• There are no items in your cart

DD ISO/TS 21547:2010

Current

Current

The latest, up-to-date edition.

Health informatics. Security requirements for archiving of electronic health records. Principles

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-03-2010

€348.24
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 General
6 EHR-archive and eArchiving process
7 Environment of the EHR-archive
8 Policies and responsibilities
9 Security and privacy protection architecture
10 Security and privacy protection requirements for the
   eArchiving process
Annex A (informative) - Framework for long-term archiving of
        EHRs in Finland
Annex B (informative) - Framework for digital archiving of
        health records in the UK
Annex C (informative) - Framework for digital archiving of
        health records in Japan
Annex D (informative) - Framework for digital archiving of
        health records in the USA - Rules and requirements
        derived from HIPAA
Annex E (informative) - Comparison of ISO 15489-1 and
        ISO/TS 21547 security requirements for archiving of
        electronic health records
Annex F (normative) - Summary of normative requirements
Bibliography

Describes the basic principles needed to securely preserve health records in any format for the long term.

Committee
IST/35
DevelopmentNote
Reviewed and confirmed by BSI, August 2017. (08/2017)
DocumentType
Standard
Pages
90
PublisherName
British Standards Institution
Status
Current

The purpose of this Technical Specification is to define the basic principles needed to securely preserve health records in any format for the long term. It concentrates on previously documented healthcare-specific archiving problems. It also gives a brief introduction to general archiving principles. Unlike the traditional approach to standardization work, where the perspective is that of modelling, code sets and messages, this Technical Specification looks at archiving from the angle of document management and related privacy protection. The document management angle has traditionally been used in connection with patient records in paper form and it can also be applied to digitally stored documents. There are different architectural and technical ways to develop and implement long-term preservation of electronic health records. Archiving can be a function of the online record-keeping system, and we can have a separate independent archive or a federated one. Electronic health records are, in many cases, archived in the form of documents, but other technical solutions also exist.

In this Technical Specification archiving is understood to be a wider process than just the permanent preservation of selected records. Archiving of EHRs is a holistic process covering records maintenance, retention, disclosure and destruction when the record is not in active use. Archiving also includes tasks the EHR system should perform before the record is sent to the EHR-archive.

This Technical Specification defines architecture and technology-independent security requirements for the long-term preservation of EHRs having fixed content.

This Technical Specification and a complementary Technical Report, ISO/TR21548, concentrate on the security requirements (integrity, confidentiality, availability and accountability) necessary for ensuring adequate protection of health information in long-term digital preservation. This Technical Specification will also address privacy protection requirements for both the EHR and eArchiving systems used in the healthcare environment.

This Technical Specification defines functional security requirements for long-term archiving of EHRs, but the practical archiving models and technology required are outside the concept of this Technical Specification.

It is also outside of the Scope of this Technical Specification to comment on the following.

  • The creation, management and storage of active health records (records which can be modified, updated and accessed any time at the level of a single object or item) inside the EHR-system. However this Technical Specification defines responsibilities and tasks the EHR-system should undertake before it transfers an EHR to the electronic archive.

  • The content of information submission packets sent to the EHR-archive. However this Technical Specification defines security requirements for those packets.

  • Any storage structures used (such as DICOM, HL7 or XML) or metafile descriptions used (such as Dublin core or HL7 CDA header) in the eArchiving process.

  • Implementation of security services such as PKI, electronic signatures, etc.

  • Any of the storage times of EHRs or media applicable for their storage; rather, these will continue to be provided in accordance with national legislation.

Standards Relationship
ISO/TS 21547:2010 Identical

16/30330940 DC : 0 BS 10010 - INFORMATION CLASSIFICATION, MARKING AND HANDLING (ICMH) - SPECIFICATION
BS 10010:2017 Information classification, marking and handling. Specification

ISO/TS 22600-1:2006 Health informatics Privilege management and access control Part 1: Overview and policy management
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/TS 18308:2004 Health informatics Requirements for an electronic health record architecture
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/TR 18492:2005 Long-term preservation of electronic document-based information
ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/TR 15489-2:2001 Information and documentation Records management Part 2: Guidelines
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO 19005-1:2005 Document management Electronic document file format for long-term preservation Part 1: Use of PDF 1.4 (PDF/A-1)
ASTM E 1769 : 1995 Standard Guide for Properties of Electronic Health Records and Record Systems (Withdrawn 2004)
ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management
ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
ISO 23081-1:2017 Information and documentation — Records management processes — Metadata for records — Part 1: Principles
ISO/TR 21548:2010 Health informatics Security requirements for archiving of electronic health records Guidelines
ENV 13608-1:2000 Health informatics - Security for healthcare communication - Part 1: Concepts and terminology
ISO/TR 15801:2017 Document management — Electronically stored information — Recommendations for trustworthiness and reliability
ISO 14721:2012 Space data and information transfer systems — Open archival information system (OAIS) — Reference model
ISO 15489-1:2016 Information and documentation Records management Part 1: Concepts and principles
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.