DD ISO/TS 21547:2010

Current

Current The latest, up-to-date edition.

Health informatics. Security requirements for archiving of electronic health records. Principles

Available format(s): Hardcopy, PDF

Language(s): English

Published date: 31-03-2010

Publisher: British Standards Institution

Table of Contents - (Show below) - (Hide below)

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 General
6 EHR-archive and eArchiving process
7 Environment of the EHR-archive
8 Policies and responsibilities
9 Security and privacy protection architecture
10 Security and privacy protection requirements for the
   eArchiving process
Annex A (informative) - Framework for long-term archiving of
        EHRs in Finland
Annex B (informative) - Framework for digital archiving of
        health records in the UK
Annex C (informative) - Framework for digital archiving of
        health records in Japan
Annex D (informative) - Framework for digital archiving of
        health records in the USA - Rules and requirements
        derived from HIPAA
Annex E (informative) - Comparison of ISO 15489-1 and
        ISO/TS 21547 security requirements for archiving of
        electronic health records
Annex F (normative) - Summary of normative requirements
Bibliography

Abstract - (Show below) - (Hide below)

Describes the basic principles needed to securely preserve health records in any format for the long term.

Scope - (Show below) - (Hide below)

The purpose of this Technical Specification is to define the basic principles needed to securely preserve health records in any format for the long term. It concentrates on previously documented healthcare-specific archiving problems. It also gives a brief introduction to general archiving principles. Unlike the traditional approach to standardization work, where the perspective is that of modelling, code sets and messages, this Technical Specification looks at archiving from the angle of document management and related privacy protection. The document management angle has traditionally been used in connection with patient records in paper form and it can also be applied to digitally stored documents. There are different architectural and technical ways to develop and implement long-term preservation of electronic health records. Archiving can be a function of the online record-keeping system, and we can have a separate independent archive or a federated one. Electronic health records are, in many cases, archived in the form of documents, but other technical solutions also exist.

In this Technical Specification archiving is understood to be a wider process than just the permanent preservation of selected records. Archiving of EHRs is a holistic process covering records maintenance, retention, disclosure and destruction when the record is not in active use. Archiving also includes tasks the EHR system should perform before the record is sent to the EHR-archive.

This Technical Specification defines architecture and technology-independent security requirements for the long-term preservation of EHRs having fixed content.

This Technical Specification and a complementary Technical Report, ISO/TR21548, concentrate on the security requirements (integrity, confidentiality, availability and accountability) necessary for ensuring adequate protection of health information in long-term digital preservation. This Technical Specification will also address privacy protection requirements for both the EHR and eArchiving systems used in the healthcare environment.

This Technical Specification defines functional security requirements for long-term archiving of EHRs, but the practical archiving models and technology required are outside the concept of this Technical Specification.

It is also outside of the Scope of this Technical Specification to comment on the following.

The creation, management and storage of active health records (records which can be modified, updated and accessed any time at the level of a single object or item) inside the EHR-system. However this Technical Specification defines responsibilities and tasks the EHR-system should undertake before it transfers an EHR to the electronic archive.
The content of information submission packets sent to the EHR-archive. However this Technical Specification defines security requirements for those packets.
Any storage structures used (such as DICOM, HL7 or XML) or metafile descriptions used (such as Dublin core or HL7 CDA header) in the eArchiving process.
Implementation of security services such as PKI, electronic signatures, etc.
Any of the storage times of EHRs or media applicable for their storage; rather, these will continue to be provided in accordance with national legislation.

General Product Information - (Show below) - (Hide below)

Committee	IST/35
Development Note	Reviewed and confirmed by BSI, August 2017. (08/2017)
Document Type	Standard
ISBN
Pages
Published
Publisher	British Standards Institution
Status	Current

International Equivalents – Equivalent Standard(s) & Relationship - (Show below) - (Hide below)

Equivalent Standard(s)	Relationship
ISO/TS 21547:2010	Identical

Standards Referenced By This Book - (Show below) - (Hide below)

16/30330940 DC : 0	BS 10010 - INFORMATION CLASSIFICATION, MARKING AND HANDLING (ICMH) - SPECIFICATION
BS 10010:2017	Information classification, marking and handling. Specification

Standards Referencing This Book - (Show below) - (Hide below)

ISO/TS 22600-1:2006	Health informatics Privilege management and access control Part 1: Overview and policy management
ISO/IEC 27001:2013	Information technology — Security techniques — Information security management systems — Requirements
ISO/TS 18308:2004	Health informatics Requirements for an electronic health record architecture
ISO/IEC 27002:2013	Information technology Security techniques Code of practice for information security controls
ISO/TR 18492:2005	Long-term preservation of electronic document-based information
ISO/IEC 10181-1:1996	Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/TR 15489-2:2001	Information and documentation Records management Part 2: Guidelines
ISO 7498-2:1989	Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO 19005-1:2005	Document management Electronic document file format for long-term preservation Part 1: Use of PDF 1.4 (PDF/A-1)
ASTM E 1769 : 1995	Standard Guide for Properties of Electronic Health Records and Record Systems (Withdrawn 2004)
ISO/IEC 2382-8:1998	Information technology Vocabulary Part 8: Security
ISO/TS 22600-2:2006	Health informatics Privilege management and access control Part 2: Formal models
ISO/IEC 17799:2005	Information technology Security techniques Code of practice for information security management
ISO/TS 22600-3:2009	Health informatics Privilege management and access control Part 3: Implementations
ISO 23081-1:2017	Information and documentation — Records management processes — Metadata for records — Part 1: Principles
ISO/TR 21548:2010	Health informatics Security requirements for archiving of electronic health records Guidelines
ENV 13608-1:2000	HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
ISO/TR 15801:2017	Document management — Electronically stored information — Recommendations for trustworthiness and reliability
ISO 14721:2012	Space data and information transfer systems — Open archival information system (OAIS) — Reference model
ISO 15489-1:2016	Information and documentation Records management Part 1: Concepts and principles
ISO 27799:2016	Health informatics Information security management in health using ISO/IEC 27002

Categories associated with this Standard - (Show below) - (Hide below)

Sub-Categories associated with this Standard - (Show below) - (Hide below)

Add To Cart

Product Format

Quantity

Buy now

Add to cart

Create account