BS ISO 22857:2013
Current
The latest, up-to-date edition.
Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data
Hardcopy , PDF
English
28-02-2014
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this International Standard
6 General principles and roles
7 Legitimising data transfer
8 Criteria for ensuring adequate data protection
with respect to the transfer of personal
health data
9 Security policy
10 High Level Security Policy: the content
11 Rationale and Observations on Measures to support
Principle Ten concerning security of processing
12 Personal health data in non-electronic form
Annex A (informative) - Key primary international
documents on data protection
Annex B (informative) - National documented
requirements and legal provisions in a
range of countries
Annex C (informative) - Exemplar contract clauses:
Controller to controller
Annex D (informative) - Exemplar contract clauses:
Controller to processor
Annex E (informative) - Handling very sensitive
personal health data
Bibliography
Specifies guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.
Committee |
IST/35
|
DevelopmentNote |
Supersedes 11/30192880 DC. (02/2014)
|
DocumentType |
Standard
|
Pages |
70
|
PublisherName |
British Standards Institution
|
Status |
Current
|
Supersedes |
This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.
It does not require the harmonization of existing national or jurisdictional standards, legislation or regulations. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles.
This International Standard covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles.
Where a multilateral treaty between a number of countries has been agreed (e.g. the EU Data Protection Directive), the terms of that treaty will take precedence.
This International Standard aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country/jurisdiction.
This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application, legal advice appropriate to that application can be sought.
National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries/jurisdictions may have some more stringent and particular requirements.
Standards | Relationship |
ISO 22857:2013 | Identical |
ISO 17090-1:2013 | Health informatics Public key infrastructure Part 1: Overview of digital certificate services |
ISO/TS 25237:2008 | Health informatics Pseudonymization |
ISO/TS 22600-1:2006 | Health informatics Privilege management and access control Part 1: Overview and policy management |
ISO/TS 14265:2011 | Health Informatics - Classification of purposes for processing personal health information |
ISO 17090-2:2015 | Health informatics Public key infrastructure Part 2: Certificate profile |
ISO 27789:2013 | Health informatics Audit trails for electronic health records |
ISO 21091:2013 | Health informatics — Directory services for healthcare providers, subjects of care and other entities |
ISO 17090-3:2008 | Health informatics Public key infrastructure Part 3: Policy management of certification authority |
ISO/TS 22600-2:2006 | Health informatics Privilege management and access control Part 2: Formal models |
ISO/TS 22600-3:2009 | Health informatics Privilege management and access control Part 3: Implementations |
ISO/TS 21298:2008 | Health informatics Functional and structural roles |
ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.