Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this international standard
6 General principles and roles
7 Legitimising data transfer
8 Criteria for ensuring adequate data protection
with respect to the transfer of personal health data
9 Security policy
10 High Level Security Policy: the content
11 Rationale and observations on measures to
support Principle Ten concerning security of
processing
12 Personal health data in non-electronic form
Annex A (informative) - Key primary international
documents on data protection
Annex B (informative) - National documented
requirements and legal provisions in a range
of countries
Annex C (informative) - Exemplar contract
clauses: Controller to Controller
Annex D (informative) - Exemplar contract
clauses: Controller to Processor
Annex E (informative) - Handling very sensitive
personal health data
Bibliography