This document:
— Specifies clinical information models (CIMs) as health and care concepts that can be used to define
and to structure information for various purposes in health care, also enabling information reuse;
— Describes requirements for CIMs content, structure and context and specification of their
data elements, data element relationships, meta-data and versioning, and provides guidance and
examples;
— Specifies key characteristics of CIMs used in conceptual and logical analysis for use cases such
as (reference) architectures, information layers, EHR and PHR systems, interoperability, systems
integration in the health domain, and secondary use of data including for public health reporting;
— Defines a Quality Management System (QMS) for a systematic and effective governance, quality
management, and measurement of CIMs through their lifecycle of development, testing, distribution,
application and maintenance;
— Provides principles for the transformation and application of clinical information models through
the wide variation of health information technology.
This document excludes:
— Requirements on the content or application of any particular clinical information model or clinical
information modelling methodology;
— Specific applications of clinical information models such as for dynamic modelling of workflow;
— Specifications for modelling entire domains or aggregates of many CIMs such as complete assessment
documents or discharge summaries. It does not specify CIMs compositions;
— Specification of how to involve specific clinicians, how to carry out governance including information
governance, or how to ensure patient safety.

  • Standard
    88 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    85 pages
    English language
    sale 10% off
    e-Library read for
    1 day

1.1 Purpose
This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformity to IEC 62443-4-1 - taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES.
[Fig. 1]
The purpose is to increase the information SECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves.
It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in IEC 81001-1.
This document excludes specification of ACCOMPANYING DOCUMENTATION contents.
1.2 Field of application
This document applies to the development and maintenance of HEALTH SOFTWARE by a MANUFACTURER, but recognizes the critical importance of bi-lateral communication with organizations (e.g. HDOs) who have SECURITY responsibilities for the HEALTH SOFTWARE and the systems it is incorporated into, once the software has been developed and released. The IEC/ISO 81001-5 series of standards (for which this is part 1, is therefore being designed to include future parts addressing SECURITY that apply to the implementation, operations and use phases of the LIFE CYCLE for organizations such as HDOs.
Medical device software is a subset of HEALTH SOFTWARE. Therefore, this document applies to:
− Software as part of a medical device;
− Software as part of hardware specifically intended for health use;
− Software as a medical device (SaMD); and
− Software-only PRODUCT for other health use.
Note: In this document, the scope of software considered part of the LIFE CYCLE ACTIVITIES for secure HEALTH SOFTWARE is larger and includes more software (drivers, platforms, operating systems) than for SAFETY, because for SECURITY the focus will be on any use including foreseeable unauthorized access rather than just the INTENDED USE.
[Fig. 2]
1.3 Conformance
HEALTH SOFTWARE conformance with this document is defined as implementing all of the PROCESSES, ACTIVITIES, and TASKS identified in the normative parts of this document - with the exception of Annex F.
Conformance of TRANSITIONAL HEALTH SOFTWARE with Annex F of this document is defined as only implementing the PROCESSES, ACTIVITIES, and TASKS identified in Annex F of this document.
Conformance is determined by inspection and establishing traceability of the PROCESSES, ACTIVITIES and TASKS required.
The quality management system may be implemented according to ISO 13485 or other equivalent quality management system standards.
IEC 62304 specifies ACTIVITIES, based on the software SAFETY classification. The required ACTIVITIES are indicated in the normative text of IEC 62304 as "[Class A, B, C]", "[Class B, C]" or "[Class C]", indicating that they are required selectively depending on the classification of the software to which they apply. The requirements in this document have a special focus on information SECURITY and therefore do not follow the concept of SAFETY classes. For conformity to this document the selection of ACTIVITIES is independent of SAFETY classes.
Implementing the PROCESSES, ACTIVITIES and TASKS specified in this document is sufficient to implement the PROCESS requirements of IEC 62443-4-1. MANUFACTURERS may implement the specifications for Annex E in order to achieve full conformity to IEC 62443-4-1.
This document requires establishing one or more PROCESSES that comprise of identified ACTIVITIES. The LIFE CYCLE PROCESSES shall implement these ACTIVITIES. None of the requirements in this document requires to implement these ACTIVITIES as one single PROCESS or as separate PROCESSES. The ACTIVITIES specified in this document will typically be part of an existing LIFE CYCLE PROCESS.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1 – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES. The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves. It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1. This document excludes specification of ACCOMPANYING DOCUMENTATION contents.

  • Draft
    52 pages
    English language
    sale 15% off

This document specifies general requirements for ORGANIZATIONS in the application of RISK
MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT
INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY
whilst engaging appropriate stakeholders.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines the configuration rules required for a hierarchical structure, directory naming rules, and content identifiers for files and documents containing healthcare information. Content can be expressed as ISO/HL7 27931:2009 (also known as HL7 Ver2.5) as the data format to store clinical data such as prescriptions, lab results, and disease classifications, but can also include other types of file-type such as XML, CDA, DOC/DOCX, PDF, XLS/XLSX, JPEG, MP4, etc. This document does not address the security and privacy attributes of the healthcare information being stored; these are considered implementation-specific.

  • Technical specification
    13 pages
    English language
    sale 15% off

This document specifies a common framework for audit trails for electronic health records (EHR), in
terms of audit trigger events and audit data, to keep the complete set of personal health information
auditable across information systems and domains.
It is applicable to systems processing personal health information that create a secure audit record
each time a user reads, creates, updates, or archives personal health information via the system.
NOTE Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care,
identify the function performed by the user (record creation, read, update, etc.), and record the date and time at
which the function was performed.
This document covers only actions performed on the EHR, which are governed by the access policy
for the domain where the electronic health record resides. It does not deal with any personal health
information from the electronic health record, other than identifiers, the audit record only containing
links to EHR segments as defined by the governing access policy.
It does not cover the specification and use of audit logs for system management and system
security purposes, such as the detection of performance problems, application flaw, or support for
a reconstruction of data, which are dealt with by general computer security standards such as ISO/
IEC 15408 (all parts)[9].
Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services

  • Standard
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    50 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies the requirements for medication safety alert systems and the topics which are
relevant to alert system vendors. This document applies to clinical decision support systems (CDSSs)
whether or not these are medical devices.
This document addresses:
— requirements for terminology used in medication safety alerts;
— requirements for choosing a knowledge base for medication safety alert systems;
— requirements for the proper functionality of CDSSs as related to medication safety alert systems;
— requirements for medication safety alert display;
— requirements for quality measurements to improve the effectiveness of medication safety alerts.
The following are out of the scope of this document:
— the development of content (rule-based knowledge base) for CDSS;
— the development of algorithms for generating medication safety alerts in CDSS;
— the development of alert processors for medication safety alerts in CDSS.

  • Technical specification
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies reliability assessment criteria for high-throughput gene-expression data. It is applicable to assessing the accuracy, reproducibility, and comparability of gene-expression data that are generated from microarray, next-generation sequencing, and other forms of high-throughput technologies. This document identifies the quality-related data for the process of the next-generation sequencing of RNA (RNA-seq). The sequencing platform covered by this document is limited to short-read sequencers. The use of RNA-seq for mutation detection and virus identification is outside of the scope of this document. This document is applicable to human health associated species such as human, cell lines, and preclinical animals. Other biological species are outside the scope of this document. From a biological point of view, expression profiles of all genetic sequences including genes, transcripts, isoforms, exons, and junctions are within the scope of this document

  • Technical specification
    11 pages
    English language
    sale 15% off
  • Draft
    11 pages
    English language
    sale 15% off

This document specifies the requirements for medication safety alert systems and the topics which are relevant to alert system vendors. This document applies to clinical decision support systems (CDSSs) whether or not these are medical devices. This document addresses: —   requirements for terminology used in medication safety alerts; —   requirements for choosing a knowledge base for medication safety alert systems; —   requirements for the proper functionality of CDSSs as related to medication safety alert systems; —   requirements for medication safety alert display; —   requirements for quality measurements to improve the effectiveness of medication safety alerts. The following are out of the scope of this document: —   the development of content (rule-based knowledge base) for CDSS; —   the development of algorithms for generating medication safety alerts in CDSS; —   the development of alert processors for medication safety alerts in CDSS.

  • Technical specification
    34 pages
    English language
    sale 15% off
  • Draft
    34 pages
    English language
    sale 15% off

This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains. It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system. NOTE      Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed. This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy. It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408 (all parts)[9]. Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services.

  • Standard
    46 pages
    English language
    sale 15% off
  • Standard
    50 pages
    French language
    sale 15% off
  • Draft
    46 pages
    English language
    sale 15% off
  • Draft
    52 pages
    French language
    sale 15% off

This document specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders. IEC 80001-1:2021 cancels and replaces the first edition published in 2010. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) structure changed to better align with ISO 31000; b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT; c) communication of the value, intention and purpose of RISK MANAGEMENT through principles that support preservation of the KEY PROPERTIES during the implementation and use of connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.

  • Draft
    31 pages
    English language
    sale 15% off

IEC 80001-1:2021 specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders.
IEC 80001-1:2021 cancels and replaces the first edition published in 2010. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) structure changed to better align with ISO 31000;
b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT;
c) communication of the value, intention and purpose of RISK MANAGEMENT through principles that support preservation of the KEY PROPERTIES during the implementation and use of connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.

  • Standard
    75 pages
    English and French language
    sale 15% off

This European Technical Specification will provide a set of requirements for developers of health and wellness apps, intending to meet the needs of health care professionals, patients, carers and the wider public. It will include a set of quality criteria and cover the app project life cycle, through the development, testing, releasing and updating of an app, including native, hybrid and web based apps, those apps associated with wearable, ambient and other health equipment and apps that are linked to other apps. It will also address fitness for purpose and the monitoring of usage. The specification will inform the development of health and wellness apps irrespective of whether they are placed in the market, and including free of charge.
The specification will not cover the processes or criteria that an app developer or publisher follow to establish whether a health and wellness app is subject to regulatory control (e.g. as a medical device, or related to information governance).

  • Technical specification
    87 pages
    English language
    sale 10% off
    e-Library read for
    1 day

Basically OML is the data exchanging format that is designed to facilitate exchanging the
omics data around the world without forcing to change any database schema.
- From Informatics side of view, OML is the data exchanging format based on XML. Here the
data exchanging format in the messaging and communication is in the scope, but the
database schema itself is out of the scope of this document.
- From biological side of view, all kinds of omics are in consideration and are in the scope of
this document, the genomic sequence variations and the whole genomic sequence are out of
the scope of this document.
- In otherwise, the annotations as clinical concerns and the relation with other omics concerns
are in the scope of this document.
- Though omics exist in various biological species, the scope of this document is in the
human health associated species as human, cell line, and preclinical animals. The other
biological species are out of the scope of this document.
- The clinical field is in the scope of this document, but the basic research fields and other
scientific fields are out of the scope of this document.
- Here the clinical trials including drug discovery is in the scope of this document. As for
supposed application fields, our main focus is in human health including clinical practice,
preventive medicine, translational research, and clinical researches.

  • Standard
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    93 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document is applicable to the data exchange format that is designed to facilitate exchanging omics data around the world without forcing changes of any database schema. This document specifies the characteristics of OML from the following perspectives. From an informatics perspective, OML defines the data exchange format based on XML. This document gives guidelines for the specifications of the data exchange format, but this document excludes the database schema itself. From a molecular side of view, this document is applicable to all kinds of omics data, while this document excludes the details of the molecules (e.g., details of genomic sequence variations or whole genomic sequence). This document is also applicable to the molecular annotations including clinical concerns and relations with other omics concerns. From an application side of view, this document is applicable to the clinical field including clinical practice, preventive medicine, translational research, and clinical research including drug discovery. This document does not apply to basic research and other scientific fields. From a biological species side of view, this document is applicable to the human health-associated species as human, preclinical animals, and cell lines. This document does not apply to the other biological species.

  • Standard
    46 pages
    English language
    sale 15% off
  • Standard
    48 pages
    French language
    sale 15% off
  • Draft
    48 pages
    English language
    sale 15% off

This document provides quality requirements for health apps and defines a health app quality label in order to visualize the quality and reliability of health apps. This document is applicable to health apps, which are a special form of health software. It covers the entire life cycle of health apps. This document is intended for use by app manufacturers as well as app assessment organizations in order to communicate the quality and reliability of a health app. Consumers, patients, carers, health care professionals and their organizations, health authorities, health insurers and the wider public can use the health app quality label and report when recommending or selecting a health app for use, or for adoption in care guidelines, care pathways and care contracts. NOTE 1Â Â Health apps can be subject to national legislation, such as for medical devices. NOTE 2Â Â See Annex C for additional details on the scope. Outside the scope of this document are guidelines to comply to the medical device regulation.

  • Technical specification
    78 pages
    English language
    sale 15% off
  • Draft
    76 pages
    English language
    sale 15% off

The document defines the data elements and their necessary metadata to implement a structured clinical gene fusion report whose data are generated by next generation sequencing technologies. This document —   describes the reporting guideline for RNA sequencing approaches focusing on detecting novel and known fusion partners, —   defines the required data fields and their metadata for a structured clinical gene fusion report, —   defines the optional data fields and their metadata, —   covers the fusion gene from human specimen using whole transcriptome sequencing by next generation sequencing technologies for clinical practice and translational research, —   does not cover the fusion gene detection using DNA sequencing methods, —   does not cover the basic research and other scientific areas, —   does not cover the other biological species, —   does not cover the Sanger sequencing methods, and —   does not cover the other structural variations. This document only defines the data elements and their metadata for the structured clinical sequencing report in electronic health records. Therefore, its layout can be designed based on the institutional decision if all elements are included as in this document.

  • Technical specification
    21 pages
    English language
    sale 15% off
  • Draft
    21 pages
    English language
    sale 15% off

This document provides processes that can be used to analyze the risks to the quality and safety of healthcare and continuity of care when telehealth services are used to support healthcare activities. Using risk management processes, quality objectives and procedures are derived which provide guidelines for the operations of telehealth services. These include but are not limited to the following domains: —   management of telehealth quality processes by the healthcare organization; —   strategic and operational process management relating to regulations, knowledge management (best practice) and guidelines; —   healthcare processes relating to people such as healthcare activities, planning, and responsibilities; —   management of financial resources to support telehealth services; —   management of information management and security used in telehealth services; —   processes related to the planning and provision of human resources, infrastructure, facilities and technology resources for use by telehealth services. This document provides a set of example guidelines containing quality objectives and procedures for each domain. Organizations can apply the quality and risk management processes described in Clauses 5 and 6 to develop quality objectives and procedures appropriate to the telehealth services they provide. This document does not provide guidance for the manufacture, assembly, configuration, interoperability or management of devices, products or technical systems. Annex A provides procedures for the implementation of telehealth services by a large organization. Annex B provides use cases for the application of quality planning guidelines in different types of real-world telehealth services.

  • Standard
    47 pages
    English language
    sale 15% off
  • Draft
    47 pages
    English language
    sale 15% off

This document describes the high-level concepts required for representation of 3D data in health information systems from a terminological perspective. It is intended to be used in analysing, developing and managing terminologies in HBPS. The use cases include clinical findings, disorders, problem lists and procedures. Topics considered in the scope of this document: —   description of terminological concepts for representation of 3D data for human body; —   establishing of the relationships needed for 3D data in terminological systems; —   use cases. Topics considered outside the scope of this document: —   3D data structure, implementation and software functionality.

  • Technical specification
    10 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off

This International Standard provides a model and framework for integrating different standards as well
as systems based on those specifications by supporting the use case specific identification and
consistent, formal representation including constraints of necessary components and their
relationships. It facilitates analysis and improvement of specifications under revision as well as the
design of new projects. The approach is future proof due to its scientific soundness, based on systems
theory, knowledge representation and knowledge management via ontology development and
harmonization, that way supporting advanced interoperability between dynamic, multi-domain systems
through knowledge and skills sharing in the context of intelligent cooperation. The approach is
successfully deployed in several standards such as ISO 22600, ISO 21298, ISO 13606, ISO 12967,
ISO 13940 and ISO 13972 (both under way), but also in most of the HL7 security specifications. The
intended International Standard adopts objectives, content and presentation style used in other
foundational standards such as ISO/IEC 10746, this way qualifying for a potential ISO/IEC 10746-6.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies the data element content and exchange format for tokens used in token-based health information sharing. It includes a) the data items that may be contained in a health information token (HI-TOKEN), b) the value representation for each data item, c) the exchange formats allowed for HI-TOKEN sharing (electronic, machine-readable symbol, print), and d) considerations when establishing governance policies specifying how HI-TOKENs can be used within a specific group of healthcare organizations. Provision is made for both physical media and electronic exchange media. This document addresses the overall conceptual architecture and process for token-based health information sharing, as well as the role of patients, referring healthcare facilities, referred healthcare service providers, and health research institutions. Provision is made for pseudonymization of patient data. This document only defines the specification of the HI-TOKEN used in token-based health information sharing. Data exchange / transport architectures, encryption methods, and specific governance policy requirements are outside the scope of this document.

  • Technical specification
    22 pages
    English language
    sale 15% off
  • Draft
    21 pages
    English language
    sale 15% off

This document specifies a heterogeneous format of neurophysiological waveform signals to support recording in a single persistent record package as well as interoperable exchange. The document focuses on electroencephalography (EEG) waveforms created during EEG examinations. Specific provision is made for sleep polysomnography examinations (PSG), brain death determination, evoked potentials (EP), and electromyography (EMG) studies. This document is intended for neurophysiology.

  • Technical specification
    34 pages
    English language
    sale 15% off
  • Draft
    32 pages
    English language
    sale 15% off

This document outlines the standards needed to identify and label the Subject of Care (SoC) and the
Individual Provider on objects such as identification (wrist) bands, identification tags or other objects,
to enable automatic data capture using data carriers in the care delivery process.
It provides for a unique SoC identification that can be used for other purposes, such as recording the
identity of the SoC in individual health records.
This document serves as a reference for any organization which plans to implement or improve
Automatic Identification and Data Capture (AIDC) in their delivery of care process. It is based on the
use of the GS1® system of standards. Other solutions, such as using other identification systems (for
example, systems based on ISBT 128), are possible but not addressed by this document.
This document describes good practices to reduce/avoid variation and workarounds which challenge
the efficiency of AIDC at the point of care and compromise patient safety[5][6].
This document specifies how to manage identifiers in the AIDC process, and completes the information
found in ISO/TS 22220 and ISO/TS 27527.

  • Standard
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines the core data set for a patient summary document that supports continuity of care for a person and coordination of their healthcare. It is specifically aimed at supporting the use case’ scenario for ‘unplanned, cross border care’ and is intended to be an international patient summary (IPS). Whilst the data set is minimal and non-exhaustive, it provides a robust, well-defined core set of data items. The tight focus on this use case also enables the IPS to be used in planned care. This means that both unplanned and planned care can be supported by this data set within local and national contexts, thereby increasing its utility and value. It uses the European Guideline from the eHN as the initial source for the patient summary requirements, then takes into consideration other international patient summary projects to provide an interoperable data set specification that has global application. This document provides an abstract definition of a Patient Summary from which derived models are implementable. Due to its nature therefore, readers should be aware that the compliance with this document does not imply automatic technical interoperability; this result, enabled by this document, can be reached with the conformity to standards indicated in the associated technical specification and implementation guides. This document does not cover the workflow processes of data entry, data collection, data summarization, subsequent data presentation, assimilation, or aggregation. Furthermore, this document does not cover the summarization act itself, i.e. the intelligence/skill/competence that results in the data summarization workflow. It is not an implementation guide that is concerned with the various technical layers beneath the application layer. Implementation guidance for specifically jurisdictional concerns, e.g. Directives, terminologies, formats, etc., an example is specified in the associated Technical Specification[3]. In particular, representation by various coding schemes, additional structures and terminologies are not part of this document. Terminology and its binding are addressed in Reference [3]. The Identification of Medicinal Products standards (abbreviated to IDMP) are the recommended target for the Medication Summary related to this document but, prior to IDMP’s full implementation in practice, this IPS standard cannot insist in its use at this point in time and recognizes that interim schemes might be necessary until IDMP becomes established as a norm.

  • Standard
    76 pages
    English language
    sale 15% off
  • Draft
    75 pages
    English language
    sale 15% off

This document enables the advancement of interoperability from the data/information exchange paradigm to knowledge sharing at decreasing level of abstraction, starting at IT concept level (semantic coordination) through business domain concept level (agreed service function level cooperation), domain level (cross-domain cooperation) up to individual context (skills-based end-user collaboration). The document defines a model and framework for a harmonized representation of existing or intended systems with a specific focus on ICT-supported business systems. The Interoperability and Integration Reference Architecture supports ontology harmonization or knowledge harmonization to enable interoperability between, and integration of, systems, standards and solutions at any level of complexity without the demand for continuously adapting/revising those specifications. The approach can be used for analysing, designing, integrating, and running any type of systems. For realizing advanced interoperability, flexible, scalable, business-controlled, adaptive, knowledge-based, intelligent health and social ecosystems need to follow a systems-oriented, architecture-centric, ontology-based and policy-driven approach. The languages for representing the different views on systems such as ontology languages like Common Logic (CL) (ISO/IEC 24707[24]) and Web Ontology Language (OWL)[25] – specifically OWL 2[26] (World Wide Web Consortium (W3C®), languages for modeling and integrating business processes like Business Process Modeling Language (BPML) (OMG®), but also OMG’s Unified Modeling Language (UML, also specified as ISO/IEC 19505[27]) based representation styles for the different ISO/IEC 10746 (all parts) views are outside the scope of this document. Â

  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    27 pages
    French language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off

This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning, as represented in Figure 1. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems. This document is applicable to all parties involved in the health software and health IT systems life cycle including the following: a) Organizations, health informatics professionals and clinical leaders designing, developing, integrating, implementing and operating health software and health IT systems – for example health software developers and medical device manufacturers, system integrators, system administrators (including cloud and other IT service providers); b) Healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services; c) Governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services; d) Organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management; e) Providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems; f) Developers of related safety, effectiveness and security standards.

  • Standard
    61 pages
    English language
    sale 15% off
  • Draft
    61 pages
    English language
    sale 15% off

This document provides an overview of security and privacy considerations for Electronic Health Records (EHR) in a cloud computing service that users can leverage when selecting a service provider.

  • Technical report
    54 pages
    English language
    sale 15% off
  • Draft
    58 pages
    English language
    sale 15% off

This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning, as represented in Figure 1. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems.
This document is applicable to all parties involved in the health software and health IT systems life cycle including the following:
a) Organizations, health informatics professionals and clinical leaders designing, developing, integrating, implementing and operating health software and health IT systems – for example health software developers and medical device manufacturers, system integrators, system administrators (including cloud and other IT service providers);
b) Healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services;
c) Governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services;
d) Organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management;
e) Providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems;
f) Developers of related safety, effectiveness and security standards.

  • Standard
    61 pages
    English language
    sale 15% off

This document lists examples of and defines categories of use cases for machine learning in medicine for clinical practice. The developments and applications of machine learning technologies for artificial intelligence consist of 1) data collection and curation, 2) pre-processing, 3) model training and validation, and 4) medicine depending on various kinds of specialty including radiology, pathology, emergency medicine, dermatology, ophthalmology, anaesthesia, surgery, etc., and clinical settings including repeated detection and/or diagnosis, real-time monitoring, and treatment prediction. This document covers categories applications of medicine in (4). It also defines the clinical usages and necessities of the artificial intelligence in medicine. (1) to (3) are not the scope of this document This document also excludes — basic research and other scientific areas, — use cases related to artificial intelligence methods other than machine learning (for example, symbolic artificial intelligence, expert systems), and — non-human results such as veterinary medicine.

  • Technical report
    14 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off

This document gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for certificate policies, as well as a structure for associated certification practice statements. This document also identifies the principles needed in a healthcare security policy for cross-border communication and defines the minimum levels of security required, concentrating on aspects unique to healthcare.

  • Standard
    34 pages
    English language
    sale 15% off
  • Draft
    34 pages
    English language
    sale 15% off

This document defines the basic concepts underlying the use of digital certificates in healthcare and provides a scheme of interoperability requirements to establish a digital certificate-enabled secure communication of health information. It also identifies the major stakeholders who are communicating health-related information, as well as the main security services required for health communication where digital certificates can be required. This document gives a brief introduction to public key cryptography and the basic components needed to deploy digital certificates in healthcare. It further introduces different types of digital certificates — identity certificates and associated attribute certificates for relying parties, self-signed certification authority (CA) certificates, and CA hierarchies and bridging structures.

  • Standard
    41 pages
    English language
    sale 15% off
  • Draft
    41 pages
    English language
    sale 15% off

This document gives a guideline for implementation of an ISMS by showing practical examples of risk analysis on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices or health information systems in order to protect both sides' information assets (primarily the information system itself and personal health data) in a safe and efficient (i.e. economical) manner. This document consists of: — application of ISMS to RMS; — security management measures for RMS; — an example of the evaluation and effectiveness based on the "controls" defined in the ISMS.

  • Technical report
    70 pages
    English language
    sale 15% off
  • Draft
    68 pages
    English language
    sale 15% off

This document outlines the standards needed to identify and label the Subject of Care (SoC) and the Individual Provider on objects such as identification (wrist) bands, identification tags or other objects, to enable automatic data capture using data carriers in the care delivery process. It provides for a unique SoC identification that can be used for other purposes, such as recording the identity of the SoC in individual health records. This document serves as a reference for any organization which plans to implement or improve Automatic Identification and Data Capture (AIDC) in their delivery of care process. It is based on the use of the GS1® system of standards. Other solutions, such as using other identification systems (for example, systems based on ISBT 128), are possible but not addressed by this document. This document describes good practices to reduce/avoid variation and workarounds which challenge the efficiency of AIDC at the point of care and compromise patient safety[5][6]. This document specifies how to manage identifiers in the AIDC process, and completes the information found in ISO/TS 22220 and ISO/TS 27527.

  • Standard
    51 pages
    English language
    sale 15% off
  • Standard
    56 pages
    French language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off

This document presents a methodology which supports and enables the development of standards based business and information architectures that contribute to good quality of healthcare and patient safety. The methodology is used to develop descriptions of healthcare enterprises from different aspects. Those aspects are covering what, how, where, who, when, why[1] and are based on standards.

  • Technical specification
    72 pages
    English language
    sale 15% off
  • Draft
    74 pages
    English language
    sale 15% off

This standard defines a nomenclature for communication of information from point-of-care medical
devices. Primary emphasis is placed on acute care medical devices and patient vital signs information. The
nomenclature also supports concepts in an object-oriented information model that is for medical device
communication.

  • Standard
    1066 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides guidelines on identification and labelling of medicinal products from the point
of manufacture of packaged medicinal product to the point of dispensing the product.
This document outlines best practice for AIDC barcoding solutions for applications. Users can, however,
consider the coding interoperability requirements for other AIDC technologies, e.g. Radio Frequency
Identification (RFID).

  • Technical specification
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies the fundamental characteristics of the information model implemented by
a specific architectural layer (i.e. the service architecture) of the information system to provide a
comprehensive and integrated storage of the common enterprise data and to support the fundamental
business processes of the healthcare organization, as defined in ISO 12967-1.
The information model is specified in this document without any explicit or implicit assumption on the
physical technologies, tools or solutions to adopt for its physical implementation in the various target
scenarios. The specification is nevertheless formal, complete and non-ambiguous enough to allow
implementers to derive an efficient design of the system in the specific technological environment that
will be selected for the physical implementation.
This document does not aim at representing a fixed, complete, specification of all possible data that can
be necessary for any requirement of any healthcare enterprise. It specifies only a set of characteristics,
in terms of overall organization and individual information objects, identified as fundamental and
common to all healthcare organizations, and that is satisfied by the information model implemented by
the service architecture.
Preserving consistency with the provisions of this document, physical implementations are allowed
extensions to the standard information model in order to support additional and local requirements.
Extensions include both the definition of additional attributes in the objects of the standard model, and
the implementation of entirely new objects.
Also, this document specification is extensible over time according to the evolution of the applicable
standardization initiatives.
The specification of extensions is carried out according to the methodology defined in ISO 12967-1:2020,
Clause 7.

  • Standard
    63 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides guidance and requirements for the description, planning and development of
new systems, as well as for the integration of existing information systems, both within one enterprise
and across different healthcare organizations, through an architecture integrating the common data
and business logic into a specific architectural layer (i.e. the middleware), distinct from individual
applications and accessible throughout the whole information system through services, as shown in
Figure 2.This document is also independent from, and does not imply either explicitly or implicitly, any specific
technological solution or product for its deployment. Accordingly, the formalization of the architecture
according to two lower levels of the ODP reference model, the engineering and technology viewpoints,
is outside the scope of this document.
The language and notations used here for specifying the architecture are based on UML (Unified
Modeling Language) complemented by case studies and other paradigms widely utilized by other
standards in health informatics. The level of the specification is complete and non-ambiguous enough to
allow its implementation into the specific physical and technological scenarios adopted by the various
healthcare organizations and vendors. Accordingly, methodology formalized by the Engineering and
Technology viewpoints of the RM ODP Reference Model can be followed for the implementation.

  • Standard
    78 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies the fundamental characteristics of the computational model implemented
by a specific architectural layer of the information system (i.e. the service architecture) to provide
a comprehensive and integrated interface to the common enterprise information and to support
the fundamental business processes of the healthcare organization, as defined in ISO 12967-1. The
computational model is specified without any explicit or implicit assumption about the physical
technologies, tools or solutions to adopt for its physical implementation in the various target scenarios.
The specification is nevertheless formal, complete and non-ambiguous enough to allow implementers to
derive an efficient design of the system in the specific technological environment which will be selected
for the physical implementation.
The computational model specified in this document provides the basis for ensuring consistency
between different engineering and technology specifications (including programming languages and
communication mechanisms) since they are intended to be consistent with the same computational
object model. This consistency allows open inter-working and portability of components in the resulting
implementation.
This document does not aim at representing a fixed, complete, specification of all possible interfaces
that might be necessary for any requirement of any healthcare enterprise. It specifies only a set of
characteristics — in terms of overall organization and individual computational objects, identified as
fundamental and common to all healthcare organizations, and that are satisfied by the computational
model implemented by the service architecture.
Preserving consistency with the provisions of this document, physical implementations of the
computational model specified in this document can allow extensions in order to support additional and
local requirements. Extensions can include both the definition of additional properties of the objects of
the computational model specified in this document and the implementation of entirely new objects.
Also, the computational model specified in this document can be extendable over time according to
the evolution of the applicable standardization initiatives, in accordance to the methodology defined
in ISO 12967-1:2020, Clause 7, which identifies a set of healthcare common information services,
describing the requirements behind them and the methodology through which they will be used.
The information services specified in this document are only the minimal set identifiable according
to the identified requirements of the healthcare enterprise, and constituting the service architecture
(i.e. the integration platform) to serve as the basis for healthcare applications, e.g. EHR or patient
administration.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document establishes the Reference Standards Portfolio (RSP) for the clinical imaging domain (as defined in Clause 4). An RSP lists the principle health information technology (HIT) standards that form the basis of implementing and deploying interoperable applications in the target domain. An RSP includes a description of the domain, a normative list of standards, and an informative framework for mapping the standards to example deployment use cases. The lists do not include standards that are specifically national in scope. The primary target audience for this document is policy makers (governmental or organizational), regulators, project planners and HIT managers. This document will also be of interest to other stakeholders such as equipment and HIT vendors, clinical and health information management (HIM) professionals and standards developers. The intended usage of this document is to inform decisions about selecting the standards that will form the basis of integration projects in geographic regions or healthcare organizations. For example: — What standards to use for capturing/encoding/exchanging certain types of information — What standards to use for interfaces between the devices and information systems that support information capture, management, exchange, processing and use — What standards to use for specific use cases/deployment scenarios The selected standards, and/or corresponding RSP clauses, might be useful when drafting project specifications.

  • Standard
    51 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off

This document provides guidance and requirements for the description, planning and development of new systems, as well as for the integration of existing information systems, both within one enterprise and across different healthcare organizations, through an architecture integrating the common data and business logic into a specific architectural layer (i.e. the middleware), distinct from individual applications and accessible throughout the whole information system through services, as shown in Figure 2.

  • Standard
    66 pages
    English language
    sale 15% off
  • Standard
    71 pages
    French language
    sale 15% off
  • Draft
    66 pages
    English language
    sale 15% off

This document specifies the fundamental characteristics of the computational model implemented by a specific architectural layer of the information system (i.e. the service architecture) to provide a comprehensive and integrated interface to the common enterprise information and to support the fundamental business processes of the healthcare organization, as defined in ISO 12967‑1. The computational model is specified without any explicit or implicit assumption about the physical technologies, tools or solutions to adopt for its physical implementation in the various target scenarios. The specification is nevertheless formal, complete and non-ambiguous enough to allow implementers to derive an efficient design of the system in the specific technological environment which will be selected for the physical implementation. The computational model specified in this document provides the basis for ensuring consistency between different engineering and technology specifications (including programming languages and communication mechanisms) since they are intended to be consistent with the same computational object model. This consistency allows open inter-working and portability of components in the resulting implementation. This document does not aim at representing a fixed, complete, specification of all possible interfaces that might be necessary for any requirement of any healthcare enterprise. It specifies only a set of characteristics — in terms of overall organization and individual computational objects, identified as fundamental and common to all healthcare organizations, and that are satisfied by the computational model implemented by the service architecture. Preserving consistency with the provisions of this document, physical implementations of the computational model specified in this document can allow extensions in order to support additional and local requirements. Extensions can include both the definition of additional properties of the objects of the computational model specified in this document and the implementation of entirely new objects. Also, the computational model specified in this document can be extendable over time according to the evolution of the applicable standardization initiatives, in accordance to the methodology defined in ISO 12967‑1:2020, Clause 7, which identifies a set of healthcare common information services, describing the requirements behind them and the methodology through which they will be used. The information services specified in this document are only the minimal set identifiable according to the identified requirements of the healthcare enterprise, and constituting the service architecture (i.e. the integration platform) to serve as the basis for healthcare applications, e.g. EHR or patient administration.

  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    35 pages
    French language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off

This document specifies the fundamental characteristics of the information model implemented by a specific architectural layer (i.e. the service architecture) of the information system to provide a comprehensive and integrated storage of the common enterprise data and to support the fundamental business processes of the healthcare organization, as defined in ISO 12967‑1. The information model is specified in this document without any explicit or implicit assumption on the physical technologies, tools or solutions to adopt for its physical implementation in the various target scenarios. The specification is nevertheless formal, complete and non-ambiguous enough to allow implementers to derive an efficient design of the system in the specific technological environment that will be selected for the physical implementation. This document does not aim at representing a fixed, complete, specification of all possible data that can be necessary for any requirement of any healthcare enterprise. It specifies only a set of characteristics, in terms of overall organization and individual information objects, identified as fundamental and common to all healthcare organizations, and that is satisfied by the information model implemented by the service architecture. Preserving consistency with the provisions of this document, physical implementations are allowed extensions to the standard information model in order to support additional and local requirements. Extensions include both the definition of additional attributes in the objects of the standard model, and the implementation of entirely new objects. Also, this document specification is extensible over time according to the evolution of the applicable standardization initiatives. The specification of extensions is carried out according to the methodology defined in ISO 12967-1:2020, Clause 7.

  • Standard
    54 pages
    English language
    sale 15% off
  • Standard
    55 pages
    French language
    sale 15% off
  • Draft
    55 pages
    English language
    sale 15% off

This document specifies the requirements for developing a knowledge base for drug-related problems
that cohere with the intended drug use, to be used in rule-based clinical decision support systems
(CDSS), such as the criteria for selecting a raw data source and the quality criteria for the development
and maintenance for the rules or clinical rules for drug safety. It also describes the process of how to
develop a knowledge base, the topics to be considered by the developers of a knowledge base, and it
gives guidance on how to do this.
This document gives guidelines for the development of a knowledge base:
— with rules to enhance decisions and actions in drug-related problems that cohere with the intended
drug use;
— which can be used by all kinds of healthcare professionals, such as those who prescribe, dispense,
administer or monitor medicines;
— which can be used in every care setting, including chronic and acute care, primary and
specialized care;
— which is a repository of evidence/practice bases rules, assessed by experts;
— which is meant to be used in conjunction with a medicinal product dictionary;
— whose knowledge is structured in rules and therefore to be used in the type of rule-based CDSS.
This document does not:
— describe the exact content of a knowledge base i.e. the outcome of the process of developing rules.
— provide the requirements for a clinical decision support system, the software that uses the
knowledge base combined with the patient’s data, and presents the outcome of the rules to the
healthcare professional. These requirements are described in ISO/DTS 227031).
— give the requirements for non-medication knowledge bases. Some aspects of the requirements in
this document are general in nature and applicable to other kinds of knowledge bases, but this
document does not address all of the requirements of non-medication knowledge bases.

  • Technical specification
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document supports interchangeability of digital signatures and the prevention of incorrect or illegal digital signatures by providing minimum requirements and formats for generating and verifying digital signatures and related certificates. This document describes the common technical, operational, and policy requirements that need to be addressed to enable digital certificates to be used in protecting the exchange of healthcare information within a single domain, between domains, and across jurisdictional boundaries. Its purpose is to create a platform for global interoperability. It specifically supports digital certificate enabled communication across borders but could also provide guidance for the national or regional deployment of digital certificates in healthcare. It defines the provable compliance with a PKI policy necessary in the domain of healthcare. This document specifies a method of adopting long-term signature formats to ensure integrity and non-repudiation in long-term electronic preservation of healthcare information. This document provides Healthcare specific PKI (HPKI) profiles of digital signature based on the ETSI Standard and the profile of the ISO/ETSI Standard specified in CAdES, XAdES, and PAdES.

  • Standard
    27 pages
    English language
    sale 15% off
  • Draft
    27 pages
    English language
    sale 15% off

This document identifies quality metrics for the detection of DNA variants using next generation sequencing (NGS) technology. It also defines the data types, relationships, optionality, cardinalities and terminology bindings of the data. This document provides a basis for sharing and for the application of "high quality" genomic data and contributes to the realization of the precision medicine and the development of relevant industries. This document is intended to serve as a catalogue of sequencing data elements used to address quality metrics for various clinical, industrial and commercial applications. The exchange of these data allows researchers, commercial entities, and regulatory bodies to assess for the purpose of selective utilization of the data by setting application-specific quality criteria This document is not intended for — sequencing methods other than NGS, such as the Sanger sequencing, — targets other than genome, such as transcriptome or proteome, or — specimens of species other than humans.

  • Technical specification
    15 pages
    English language
    sale 15% off
  • Draft
    15 pages
    English language
    sale 15% off

This document provides guidelines on identification and labelling of medicinal products from the point of manufacture of packaged medicinal product to the point of dispensing the product. This document outlines best practice for AIDC barcoding solutions for applications. Users can, however, consider the coding interoperability requirements for other AIDC technologies, e.g. Radio Frequency Identification (RFID).

  • Technical specification
    36 pages
    English language
    sale 15% off
  • Draft
    36 pages
    English language
    sale 15% off

This document specifies the requirements for developing a knowledge base for drug-related problems that cohere with the intended drug use, to be used in rule-based clinical decision support systems (CDSS), such as the criteria for selecting a raw data source and the quality criteria for the development and maintenance for the rules or clinical rules for drug safety. It also describes the process of how to develop a knowledge base, the topics to be considered by the developers of a knowledge base, and it gives guidance on how to do this. This document gives guidelines for the development of a knowledge base: — with rules to enhance decisions and actions in drug-related problems that cohere with the intended drug use; — which can be used by all kinds of healthcare professionals, such as those who prescribe, dispense, administer or monitor medicines; — which can be used in every care setting, including chronic and acute care, primary and specialized care; — which is a repository of evidence/practice bases rules, assessed by experts; — which is meant to be used in conjunction with a medicinal product dictionary; — whose knowledge is structured in rules and therefore to be used in the type of rule-based CDSS. This document does not: — describe the exact content of a knowledge base i.e. the outcome of the process of developing rules. — provide the requirements for a clinical decision support system, the software that uses the knowledge base combined with the patient's data, and presents the outcome of the rules to the healthcare professional. These requirements are described in ISO/DTS 22703[1]. — give the requirements for non-medication knowledge bases. Some aspects of the requirements in this document are general in nature and applicable to other kinds of knowledge bases, but this document does not address all of the requirements of non-medication knowledge bases. [1] Under preparation. Stage at the time of publication: ISO/DTS 22703.

  • Technical specification
    31 pages
    English language
    sale 15% off
  • Draft
    31 pages
    English language
    sale 15% off

This document specifies the common conventions required for the cart-to-host as well as cart-to-cart interchange of specific patient data (demographic, recording, ...), ECG signal data, ECG measurement and ECG interpretation results.
This document specifies the content and structure of the information which is to be interchanged between digital ECG carts and computer ECG management systems, as well as other computer systems where ECG data can be stored

  • Standard
    240 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines a nomenclature for communication of information from point-of-care medical devices. Primary emphasis is placed on acute care medical devices and patient vital signs information. The nomenclature also supports concepts in an object-oriented information model that is for medical device communication.

  • Standard
    1040 pages
    English language
    sale 15% off
  • Standard
    1163 pages
    French language
    sale 15% off
  • Draft
    1040 pages
    English language
    sale 15% off