• Shopping Cart
    There are no items in your cart

BS ISO 22857:2013

Current

Current

The latest, up-to-date edition.

Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

28-02-2014

€322.53
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this International Standard
6 General principles and roles
7 Legitimising data transfer
8 Criteria for ensuring adequate data protection
   with respect to the transfer of personal
   health data
9 Security policy
10 High Level Security Policy: the content
11 Rationale and Observations on Measures to support
   Principle Ten concerning security of processing
12 Personal health data in non-electronic form
Annex A (informative) - Key primary international
        documents on data protection
Annex B (informative) - National documented
        requirements and legal provisions in a
        range of countries
Annex C (informative) - Exemplar contract clauses:
        Controller to controller
Annex D (informative) - Exemplar contract clauses:
        Controller to processor
Annex E (informative) - Handling very sensitive
        personal health data
Bibliography

Specifies guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.

Committee
IST/35
DevelopmentNote
Supersedes 11/30192880 DC. (02/2014)
DocumentType
Standard
Pages
70
PublisherName
British Standards Institution
Status
Current
Supersedes

This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.

It does not require the harmonization of existing national or jurisdictional standards, legislation or regulations. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles.

This International Standard covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles.

Where a multilateral treaty between a number of countries has been agreed (e.g. the EU Data Protection Directive), the terms of that treaty will take precedence.

This International Standard aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country/jurisdiction.

This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application, legal advice appropriate to that application can be sought.

National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries/jurisdictions may have some more stringent and particular requirements.

Standards Relationship
ISO 22857:2013 Identical

ISO 17090-1:2013 Health informatics Public key infrastructure Part 1: Overview of digital certificate services
ISO/TS 25237:2008 Health informatics Pseudonymization
ISO/TS 22600-1:2006 Health informatics Privilege management and access control Part 1: Overview and policy management
ISO/TS 14265:2011 Health Informatics - Classification of purposes for processing personal health information
ISO 17090-2:2015 Health informatics Public key infrastructure Part 2: Certificate profile
ISO 27789:2013 Health informatics Audit trails for electronic health records
ISO 21091:2013 Health informatics — Directory services for healthcare providers, subjects of care and other entities
ISO 17090-3:2008 Health informatics Public key infrastructure Part 3: Policy management of certification authority
ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
ISO/TS 21298:2008 Health informatics Functional and structural roles
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.