ISO/TR 14292:2012

TECHNICAL ISO/TR
REPORT 14292
First edition
2012-03-15
Health informatics — Personal health
records — Definition, scope and context
Informatique de santé — Dossiers de santé personnels — Définition,
domaine d’application et contexte
Reference number
ISO/TR 14292:2012(E)
©
ISO 2012

---------------------- Page: 1 ----------------------
ISO/TR 14292:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TR 14292:2012(E)
Contents Page
Foreword .iv
Introduction . v
1  Scope . 1
2  Terms and definitions . 1
3 Abbreviations . 5
4  Definition of a PHR . 5
4.1  Definition . 5
4.2  Explanation of the definition . 5
5  Scope of the PHR . 6
5.1  PHR Dimension 1: Scope of the information . 6
5.2 PHR Dimension 2: Control over the information . 7
5.3  PHR Dimension 3: Data processor . 7
5.4  PHR Dimension 4: Repository auditability . 8
5.5  PHR Dimension 5: Interoperability and communication . 8
5.6 PHR Dimension 6: Technical architecture . 9
6  Context of the PHR.10
6.1 Origins .10
6.2 Engagement with healthcare services .10
Annex A (informative) Published definitions of the PHR .13
Annex B (informative) Relationship of this Technical Report to the  HL7 PHR System
Functional Model .18
Bibliography .20
© ISO 2012 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TR 14292:2012(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In exceptional circumstances, when a technical committee has collected data of a different kind from that
which is normally published as an International Standard (“state of the art”, for example), it may decide by a
simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely
informative in nature and does not have to be reviewed until the data it provides are considered to be no longer
valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TR 14292 was prepared by Technical Committee ISO/TC 215, Health informatics.
iv © ISO 2012 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TR 14292:2012(E)
Introduction
Personal health records (PHRs) are by their very nature hard to define. In order to understand the breadth and
depth of PHRs, it might be helpful to consider PHRs and clinical electronic health records (EHRs) as being
positioned at two opposing ends of a spectrum of health records (see Figure 1). A PHR could be defined as the
direct counterpoint to an EHR, but in practice the lines of demarcation are most often not clear, nor desirable,
except when viewed in terms of who has control over the health record and the content within it.
While EHRs have traditionally been defined as “logical representations of information regarding, or relevant
to, the health of a subject of care”, they have existed primarily for the purposes of the healthcare organization
providing care to an individual. Information from EHRs might be made available to the subject of care or his/her
authorized representative, upon request to the clinician who is acting as a steward of the health information. In
some countries, this is supported by specific legislation.
PHRs are also “logical representations of information regarding, or relevant to, the health of a subject”; however,
in the strictest sense, these health records are primarily managed and controlled by the individual who is the
subject of the record, or his/her authorized representative. The individual has rights over the clinical content
held within a PHR, including the ability to delegate those rights to others, especially in the case of minors, the
elderly or the disabled. The individual, or his/her authorized representative, is the key stakeholder, determining
that the content of the PHR is relevant and appropriate. The simplest examples include self-contained mobile
phone applications that track a personal diet or exercise history, which are controlled by the individual and
accessed only by the individual him or herself.
Healthcare organizations and healthcare systems are accountable for the content of the EHRs they control.
Individuals have autonomy over records they choose to keep. However, in between these two strict views of
an EHR and a PHR is a continuum of person-centric health records, which might have varying degrees of
information sharing and/or shared control, access and participation by the individual and his/her healthcare
professionals. Towards the EHR end of the spectrum, some EHRs provide viewing access or annotation by
the individual to some or all of the clinician’s EHR notes. Towards the PHR end of the spectrum, some PHRs
enable individuals to allow varying degrees of participation by authorized clinicians to their health information,
from the simple viewing of data to the control of part or all of the PHR.
PHREHR
Information exchange
Individual-controlled Healthcare provider-
or shared use,
health record controlled health record
under mixed governance models
Figure 1 — The PHR‑EHR spectrum
In the middle of this continuum there exists a growing plethora of person-centric health records that operate
under collaborative models, combining content from individuals and healthcare professionals under agreed
terms and conditions, depending on the purpose of the health record. Control of the record might be shared,
or parts controlled primarily by either the individual or the healthcare professional with specified permissions
being granted to the other party. For example, a shared antenatal record might be either primarily a PHR,
under the auspice of the individual, permitting authorized healthcare professionals to contribute content or
directly edit part or all of the record itself, or it might be an extension of an organization’s EHR, permitting the
individual to view or directly contribute content to some or all of the record. The exact nature of the sharing of
responsibilities and participations by each party needs to be specified in the terms and conditions (governance)
of the health record.
Health information with a PHR might be purely for use by the individual him or herself, or might be shared with
healthcare professionals and others, such as family members. The inclusion of EHR extracts within a PHR, for
example laboratory reports or discharge summaries, is a desired feature of a comprehensive PHR, but in order
to preserve data integrity, the PHR might only be annotated with comments by the individual and not edited.
© ISO 2012 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/TR 14292:2012(E)
Ownership of a shared PHR can be complicated, requiring differentiation between moral ownership of the
health information content and technical/legal stewardship for storing and securing the data. Storage of health
information upon a PHR platform that is managed by a third party requires a formal relationship between the
two parties so that individuals can assert their rights and the third party can uphold their responsibilities.
The content scope for a PHR varies according to purpose and is broader than most conventional EHRs. In
the maximal scope, a PHR might have a breadth that encompasses health, wellness, development, welfare
and concerns, as well as a chronological depth that embraces history of past events, actions and services,
tracking and monitoring of current health or activities, and goals and plans for the future. Some PHRs will have
a very general summary focus; others might be activity-driven, e.g. a diabetes management record within a
diabetes community portal or a personal fitness and exercise record. An individual might choose to have a
single summary PHR or several activity-driven PHRs, or a combination of both.
vi © ISO 2012 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 14292:2012(E)
Health informatics — Personal health records — Definition,
scope and context
1  Scope
This Technical Report defines a personal health record (PHR). This definition is intended to help clarify the
kinds of records that should be called PHRs, in recognition of the lack of consistency in how this term is
presently used. This Technical Report considers the PHR from the perspective of the personal information
contained within it and the core services needed to manage this information.
A PHR is not a singular entity; the concept encompasses a spectrum of possible information repositories
and services that meet different purposes consistent with the definition. This Technical Report therefore also
discusses the scope of the PHR in terms of this spectrum as a series of dimensions by which a PHR may
be classified and equivalent PHR products compared. It also includes one dimension to classify the kinds of
collaborative care PHRs provided by healthcare organizations.
This Technical Report also considers the wider context of engagement of individuals in the management of
their own health and healthcare, since this engagement is the primary driver for present-day growth of PHR
systems and services internationally.
This Technical Report includes:
— a definition of a PHR;
— a pragmatic multidimensional classification of PHRs;
— an overview of the possible ways in which the inclusion and engagement of individuals in managing their
health and healthcare impacts on the potential roles of the PHR, including scenarios for collaborative care
between individuals and healthcare organizations.
The many kinds of end-user application that might be implemented and used to deliver PHR system functionality
are outside the scope of this Technical Report.
2  Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized entities
in authorized ways
[ISO/IEC 2382-8:1998, definition 08.04.01]
2.2
auditability
property that ensures that any action of any security subject on any security object may be examined in order
to establish the real operational responsibilities
[ISO/TS 13606-4:2009, definition 3.3]
© ISO 2012 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/TR 14292:2012(E)
2.3
audit trail
chronological record of activities of information system users which enables prior states of the information to
be faithfully reconstructed
[ISO 13606-1:2008, definition 3.9]
2.4
authorization
granting of privileges
2.5
care plan
personalized statement of planned healthcare activities relating to one or more specified health issues
NOTE Adapted from EN 13940-1:2007.
2.6
clinical information
health information
information about a person, relevant to his or her health or healthcare
[ISO 13606-1:2008, definition 3.13]
2.7
concept
unit of knowledge created by a unique combination of characteristics
[ISO 1087-1:2000, definition 3.2.1]
2.8
confidentiality
property that information is not made available or disclosed to unauthorized individuals, entities, or processes
[ISO 7498-2:1989, definition 3.3.16]
2.9
data controller
person who determines the purposes of the processing of personal data
2.10
data owner
person having responsibility and authority for the data
2.11
data processing
obtaining, recording or holding personal data
NOTE This includes organising, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining,
blocking, erasing or destroying.
2.12
data processor
person who processes personal data on behalf of the data controller
2.13
data subject
living individual who is the subject of personal data
2 © ISO 2012 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TR 14292:2012(E)
2.14
EHR
electronic health record
information relevant to the wellness, health and healthcare of an individual, in computer-processable form and
represented according to a standardized information model
[ISO 18308: 2011, definition 3.20]
2.15
electronic health record repository
database in which EHR information is stored
2.16
electronic health record system
system for recording, retrieving and manipulating information in EHRs
[ISO 13606-1:2008, definition 3.26]
2.17
entity
concrete or abstract thing of interest, including associations among things
NOTE Adapted from ISO/IEC 2382-17:1999, definition 17.02.05.
2.18
entry
documentation of a discrete item of health information
NOTE An entry may, for example, represent the documentation of a clinical observation, an inference, an intention, a
plan or an action.
2.19
health issue
issue related to the health of a subject of care, as identified or stated by a specific health care party
[EN 13940-1:2007]
2.20
healthcare
activities, services or supplies related to the health of an individual
2.21
healthcare service
service provided with the intention of directly or indirectly improving the health of the subject(s) of care to which
it is provided
2.22
healthcare organization
organization undertaking the delivery of healthcare
2.23
healthcare professional
person authorized by a jurisdictionally defined mechanism to be involved in the direct provision of certain
healthcare activities
NOTE Adapted from EN 13940-1:2007.
2.24
organization
unique framework of authority within which a person or persons act, or are designated to act, towards some purpose
[ISO 6523-1:1998, definition 3.1]
© ISO 2012 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/TR 14292:2012(E)
2.25
party
natural person or any other entity considered to have some of the rights, powers and duties of a natural person
NOTE Adapted from ISO/IEC 15414:2006, definition 6.5.1.
2.26
persistent data
data which are stored on a permanent basis
[ISO 13606-1:2008, definition 3.40]
2.27
personal data
data relating to an identified or identifiable natural person
2.28
personal health record system
system for recording, retrieving and manipulating information in personal health records
2.29
policy
set of legal, political, organizational, functional and technical obligations for communication and cooperation
[ISO/TS 22600-1: 2006, definition 2.13]
2.30
role
set of competences and/or performances associated with a task
[ISO/TS 22600-1:2006, definition 2.19]
2.31
service
ability of a system to provide a defined set of output information based on a defined set of input information
2.32
subject of care
person scheduled to receive, receiving, or having received health care
[ISO 13606-1:2008, definition 3.49]
2.33
term
designation of a defined concept in a special language by a linguistic expression
[ISO 1087:1990, definition 5.3.1.2]
2.34
terminology system
terminological system
set of terms representing the system of concepts of a particular field
4 © ISO 2012 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TR 14292:2012(E)
3 Abbreviations
For the purposes of this document, the following abbreviations apply.
EHR electronic health record
PHR personal health record
PDA portable digital assistant (mobile, hand-held computer)
4  Definition of a PHR
4.1  Definition
A PHR of an individual is a representation of information regarding, or relevant to, the health, including wellness,
development and welfare of that individual, which may be stand-alone or may integrate health information from
multiple sources, and for which the individual, or the representative to whom the individual delegated his or
her rights, manages and controls the PHR content and grants permissions for access by, and/or sharing with,
other parties.
4.2  Explanation of the definition
An individual might have more than one PHR, possibly for different uses or on different devices, which might
or might not be interconnected. The extent to which a PHR is highly organized or not will vary depending upon
the kind of product used and the way in which the individual uses it.
The key distinction between the PHR and the EHR is that, in the former, the individual who is the subject
of the record is the key stake-holder determining its content and with rights over that content. This might
be through the subject personally entering the content, or by the subject authorizing one or more parties or
systems to contribute to the PHR, or by the subject authorizing the creation of a PHR on his or her behalf by
an organization or person whose anticipated purpose is considered relevant and trustworthy by the subject.
It should be noted that the definition of content covers health, which includes wellness, development and
welfare. This scope reflects the ways in which PHRs are being used and is broader than most conventional
EHRs: all of these categories of information can also be found in EHRs on some occasions, but the EHR is
inevitably scoped to focus on information relevant to the provision of healthcare services. Information that
might be relevant for a PHR will include: a history of past events, actions and services; current situations; future
projections of plans, expectations, hopes and concerns. The information might only be intended for use by the
subject personally, or for sharing with others.
In some instances, the record serves both EHR and PHR purposes, but in these cases, the source of the data
(personal or provider) should be clearly distinguishable.
This definition does not imply that the subject is primarily responsible for managing the repository, nor that
he or she is the legal data processor or legal owner of the record system on which it is held. [If the individual
is the controller, but not the legal owner of the system, this will require that a formal relationship between the
two parties be established so that individuals (data subjects) can assert their rights, and the holder can uphold
his/her responsibilities].
This definition states that the subject of the record has exclusive rights to determine who has permission to
access, add to, or communicate the record contents. The subject may delegate such rights to others. This
implies that the subject always has the capability to ensure that the content remains relevant and appropriate
in his or her opinion and, therefore, that the subject personally always has such permissions over the whole of
the PHR content.
In the case of minors or those not considered able to exercise personal autonomy in healthcare decisions, the
carer or guardian may be the individual with control of the PHR content on behalf of the subject of the record.
© ISO 2012 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/TR 14292:2012(E)
This definition distinguishes the repositories of personal health information and the core services needed to
manage the information in those repositories (the PHR, as defined) from the wider set of applications and
services needed to deliver useful functions and features to end users (PHR systems, but which include a PHR
as defined above).
Several other published definitions of the PHR are provided and discussed in Annex A.
5  Scope of the PHR
There are many kinds of PHR systems in existence or anticipated, meeting different kinds of needs in order
to keep subjects of care informed and engaged in health and social care, or to enable individuals who are
not needing or seeking healthcare to keep track of their level of fitness, manage prevention or monitor their
health status. This variety of systems and applications is too vast, sophisticated and rapidly changing to be
standardized.
The kernel of each of these PHR systems is the personal health information about the record subject, comprising
one or more interconnected repositories and a set of computational services that manage (such as create,
store, analyse, link, copy, protect, disclose, modify, delete) that information: the PHR.
This clause defines the potential characteristics of the PHR by means of a set of dimensions according to which
PHRs can be classified and compared. This classification is not intended to constrain the forward evolution
of the PHR, but rather to present the main functions presently supported. It is therefore recommended that
this classification be used as a guide rather than as a constraint on the kinds of PHR that are approved or
supported within a jurisdiction.
Six dimensions for classification are defined:
a) Dimension 1: Scope of the information
b) Dimension 2: Control over the information
c) Dimension 3: Data processor
d) Dimension 4: Repository auditability
e) Dimension 5: Interoperability and communication
f) Dimension 6: Technical architecture
Each dimension is specified below through a value list describing the main options for how that characteristic
might be fulfilled by a PHR. It may therefore be possible to profile any given PHR repository service by means
of codes from these PHR Dimensions.
5.1  PHR Dimension 1: Scope of the information
This dimension specifies the kinds of information and information sources reflected in the PHR content. This
does not necessarily equate with who has inserted the data into the PHR, or who has access to it, but indicates
the authors and professional viewpoints which may be found in that PHR.
For this dimension, more than one value may apply.
6 © ISO 2012 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/TR 14292:2012(E)
Table 1 — PHR Dimension 1
PHR Dimension 1 Description
code
PHR.1.A Information potentially about a broad range of health topics (including health,
health promotion, prevention and surveillance, wellness, welfare) as determined
by the subject of the record
PHR.1.B Information about (and possibly contributed by) family members and other
personal contacts of the record subject
PHR.1.C Information about interactions with carers, voluntary sector, support groups,
charities
PHR.1.D Copies and summaries of health record information
PHR.1.E Information addressing a specific care team (e.g. social services or occupational
health or education services)
PHR.1.F Information focusing on lifestyle information (e.g. fitness and exercise, nutrition
and diet)
PHR.1.G Information focussed on the management of a particular clinical condition, self-
care of specific symptoms or signs or measurements (home monitoring)
5.2 PHR Dimension 2: Control over the information
This dimension specifies the extent of the authority of the subject of the record over the policies that define who
can access and modify his or her PHR. The values for this dimension have been ordered to indicate that “A” is
the lowest extent of direct control by the individual and “G” is the highest degree of direct control. It should be
recognized that the degree of control that might be exerted by the data subject might be constrained by national
legislation as well as system capability. In these cases, it is recommended that the system capability be used
as the basis for this classification rather than the level of control permitted in its usage settings.
Table 2 — PHR Dimension 2
PHR Dimension 2 Description
code
PHR.2.A Subject can specify policies applying to a user role or team
PHR.2.B Subject can specify policies applying to named individuals
PHR.2.C Subject can specify policies according to purpose of use
PHR.2.D Subject can specify policies according to usage context (e.g. time periods,
locations of access)
PHR.2.E Subject can specify policies applying to individual documents or entries in the
PHR
PHR.2.F Subject can specify policies that manage access (e.g. permit, deny, revoke,
delegate access)
PHR.2.G Subject can specify policies regarding read, write, modify, export and import
functions
5.3  PHR Dimension 3: Data processor
This dimension specifies the party who acts as the data processor of the repository, in a legal sense (for
example, registering under data protection legislation) and also operationally. The value chosen here does
not imply that the processor is responsible for authorization decisions (this is specified by PHR Dimension 2),
but it is possible that the processor is responsible for operationalizing such policies (or for deploying tools and
services that permit the parties specified in Dimension 2 to execute such authorizations). For this dimension,
© ISO 2012 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO/TR 14292:2012(E)
only one value will apply for any one PHR repository, although a PHR system might comprise a federation of
repositories.
Table 3 — PHR Dimension 3
PHR Dimension 3 Description
code
PHR.3.A PHR stored by the record subject (e.g. on his or her own computer)
PHR.3.B PHR stored by vendor of the PHR service or system
PHR.3.C PHR stored by third party with no commercial interest (e.g. consumer group)
PHR.3.D PHR stored by a single healthcare organization, such as a primary care centre
(general practice), a hospital or a pharmacy
PHR.3.E PHR stored at a regional/national level by the health service or system
PHR.3.F PHR stored by an insurer
PHR.3.G PHR stored by an employer or school or college
5.4  PHR Dimension 4: Repository auditability
This dimension specifies the extent to which the PHR manages its content in ways that meet the kinds of legal
requirement expected of an EHR, for example as given in ISO 18308. The quality of managing the repository
from this perspective will influence the extent to which the information in it is considered trustworthy for use by
health professionals or integration with EHRs.
NOTE If r
...