DD ISO/TS 21547:2010
Current
The latest, up-to-date edition.
Health informatics. Security requirements for archiving of electronic health records. Principles
Hardcopy , PDF
English
31-03-2010
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 General
6 EHR-archive and eArchiving process
7 Environment of the EHR-archive
8 Policies and responsibilities
9 Security and privacy protection architecture
10 Security and privacy protection requirements for the
eArchiving process
Annex A (informative) - Framework for long-term archiving of
EHRs in Finland
Annex B (informative) - Framework for digital archiving of
health records in the UK
Annex C (informative) - Framework for digital archiving of
health records in Japan
Annex D (informative) - Framework for digital archiving of
health records in the USA - Rules and requirements
derived from HIPAA
Annex E (informative) - Comparison of ISO 15489-1 and
ISO/TS 21547 security requirements for archiving of
electronic health records
Annex F (normative) - Summary of normative requirements
Bibliography
Describes the basic principles needed to securely preserve health records in any format for the long term.
Committee |
IST/35
|
DevelopmentNote |
Reviewed and confirmed by BSI, August 2017. (08/2017)
|
DocumentType |
Standard
|
Pages |
90
|
PublisherName |
British Standards Institution
|
Status |
Current
|
The purpose of this Technical Specification is to define the basic principles needed to securely preserve health records in any format for the long term. It concentrates on previously documented healthcare-specific archiving problems. It also gives a brief introduction to general archiving principles. Unlike the traditional approach to standardization work, where the perspective is that of modelling, code sets and messages, this Technical Specification looks at archiving from the angle of document management and related privacy protection. The document management angle has traditionally been used in connection with patient records in paper form and it can also be applied to digitally stored documents. There are different architectural and technical ways to develop and implement long-term preservation of electronic health records. Archiving can be a function of the online record-keeping system, and we can have a separate independent archive or a federated one. Electronic health records are, in many cases, archived in the form of documents, but other technical solutions also exist.
In this Technical Specification archiving is understood to be a wider process than just the permanent preservation of selected records. Archiving of EHRs is a holistic process covering records maintenance, retention, disclosure and destruction when the record is not in active use. Archiving also includes tasks the EHR system should perform before the record is sent to the EHR-archive.
This Technical Specification defines architecture and technology-independent security requirements for the long-term preservation of EHRs having fixed content.
This Technical Specification and a complementary Technical Report, ISO/TR21548, concentrate on the security requirements (integrity, confidentiality, availability and accountability) necessary for ensuring adequate protection of health information in long-term digital preservation. This Technical Specification will also address privacy protection requirements for both the EHR and eArchiving systems used in the healthcare environment.
This Technical Specification defines functional security requirements for long-term archiving of EHRs, but the practical archiving models and technology required are outside the concept of this Technical Specification.
It is also outside of the Scope of this Technical Specification to comment on the following.
-
The creation, management and storage of active health records (records which can be modified, updated and accessed any time at the level of a single object or item) inside the EHR-system. However this Technical Specification defines responsibilities and tasks the EHR-system should undertake before it transfers an EHR to the electronic archive.
-
The content of information submission packets sent to the EHR-archive. However this Technical Specification defines security requirements for those packets.
-
Any storage structures used (such as DICOM, HL7 or XML) or metafile descriptions used (such as Dublin core or HL7 CDA header) in the eArchiving process.
-
Implementation of security services such as PKI, electronic signatures, etc.
-
Any of the storage times of EHRs or media applicable for their storage; rather, these will continue to be provided in accordance with national legislation.
Standards | Relationship |
ISO/TS 21547:2010 | Identical |
16/30330940 DC : 0 | BS 10010 - INFORMATION CLASSIFICATION, MARKING AND HANDLING (ICMH) - SPECIFICATION |
BS 10010:2017 | Information classification, marking and handling. Specification |
ISO/TS 22600-1:2006 | Health informatics Privilege management and access control Part 1: Overview and policy management |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/TS 18308:2004 | Health informatics Requirements for an electronic health record architecture |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/TR 18492:2005 | Long-term preservation of electronic document-based information |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/TR 15489-2:2001 | Information and documentation Records management Part 2: Guidelines |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO 19005-1:2005 | Document management Electronic document file format for long-term preservation Part 1: Use of PDF 1.4 (PDF/A-1) |
ASTM E 1769 : 1995 | Standard Guide for Properties of Electronic Health Records and Record Systems (Withdrawn 2004) |
ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
ISO/TS 22600-2:2006 | Health informatics Privilege management and access control Part 2: Formal models |
ISO/IEC 17799:2005 | Information technology Security techniques Code of practice for information security management |
ISO/TS 22600-3:2009 | Health informatics Privilege management and access control Part 3: Implementations |
ISO 23081-1:2017 | Information and documentation — Records management processes — Metadata for records — Part 1: Principles |
ISO/TR 21548:2010 | Health informatics Security requirements for archiving of electronic health records Guidelines |
ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
ISO/TR 15801:2017 | Document management — Electronically stored information — Recommendations for trustworthiness and reliability |
ISO 14721:2012 | Space data and information transfer systems — Open archival information system (OAIS) — Reference model |
ISO 15489-1:2016 | Information and documentation Records management Part 1: Concepts and principles |
ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.