ISO 22857:2013
(Main)Health informatics — Guidelines on data protection to facilitate trans-border flows of personal health data
Health informatics — Guidelines on data protection to facilitate trans-border flows of personal health data
ISO 22857:2013 provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles. ISO 22857:2013 covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles. ISO 22857:2013 aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country/jurisdiction.
Informatique de santé — Lignes directrices sur la protection des données pour faciliter les flux d'information sur la santé du personnel de part et d'autre des frontières
General Information
Relations
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO
STANDARD 22857
Second edition
2013-12-15
Health informatics — Guidelines on
data protection to facilitate trans-
border flows of personal health data
Informatique de santé — Lignes directrices sur la protection des
données pour faciliter les flux d’information sur la santé du personnel
de part et d’autre des frontières
Reference number
©
ISO 2013
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Structure of this International Standard . 3
6 General principles and roles . 3
6.1 General principles . 3
6.2 Roles . 4
7 Legitimising data transfer . 4
7.1 The concept of “adequate” data protection . 4
7.2 Conditions for legitimate transfer . 5
8 Criteria for ensuring adequate data protection with respect to the transfer of personal
health data . 6
8.1 The requirement for adequate data protection . 6
8.2 Content principles . 6
8.3 Procedural/enforcement mechanisms. 9
8.4 Contracts .10
8.5 Overriding laws .11
8.6 Anonymisation .11
8.7 Legitimacy of consent .12
9 Security policy .12
9.1 General .12
9.2 The purpose of the security policy .12
9.3 The “level” of security policy .13
9.4 High Level Security Policy: general aspects .13
10 High Level Security Policy: the content .14
10.1 Principle One: overriding generic principle .14
10.2 Principle Two: chief executive support .15
10.3 Principle Three: documentation of measures and review .16
10.4 Principle Four: Data protection security officer .16
10.5 Principle Five: permission to process .17
10.6 Principle Six: information about processing .18
10.7 Principle Seven: information for the data subject .20
10.8 Principle Eight: prohibition of onward data transfer without consent .20
10.9 Principle Nine: remedies and compensation .21
10.10 Principle Ten: security of processing .22
10.11 Principle Eleven: responsibilities of staff and other contractors .23
11 Rationale and observations on measures to support Principle Ten concerning security
of processing .24
11.1 General .24
11.2 Encryption and digital signatures for transmission to the data importer .24
11.3 Access controls and user authentication .24
11.4 Audit trails .25
11.5 Physical and environmental security .25
11.6 Application management and network management .25
11.7 Malicious software .25
11.8 Breaches of security .25
11.9 Business continuity plan .25
11.10 Handling very sensitive data .26
11.11 Standards .26
12 Personal health data in non-electronic form .26
Annex A (informative) Key primary international documents on data protection .27
Annex B (informative) National documented requirements and legal provisions in a range
of countries .32
Annex C (informative) Exemplar contract clauses: Controller to controller .37
Annex D (informative) Exemplar contract clauses: Controller to processor .44
Annex E (informative) Handling very sensitive personal health data .53
Bibliography .55
iv © ISO 2013 – All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 215, Health informatics.
This second edition replaces the first edition (IO 22857:2004), which has been technically revised.
Introduction
In the health context, information about individuals needs to be collected, stored and processed for
many purposes, the main being
— direct delivery of care e.g. patient records;
— insurance;
— clinical research; and
— population health.
[15]
A classification of purposes for processing personal health information is given in ISO/TS 14265 .
The data required depends on the purpose. In the context of identification of individuals, data may be
needed
— to allow an individual to be readily and uniquely identified (e.g. a combination of name, address, age,
sex, identification number);
— to confirm that two data sets belong to the same individual without a
...
INTERNATIONAL ISO
STANDARD 22857
Second edition
2013-12-15
Health informatics — Guidelines on
data protection to facilitate trans-
border flows of personal health data
Informatique de santé — Lignes directrices sur la protection des
données pour faciliter les flux d’information sur la santé du personnel
de part et d’autre des frontières
Reference number
©
ISO 2013
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Structure of this International Standard . 3
6 General principles and roles . 3
6.1 General principles . 3
6.2 Roles . 4
7 Legitimising data transfer . 4
7.1 The concept of “adequate” data protection . 4
7.2 Conditions for legitimate transfer . 5
8 Criteria for ensuring adequate data protection with respect to the transfer of personal
health data . 6
8.1 The requirement for adequate data protection . 6
8.2 Content principles . 6
8.3 Procedural/enforcement mechanisms. 9
8.4 Contracts .10
8.5 Overriding laws .11
8.6 Anonymisation .11
8.7 Legitimacy of consent .12
9 Security policy .12
9.1 General .12
9.2 The purpose of the security policy .12
9.3 The “level” of security policy .13
9.4 High Level Security Policy: general aspects .13
10 High Level Security Policy: the content .14
10.1 Principle One: overriding generic principle .14
10.2 Principle Two: chief executive support .15
10.3 Principle Three: documentation of measures and review .16
10.4 Principle Four: Data protection security officer .16
10.5 Principle Five: permission to process .17
10.6 Principle Six: information about processing .18
10.7 Principle Seven: information for the data subject .20
10.8 Principle Eight: prohibition of onward data transfer without consent .20
10.9 Principle Nine: remedies and compensation .21
10.10 Principle Ten: security of processing .22
10.11 Principle Eleven: responsibilities of staff and other contractors .23
11 Rationale and observations on measures to support Principle Ten concerning security
of processing .24
11.1 General .24
11.2 Encryption and digital signatures for transmission to the data importer .24
11.3 Access controls and user authentication .24
11.4 Audit trails .25
11.5 Physical and environmental security .25
11.6 Application management and network management .25
11.7 Malicious software .25
11.8 Breaches of security .25
11.9 Business continuity plan .25
11.10 Handling very sensitive data .26
11.11 Standards .26
12 Personal health data in non-electronic form .26
Annex A (informative) Key primary international documents on data protection .27
Annex B (informative) National documented requirements and legal provisions in a range
of countries .32
Annex C (informative) Exemplar contract clauses: Controller to controller .37
Annex D (informative) Exemplar contract clauses: Controller to processor .44
Annex E (informative) Handling very sensitive personal health data .53
Bibliography .55
iv © ISO 2013 – All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 215, Health informatics.
This second edition replaces the first edition (IO 22857:2004), which has been technically revised.
Introduction
In the health context, information about individuals needs to be collected, stored and processed for
many purposes, the main being
— direct delivery of care e.g. patient records;
— insurance;
— clinical research; and
— population health.
[15]
A classification of purposes for processing personal health information is given in ISO/TS 14265 .
The data required depends on the purpose. In the context of identification of individuals, data may be
needed
— to allow an individual to be readily and uniquely identified (e.g. a combination of name, address, age,
sex, identification number);
— to confirm that two data sets belong to the same individual without a
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.