H.510H.519 Mobile multimedia collaboration applications and services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 VEHICULAR GATEWAYS AND INTELLIGENT TRANSPORT
6、ATION SYSTEMS (ITS) Architecture for vehicular gateways H.550H.559 Vehicular gateway interfaces H.560H.569 BROADBAND, TRIPLE-PLAY AND ADVANCED MULTIMEDIA SERVICES Broadband multimedia services over VDSL H.610H.619 Advanced multimedia services and applications H.620H.629 Ubiquitous sensor network app
7、lications and Internet of Things H.640H.649 IPTV MULTIMEDIA SERVICES AND APPLICATIONS FOR IPTV General aspects H.700H.719 IPTV terminal devices H.720H.729 IPTV middleware H.730H.739 IPTV application event handling H.740H.749 IPTV metadata H.750H.759 IPTV multimedia application frameworks H.760H.769
8、IPTV service discovery up to consumption H.770H.779 Digital Signage H.780H.789 E-HEALTH MULTIMEDIA SERVICES AND APPLICATIONS Personal health systems H.810H.819 Interoperability compliance testing of personal health systems (HRN, PAN, LAN, TAN and WAN) H.820H.859 Multimedia e-health data exchange ser
9、vices H.860H.869 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T H.812 (11/2017) i Recommendation ITU-T H.812 Interoperability design guidelines for personal connected health systems: Services interface Summary The Continua Design Guidelines (CDG) defines a framewo
10、rk of underlying standards and criteria that ensure the interoperability of devices and data used for personal connected health services. The Continua Design Guidelines also contains design guidelines (DGs) that further clarify the underlying standards or specifications by reducing options or by add
11、ing missing features to improve interoperability. ITU-T H.812 contains an overview of the Services interface (Services-IF), common design guidelines for all Services-IF Certified Capability Classes (CCC) and the design guidelines for Consent Enabled Personal Health Gateway (PHG) and Services CCCs. T
12、he design guidelines which support the following Certified Capability Classes (CCC) are defined in separate guidelines documents, as follows: Observation Upload capability in ITU-T H.812.1 (2017) Questionnaire capability in ITU-T H.812.2 (2017) Capability Exchange capability in ITU-T H.812.3 (2017)
13、Authenticated Persistent Session capability in ITU-T H.812.4(2017) ITU-T H.812 is part of the “ITU-T H.810 interoperability design guidelines for personal connected health systems“ subseries that covers the following areas: ITU-T H.810 Interoperability design guidelines for personal connected health
14、 systems: Introduction ITU-T H.811 Interoperability design guidelines for personal connected health systems: Personal Health Devices interface ITU-T H.812 Interoperability design guidelines for personal connected health systems: Services interface (this design guidelines document) ITU-T H.812.1 Inte
15、roperability design guidelines for personal connected health systems: Services interface: Observation upload capability ITU-T H.812.2 Interoperability design guidelines for personal connected health systems: Services interface: Questionnaire capability ITU-T H.812.3 Interoperability design guideline
16、s for personal connected health systems: Services interface: Capability exchange capability ITU-T H.812.4 Interoperability design guidelines for personal connected health systems: Services interface: Authenticated persistent session capability ITU-T H.813 Interoperability design guidelines for perso
17、nal connected health systems: Healthcare information system interface History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T H.812 2015-11-29 16 11.1002/1000/12653 2.0 ITU-T H.812 2016-07-14 16 11.1002/1000/12913 3.0 ITU-T H.812 2017-11-29 16 11.1002/1000/13415 Keywords CDG, Contin
18、ua Design Guidelines, healthcare information systems, personal connected health systems, personal health devices, services. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handl
19、e.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T H.812 (11/2017) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (IT
20、U-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four
21、years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the n
22、ecessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. How
23、ever, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negativ
24、e equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use o
25、f a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, I
26、TU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.i
27、tu.int/ITU-T/ipr/. ITU 2018 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T H.812 (11/2017) iii Table of Contents Page 0 Introduction vi 0.1 Organization vi 0.2 Guideline releases and versioning . vi
28、 0.3 Whats new. vi 1 Scope 1 2 References 1 3 Definitions . 2 4 Abbreviations and acronyms . 2 5 Conventions . 2 6 Architecture . 2 7 Use cases 6 7.1 Consent management use cases . 6 7.1.1 Upload consent to the server . 6 7.1.2 Retrieve the already completed patient consent from the server 7 7.1.3 U
29、pload updated consent to the server . 7 7.2 Consent enforcement use case . 7 7.2.1 Content encryption before upload . 7 7.3 Other CCC use cases . 7 8 Behavioural models . 7 8.1 Common Services-IF message exchange behaviour . 8 8.2 Common security model for REST based CCC implementations 8 8.3 Consen
30、t management behavioural model 9 8.4 Consent enforcement behavioural model 10 9 Implementation 10 9.1 Consent representation 10 9.2 Transport protocols 11 9.2.1 Transport protocol using data over HTTP. 11 9.2.2 Transport protocol using IHE XDR 11 9.3 Consent enforcement . 11 9.3.1 Consent enforcemen
31、t using XML encryption . 11 9.3.2 Consent enforcement using IHE DEN 11 Annex A Normative guidelines overview . 12 iv Rec. ITU-T H.812 (11/2017) Page Annex B General security guidelines for Services-IF CCCs 14 Annex C Normative guidelines for consent management 16 Appendix I ATOM feed elements for co
32、nsent management 24 I.1 Information for consent in the root.xml . 24 Appendix II Examples of consent management using SOAP. 25 Appendix III OAuth example . 28 Appendix IV Consent Enabled PHG Questionnaire response association . 30 Bibliography 32 List of Tables Page Table A.1 Certified Capability Cl
33、asses . 12 Table A.2 Guidelines for Certified Capability Classes . 12 Table A.3 Requirements common to all CCCs . 13 Table B.1 PHG security guidelines using REST 14 Table B.2 Health users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent editi
34、on of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. 2 Rec. ITU-T H.812 (11/2017) IT
35、U-T H.810 Recommendation ITU-T H.810 (2017), Interoperability design guidelines for personal connected health systems: Introduction. Other referenced documents can be found in clause 2 of ITU-T H.810. 3 Definitions This design guidelines document uses terms defined in ITU-T H.810. 4 Abbreviations an
36、d acronyms This design guidelines document uses abbreviations and acronyms defined in ITU-T H.810. 5 Conventions This design guidelines documentfollows the conventions defined in ITU-T H.810. 6 Architecture In this end-to-end (E2E) reference architecture, the Services interface (Services-IF) connect
37、s a Personal Health Gateway (PHG) to a Health 1 NOTE Within the end-to-end architecture, both the Services and the Healthcare Information System (HIS) interfaces can be implemented on a device close to the user/patient (PC, laptop, mobile phone, etc.) in order to exchange information with entities t
38、hat are geographically distant from such devices. The guidelines place no restrictions on the deployment of Certified Capability Classes on specific hardware. 4 Rec. ITU-T H.812 (11/2017) the uploading of consent information from the PHG to the Health the downloading of to-be-completed questionnaire
39、s from the Health the exchange of information (e.g., unsolicited commands) between the Health the exchange of supported Certified Capability Class information (capability exchange) between the PHG and the Health & Fitness service as an enabler for the other use cases ITU-T H.812.3. A PHG can support
40、 one or more applications that each implement one or more Continua Certified Capability Classes. Figure 6-3 depicts the Continua Services-IF, showing a PHG application and a Health & Fitness service application in which all of the possible Services-IF Certified Capability Classes are implemented. Fi
41、gure 6-3 Continua Services-IF showing the Services-IF Certified Capability Classes The intent of these guidelines is to specify system behaviour in enough detail to achieve an acceptable level of interoperability for a particular use case. A use case is encapsulated in a Certified Capability Class (
42、CCC). The guidelines make normative statements about how the network interface of the components of the CCC functions. For the Services-IF these components exist in the context of applications or services that reside on a PHG or on a Health & Fitness service. Common platforms often limit the manner
43、in which applications can communicate with each other to ensure the stability of the overall platform. This limited interaction between applications is called sandboxing. In order to support sandboxed applications this version of the Services-IF uses a reference model that defines an application as
44、a container for one or more CCC components. Interactions between the components within the application container do not have normative Rec. ITU-T H.812 (11/2017) 5 requirements and are fully up to the developer of the application. Interactions on the Services-IF between the applications CCCs on the
45、PHG and the corresponding CCCs on the Health & Fitness service are visible and do have normative requirements in order to pass certification. The reference model allows multiple applications to exist in a PHG or a Health & Fitness service, but applications do not interact with other applications exc
46、ept through network interfaces. In these guidelines applications that run on a Health & Fitness service are often referred to as services since Health & Fitness services are commonly web service platforms. A Health & Fitness service is conceptually the same as a PHG application. These guidelines doc
47、ument mechanisms by which components may communicate with each other through an internal application programming interface (API). Future versions of the Services-IF may use these mechanisms to enable interoperability between components within an application. In Figure 6-4 the concepts of the Service
48、s-IF reference model are used to depict a PHG with two independent applications communicating with a Services application. One PHG application supports three CCCs and the other supports a single CCC. Normative requirements are made on the network interfaces between the PHG and the Health & Fitness s
49、ervice. The interactions between the CCC components within an application container are not normative and are shown as red dashed lines coordinated by application internal processing that are out of the scope of these guidelines. Figure 6-4 Services-IF reference model Communications that use the Services-IF start with the PHGs Capability Exchange component. This component sends a request to its peer component on the Health & Fitness service. The request asks the Health &
