Skip to content
Please enter a keyword to search

  • ISO/TS 13606-4:2009

    View superseded by
    Withdrawn A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
    View superseded by

    Health informatics Electronic health record communication Part 4: Security

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Withdrawn date:  09-03-2022

    Language(s):  English

    Published date:  16-09-2009

    Publisher:  International Organization for Standardization

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    0 Introduction
      0.1 Challenge addressed by this part of ISO 13606
      0.2 Communication scenarios
      0.3 Requirements and technical approach
      0.4 Generic EHR access policy model
      0.5 Audit log interoperability
      0.6 Relationship to ENV 13606-3
    1 Scope
    2 Conformance
    3 Terms and definitions
    4 Abbreviations
    5 Record component sensitivity and functional roles
      5.1 RECORD_COMPONENT sensitivity
      5.2 Functional roles
      5.3 Mapping of functional role to RECORD_COMPONENT sensitivity
    6 Representing access policy information within an EHR_EXTRACT
      6.1 General
      6.2 Archetype of the Access policy COMPOSITION
      6.3 ADL representation of the archetype of the access
          policy COMPOSITION
      6.4 UML representation of the archetype of the access
          policy COMPOSITION
    7 Representation of audit log information -
      EHR_AUDIT_LOG_EXTRACT model
    Annex A (informative) - Illustrative access control example
    Annex B (informative) - Relationship of this part of ISO 13606
                            to ENV 13606-3:2000
    Bibliography

    Abstract - (Show below) - (Hide below)

    ISO/TS 13606-4:2009 describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in ISO 136061.

    ISO/TS 13606-4:2009 seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.

    General Product Information - (Show below) - (Hide below)

    Development Note DRAFT ISO/DIS 13606-4 is also available for this standard. (02/2017)
    Document Type Technical Specification
    Publisher International Organization for Standardization
    Status Withdrawn
    Superseded By

    Standards Referenced By This Book - (Show below) - (Hide below)

    DIN EN ISO 22600-3:2015-02 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
    UNI EN ISO 22600-3 : 2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS
    DD ISO/TS 14265 : 2011 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION
    S.R. CEN ISO/TS 14441:2013 HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF EHR SYSTEMS FOR USE IN CONFORMITY ASSESSMENT (ISO/TS 14441:2013)
    ISO 18308:2011 Health informatics — Requirements for an electronic health record architecture
    CEN ISO/TS 14265:2013 Health Informatics - Classification of purposes for processing personal health information (ISO/TS 14265:2011)
    10/30231940 DC : 0 BS EN ISO 12967-1 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
    BS EN ISO 12967-3:2011 Health informatics. Service architecture Computational viewpoint
    BS ISO 18308:2011 Health informatics. Requirements for an electronic health record architecture
    BS EN ISO 13940:2016 Health informatics. System of concepts to support continuity of care
    PD ISO/TS 17975:2015 Health informatics. Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information
    10/30156465 DC : DRAFT DEC 2010 BS EN ISO 27789 - HEALTH INFORMATICS - AUDIT TRAILS FOR ELECTRONIC HEALTH RECORDS
    PD ISO/TR 14292:2012 Health informatics. Personal health records. Definition, scope and context
    I.S. EN ISO 12967-1:2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
    ISO/TS 17975:2015 Health informatics — Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information
    UNI CEN ISO/TS 14441 : 2014 HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF HER SYSTEMS FOR USE IN CONFORMITY ASSESSMENT
    EN ISO 12967-3:2011 Health informatics - Service architecture - Part 3: Computational viewpoint (ISO 12967-3:2009)
    PD CEN ISO/TS 14265:2013 Health Informatics. Classification of purposes for processing personal health information
    10/30231948 DC : 0 BS EN ISO 12967-3 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
    DD ISO/TS 22600-3:2009 Health informatics. Privilege management and access control Implementations
    BS EN ISO 10781:2015 Health Informatics. HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM)
    DIN EN ISO 22600-3 E : 2015 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
    I.S. EN ISO 13940:2016 HEALTH INFORMATICS - SYSTEM OF CONCEPTS TO SUPPORT CONTINUITY OF CARE (ISO 13940:2015)
    S.R. CEN ISO/TS 14265:2013 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION (ISO/TS 14265:2011)
    UNI EN ISO 12967-1 : 2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
    UNI CEN ISO/TS 14265 : 2013 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION
    ISO/TR 17522:2015 Health informatics Provisions for health applications on mobile/smart devices
    EN ISO 22600-3:2014 Health informatics - Privilege management and access control - Part 3: Implementations (ISO 22600-3:2014)
    PD IEC/TR 80001-2-2:2012 Application of risk management for IT-networks incorporating medical devices Guidance for the disclosure and communication of medical device security needs, risks and controls
    I.S. EN ISO 12967-3:2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
    ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
    IEC TR 80001-2-2:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
    ISO 12967-3:2009 Health informatics Service architecture Part 3: Computational viewpoint
    ISO/TS 14265:2011 Health Informatics - Classification of purposes for processing personal health information
    ISO/TS 14441:2013 Health informatics — Security and privacy requirements of EHR systems for use in conformity assessment
    ISO 22600-3:2014 Health informatics Privilege management and access control Part 3: Implementations
    EN ISO 10781:2015 Health Informatics - HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM) (ISO 10781:2015)
    EN ISO 13940:2016 Health informatics - System of concepts to support continuity of care (ISO 13940:2015)
    AAMI IEC TIR 80001-2-2 : 2012 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-2: GUIDANCE FOR THE DISCLOSURE AND COMMUNICATION OF MEDICAL DEVICE SECURITY NEEDS, RISKS AND CONTROLS
    UNE-EN ISO 13940:2016 Health informatics - System of concepts to support continuity of care (ISO 13940:2015)
    PD ISO/TR 14639-2:2014 Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model
    PD CEN ISO/TS 14441:2013 Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment
    BS EN ISO 22600-3:2014 Health informatics. Privilege management and access control Implementations
    PD ISO/TR 17522:2015 Health informatics. Provisions for health applications on mobile/smart devices
    I.S. EN ISO 22600-3:2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
    UNI EN ISO 12967-3 : 2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
    I.S. EN ISO 10781:2015 HEALTH INFORMATICS - HL7 ELECTRONIC HEALTH RECORDS-SYSTEM FUNCTIONAL MODEL, RELEASE 2 (EHR FM) (ISO 10781:2015)
    ISO/TR 14292:2012 Health informatics Personal health records Definition, scope and context
    ISO 13940:2015 Health informatics — System of concepts to support continuity of care
    ISO/HL7 10781:2015 Health Informatics — HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM)

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO 17090-1:2013 Health informatics Public key infrastructure Part 1: Overview of digital certificate services
    ISO/TS 22600-1:2006 Health informatics Privilege management and access control Part 1: Overview and policy management
    ISO 22857:2013 Health informatics — Guidelines on data protection to facilitate trans-border flows of personal health data
    ISO/TS 18308:2004 Health informatics Requirements for an electronic health record architecture
    EN 14822-2:2005 Health informatics - General purpose information components - Part 2: Non-clinical
    ISO/TS 21091:2005 Health informatics Directory services for security, communications and identification of professionals and patients
    ISO/TR 22221:2006 Health informatics - Good principles and practices for a clinical data warehouse
    ISO 27789:2013 Health informatics Audit trails for electronic health records
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    EN 14484:2003 Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy
    ENV 13608-2 : DRAFT 2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 2: SECURE DATA OBJECTS
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ENV 13608-3 : DRAFT 2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 3: SECURE DATA CHANNELS
    ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
    ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
    EN 14485:2003 Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive
    ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
    ENV 13608-1:2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
    ISO/TS 21298:2008 Health informatics Functional and structural roles
    ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective