Health Informatics - Classification of purposes for processing personal health information (ISO/TS 14265:2011)

ISO/TS 14265:2011 defines a set of high-level categories of purposes for which personal health information can be processed. This is in order to provide a framework for classifying the various specific purposes that can be defined and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and for the communication of electronic health records across organizational and jurisdictional boundaries.  
The scope of application of ISO/TS 14265:2011 is limited to Personal Health Information as defined in ISO 27799, information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual.

Medizinische Informatik - Klassifikation des Zwecks zur Verarbeitung von persönlichen Gesundheitsinformationen (ISO/TS 14265:2011)

Diese Technische Spezifikation legt eine Reihe von Kategorien höchster Ebene für die Zwecke fest, für die persönliche Gesundheitsinformationen verarbeitet, d. h. erfasst, genutzt, gespeichert, abgefragt, ausgewertet, erstellt, verknüpft, übermittelt, offengelegt oder aufbewahrt werden dürfen. Ihr Ziel ist, ein Rahmenwerk für die Klassifikation der verschiedenen speziellen Zwecke zur Verfügung zu stellen, die in den Geltungsbereichen der einzelnen Richtlinien festgelegt und angewendet werden können (z. B. von Organisationen der Gesund-heitsversorgung, regionalen Gesundheitsbehörden, Zuständigkeitsbereichen, Ländern), um die gleichblei-bende Verwaltung der Informationen bei der Erbringung von Dienstleistungen im Gesundheitswesen und für die Übermittlung elektronischer Patientenakten über die Grenzen von Organisationen und Zuständigkeits-bereichen hinweg zu unterstützen. Der Anwendungsbereich dieser Technischen Spezifikation ist beschränkt auf persönliche Gesundheitsinfor-mationen (en: Personal Health Information, PHI) nach der Definition in ISO 27799 und auf Informationen über eine identifizierbare Person, die sich auf deren körperliche oder geistige Gesundheit oder die Erbringung von Gesundheitsdienstleistungen für diese Person beziehen. Zu diesen Informationen können die folgenden gehö-ren:
- Informationen über die Registrierung der Person für die Erbringung von Gesundheitsdienstleistungen;
- Informationen über Zahlungen oder die Anspruchsberechtigung der betreffenden Person für Gesund-heitsmaßnahmen;
- Zahlen, Symbole oder spezielle Codes, die der betreffenden Person zugeordnet sind, um diese für Gesundheitszwecke eindeutig zu identifizieren;
- alle Informationen über die Person, die im Verlauf der Erbringung von Gesundheitsdienstleistungen für diese Person erfasst werden;
- Informationen, die aus der Untersuchung eines Körperteils oder einer biologischen Probe abgeleitet wurden;  Identifikation einer Person, z. B. eines Heilberuflers, als Erbringer von Gesundheitsdienstleistungen der betreffenden Person gegenüber. Die vorliegende Technische Spezifikation legt zwar nicht die Gesamtheit derartiger Zwecke fest, stellt aber ein gemeinsames Abbildungsziel zur Überbrückung der Kluft zwischen den unterschiedlichen nationalen Listen zur Verfügung mit dem Ziel, die genehmigten automatisierten grenzüberschreitenden Ströme von elektroni-schen Patientenaktendaten zu unterstützen. Ziel dieser Technischen Spezifikation ist nicht, die Nutzung von nicht personenbezogenen Gesundheitsinfor-mationen zu reglementieren. Da jedoch die Anonymisierung oder Entpersonalisierung von Daten eine Bedin-gung für die weitere Nutzung oder für neue Verwendungszwecke sein kann, kann ein festgelegter Daten-zweck für die Nutzung sogar entpersonalisierter oder anonymisierter Daten nach der Richtlinie oder dem Gesetz eines bestimmten Zuständigkeitsbereiches gefordert sein. Unwiderruflich entpersonalisierte Gesundheitsdaten fallen formell nicht in den Anwendungsbereich dieser Technischen Spezifikation. Da die Entpersonalisierungsprozesse jedoch häufig ein gewisses Maß an Umkehr-barkeit einschließen, kann sie, wann immer zweckmäßig, auch für die Offenlegung von entpersonalisierten Gesundheitsdaten herangezogen werden.

Informatique de santé - Classification des besoins pour le traitement des informations de santé personnelles (ISO/TS 14265:2011)

Zdravstvena informatika - Klasifikacija namenov za obdelavo osebnih zdravstvenih informacij (ISO/TS 14265:2011)

General Information

Status
Withdrawn
Publication Date
29-Oct-2013
Withdrawal Date
16-Jan-2024
Current Stage

Relations

Buy Standard

Technical specification
TS CEN ISO/TS 14265:2014
English language
24 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-marec-2014
Zdravstvena informatika - Klasifikacija namenov za obdelavo osebnih zdravstvenih
informacij (ISO/TS 14265:2011)
Health Informatics - Classification of purposes for processing personal health information
(ISO/TS 14265:2011)
Medizinische Informatik - Klassifikation des Zwecks zur Verarbeitung von persönlichen
Gesundheitsinformationen (ISO/TS 14265:2011)
Informatique de santé - Classification des besoins pour le traitement des informations de
santé personnelles (ISO/TS 14265:2011)
Ta slovenski standard je istoveten z: CEN ISO/TS 14265:2013
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION
CEN ISO/TS 14265
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
October 2013
ICS 35.240.80
English Version
Health Informatics - Classification of purposes for processing
personal health information (ISO/TS 14265:2011)
Informatique de santé - Classification des besoins pour le Medizinische Informatik - Klassifikation des Zwecks zur
traitement des informations de santé personnelles (ISO/TS Verarbeitung von persönlichen Gesundheitsinformationen
14265:2011) (ISO/TS 14265:2011)
This Technical Specification (CEN/TS) was approved by CEN on 25 June 2012 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TS 14265:2013 E
worldwide for CEN national Members.

Contents Page
Foreword .3

Foreword
The text of ISO/TS 14265:2011 has been prepared by Technical Committee ISO/TC 215 “Health informatics”
of the International Organization for Standardization (ISO) and has been taken over as CEN ISO/TS
14265:2013 by Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by
NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Endorsement notice
The text of ISO/TS 14265:2011 has been approved by CEN as CEN ISO/TS 14265:2013 without any
modification.
TECHNICAL ISO/TS
SPECIFICATION 14265
First edition
2011-11-01
Health informatics — Classification of
purposes for processing personal health
information
Informatique de santé — Classification des besoins pour le traitement
des informations de santé personnelles

Reference number
ISO/TS 14265:2011(E)
©
ISO 2011
ISO/TS 14265:2011(E)
©  ISO 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2011 – All rights reserved

ISO/TS 14265:2011(E)
Contents Page
Foreword . iv
0  Introduction . v
0.1  Rationale . v
0.2  Background . v
0.3  Context for defining data purposes . vi
1  Scope . 1
2  Terms and definitions . 2
3  Abbreviated terms . 4
4  Conformance . 4
5  Context . 4
6  Terminology for classifying purposes for processing personal health information . 5
Annex A (informative) Examples . 7
Bibliography . 13

ISO/TS 14265:2011(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
 an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
 an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is
confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an
International Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 14265 was prepared by Technical Committee ISO/TC 215, Health informatics.
iv © ISO 2011 – All rights reserved

ISO/TS 14265:2011(E)
0 Introduction
0.1 Rationale
A fundamental principle underlying the use of personal health data is that it is essential to know the purposes
for which data was originally collected and that all subsequent processing activities be the same as, or
consistent with, the original purpose. This principle, when applied in conjunction with a standardized list of
purposes, forms the foundation for a correspondence of permitted purpose between different users, systems,
organizations or policy domains who might need to share personal health information.
Interoperability standards, and their progressive adoption by e-health programmes, are expanding the
capacity for organizations to exchange health data. For this to occur on a wide scale, the majority of decisions
regarding requests for health data will need to take place automatically. In order that data processing activities
(collection, storage, access, analysis, linkage, communication, disclosure and retention) are appropriate, it is
important that policies are defined in fully computable ways that are themselves interoperable. Interoperable
policies will enable requests between heterogeneous systems and services to be evaluated consistently. In
order for automatic processing policies to be defined and operationalized, it is important that governance
structures, processes and rules are applied to the design of information and information technology at an
enterprise or inter-enterprise level through a number of administrative mechanisms. These mechanisms
include enterprise architecture/frameworks, standards, strategy, procedures, laws, regulations, principles and
policy, and include operational controls such as committees, budgets, plans, and responsibility agreements
(e.g. information sharing agreements, service level agreements and contracts). It is recognized that not all
disclosures will take place automatically, and that individual (human) decisions will at times be made, taking
policies and governance arrangements into account.
For ethical and legal reasons, it is normally the case that information is used only for the purpose for which it
was collected or created. This purpose can be specified explicitly and consented to. Consent to use data for a
particular purpose can also be implied, although it is almost always a requirement that the purposes be
declared.
Where data are intended for further and different purposes, a new purpose can require a new consent. For
example, in some jurisdictions, data collected for health care cannot automatically be used for research, nor
information collected for research used for care, without obtaining new consent. Knowing the purpose for
which access to information is intended is essential in order to determine if access to data for processing
activities are appropriate.
Increasingly, this problem has become not only one of determining that a user has permission to access
particular items of information but also that the user has permission to use them for a specified purpose. It is
therefore essential to ensure that the context within which access and use is asserted is the correct one.
Purpose (or use, purpose of use, or context of use) when clearly defined, helps to ensure that access to
protected information items is granted to properly authorized users under a specific, appropriate and
unambiguous policy. The explicit declaration of intended purpose prior to being granted access also helps to
ensure that users understand that such access does not imply that use is also permitted for other undeclared,
inconsistent purposes. Purpose of use helps bring clarity to situations where there are multiple and potentially
conflicting contextually sensitive policies for identical users' access to identical information items.
0.2 Background
ISO/TS 22600-1 defines a generic architectural approach for policy services, and a generic framework for
defining policies in a formal way. However, like any generic architecture, a structural framework to support
policy interoperability has to be instantiated for use. A policy domain needs also to specify which information
properties they wish to take into account when making processing decisions. They need to specify a high level
policy model containing those properties, to which all instances
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.