ISO/TR 28380-3:2014

TECHNICAL ISO/TR
REPORT 28380-3
First edition
2014-12-15
Health informatics — IHE global
standards adoption —
Part 3:
Deployment
Informatique de santé — Adoption des normes globales IHE —
Partie 3: Déploiement
Reference number
ISO/TR 28380-3:2014(E)
©
ISO 2014

---------------------- Page: 1 ----------------------
ISO/TR 28380-3:2014(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TR 28380-3:2014(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative References . 1
3 Terms and definitions . 1
4 Abbreviations. 4
5 General approach to analyse the interoperability requirements in support of an
interoperability use case . 4
5.1 Concept of an Interoperability Use Case . 4
5.2 Decomposition of an Interoperability Use Case into Technical Use Cases . 5
6 Project Interoperability Specification . 7
6.1 Scope of Interoperability . 7
6.2 Selection and combination of the appropriate Profiles . 7
6.3 Establishing a Jurisdictional Interoperability Framework .10
6.4 Examples to illustrate the application of the above methodology to specific
Interoperability Use Cases .10
7 Deployment benefits of profile-based interoperability specifications.11
7.1 Alternatives and Deployment benefits .11
8 Approach to testing for interoperability .14
8.1 Four phases of Testing for Interoperability.14
8.2 Responsibilities and Entrance/Exit Criteria .15
8.3 Test Management Processes and Certification .16
Bibliography .18
© ISO 2014 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TR 28380-3:2014(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 215, Health Informatics, WG 2, Systems and
Device Interoperability.
ISO 28380 consists of the following parts, under the general title Health Informatics – IHE Global
Standards Adoption:
— Part 1: Process
— Part 2: Integration and Content Profiles
— Part 3: Deployment
Part 1 and 2 have been approved by the TC 215 and have been published.
This technical report will complement and support the general requirements for the adoption of global
standards towards increasing the efficiency of deploying interoperability in health.
iv © ISO 2014 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TR 28380-3:2014(E)

Introduction
The purpose of this Technical Report is to structure and facilitate adoption and deployment of health
interoperability standards in a broad range of eHealth projects, including regional and national programs.
A solid standards adoption process is a critical element that complements standards development and
ensures that timely and effective implementation of standards is realized for health information exchange.
This technical report is intended to help and guide eHealth projects in the way to specify their use of
interoperability standards in health information exchange by reusing IHE Profiles to support specific
business use cases chosen by the project.
This technical report is the third part of a multi-part Technical Report on IHE Global Standards Adoption.
It builds upon:
— TR 28380-1, Health Informatics — IHE Global Standards Adoption — Part 1: Process
— TR 28380-2, Health Informatics — IHE Global Standards Adoption — Part 2: Integration and
Content Profiles.
This Technical Report uses the term Profile as defined by TR 28380. A Profile is intended to guide
implementers in a detailed manner and to ensure that implementations may be tested for compliance.
For each use case, a Profile selects from a number of interoperability standards specific to healthcare
(ISO TC215, HL7, DICOM, CEN, etc.) as well as general IT standards from ISO, or Internet related standards
bodies (e.g. W3C, IETF, OASIS).
Such Profiles are intended to guide implementers in a detailed manner and ensure that implementation
may be tested for compliance and interoperability among implementations of like profiles achieved.
For each standard it profiles, i.e. defines a specific and proper subset of each selected standard; IHE
leverages implementation guides produced by the source standard development organizations (SDO), if
they exist, and specifies the integration of these standards. This coordinated process has been developed
by Integrating the Healthcare Enterprise (IHE) and has been in effective use since 1998 to address a
rapidly increasing number of healthcare interoperability problems for citizens as consumers of health
services and for health professionals in the care of their patients.
Integrating the information systems and devices within healthcare institutions, across a variety of care
settings, and personal health management services will empower patients and healthcare professionals
with a more efficient access to accurate information. IHE has a formal Type-A Liaison relationship with
ISO TC215. It is sponsored by a large number of healthcare user organizations world-wide and has
engaged over 300 vendors in healthcare IT (www.ihe.net). 16 countries are directly engaged in IHE at
the time of writing this Technical Report.
The information exchange among IT systems, applications and devices in healthcare is a complex
challenge. In particular, it needs to account for the wide range of medical specialities, for the rapid
evolution of knowledge and for the use of technology in the delivery services, among the broad range
of stakeholders that need to cooperate ranging from democratic institutions, governmental entities,
insurers and employers, to care providers organized in a variety of entities of all sizes (single doctors’
practice to large hospital networks).
Interoperability standards have proven quite complex to develop and are driven by a wide range
of standard development organizations (SDO) each effective at engaging a subset of these many
stakeholders. In such a complex environment, standards have to incorporate much flexibility and
optionality to account for a variety of environments in which they could be used. Removing the need
for flexibility and optionality in these standards would only result in further fragmentation. An agreed
upon process to rationalize and constrain the implementation of combined sets of these standards is
required in order to address some of the most common cases of information exchange in a definite
manner that can be tested.
© ISO 2014 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/TR 28380-3:2014(E)

This Technical Report is based on the valuable work done by the IHE initiatives in which several of the
ISO/TC 215 member countries are engaged. This Technical Report is intended to provide all ISO members
with an understanding of the practical experience gained as well as access to the results achieved.
IHE is both a process and a forum that rationalizes at a multi-national level the adoption of interoperability
standards that can be profiled and combined to meet healthcare needs. IHE draws on established
healthcare specific standards such as those developed by ISO/TC 215 and HL7, as well as general purpose
IT standards, in order to define a technical framework for the implementation of information exchange
to address specific health improvement or clinical goals. It includes a rigorous interoperability testing
process for the implementation of this technical framework.
IHE also organizes educational sessions and exhibits at major meetings of health professionals to
demonstrate the benefits of this framework and encourage its adoption by the healthcare industry, the
technology industry, and other stakeholders worldwide. These elements are further discussed in Part 1
of this technical report.
The intended audience of this ISO Technical Report is:
— IT departments of healthcare institutions;
— Technical and marketing staff in the healthcare technology industry;
— Experts involved in standards development;
— Health Professionals interested in integrating healthcare information systems and workflows;
— National and regional healthcare information exchange projects leadership.
vi © ISO 2014 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 28380-3:2014(E)
Health informatics — IHE global standards adoption —
Part 3:
Deployment
1 Scope
This part of this Technical Report describes the general methodology to analyse interoperability
requirements in support of a use case to produce the selection and combination of the relevant Profiles
specified in TR 28380-2. It is illustrated by applying this methodology to a small number of examples. It
also identifies and proposes a high-level quantification of the benefits gained by the use of a profile based
specification of interoperability. Finally this technical report will discuss the approach to effectively
test interoperability from the specific of the standards and profiles, up to the level of business use cases.
ISO/TR 28380-1 is a companion to this part of this Technical Report. ISO/TR 28380-1 describes how the
IHE process identifies technical use cases for interoperability and specifies profiles of selected standards
to support these carefully defined healthcare tasks that depend on electronic information exchange. The
reader is encouraged to be familiar with this process followed by IHE in developing its Profiles.
A wide portfolio of such profiles for Integration, Security, and Semantic Content is now available across
various domains of healthcare clinical specialities and technologies, as described in ISO/TR 28380-2.
The reader of this part of this Technical Report is encouraged to be familiar with this process followed
by IHE in developing its Profiles as it builds upon ISO/TR 28380-1 and ISO/TR 28380-2 by addressing
a number of key issues to support eHealth projects across all sectors of health to more effectively
deploy standards-based interoperability between software applications and devices, including within
healthcare organizations and across healthcare and home settings.
2 Normative References
ISO/TR 28380-1, Health informatics — IHE global standards adoption — Part 1: Process
ISO/TR 28380-2, Health informatics — IHE global standards adoption — Part 2: Integration and content profiles
ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories
3 Terms and definitions
For the purposes of this document, the terms and definitions of ISO/TR 28380-1 and the following apply.
3.1
actors
actors are information systems or components of information systems that produce, transmit or act on
health information exchanged to support operational activities
3.2
eHealth
refers to the combined use of electronic communication and information technology in the health sector
to enable better health and healthcare
[SOURCE: WHO]
© ISO 2014 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/TR 28380-3:2014(E)

3.3.1
electronic health record
EHR
information relevant to the wellness, health and healthcare of an individual, in computer-processable
form and represented according to a standardized information model
[SOURCE: ISO 18308:2011, 3.20]
3.3.2
electronic health record
EHR
longitudinal electronic record of an individual that contains or virtually interlinks to data in multiple EMRs
and EPRs, which is to be shared and/or interoperable across healthcare settings and is patient-centric
Note 1 to entry: Adapted from the European 2011 eHealth Strategies Final Report, January 2011.
3.4
health
state of complete physical, mental and social well-being and not merely the absence of disease or infirmity
[SOURCE: WHO 1948]
3.5
health information
information about a person relevant to his or her health
[SOURCE: ISO 18308:2011, 3.28]
3.6
healthcare
activities, services, or supplies related to the health of an individual
[SOURCE: EN 13940-1:2007]
3.7
healthcare activity
activity performed for a subject of care with the intention of directly or indirectly improving or
maintaining the health of that subject of care
[SOURCE: EN 13940-1:2007]
3.8
healthcare professional
person authorized to be involved in the direct provision of certain healthcare provider activities in a
jurisdiction according to a mechanism recognized in that jurisdiction
Note 1 to entry: Adapted from EN 13940–1:2007.
3.9
healthcare provider
healthcare organization or healthcare professional involved in the direct provision of healthcare
[SOURCE: EN 13940-1:2007]
3.10
patient
individual who is a subject of care
[SOURCE: ISO/TR 20514:2005, 2.30]
2 © ISO 2014 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TR 28380-3:2014(E)

3.11
policy
set of rules such as legal, political or organizational which can be expressed as obligations, permissions
or prohibitions
Note 1 to entry: Adapted from ISO/TS 22600-1:2006, 2.13.
3.12
privacy
freedom from intrusion into the private life or affairs of an individual when that intrusion results from
undue or illegal gathering and use of data about that individual
[SOURCE: ISO/IEC 2382-8:1998, 08.01.23]
3.13
registry
server capable of holding data for the systematic and continuous follow-up of information objects
maintained in accordance with specific rules
[SOURCE: ISO/TR 21089:2004]
3.14
semantic interoperability
ability for data shared by systems to be understood at the level of fully defined domain concepts
[SOURCE: ISO 18308:2011, 3.45]
3.15
syntactic interoperability
capability of two or more systems to communicate and exchange data through specified data formats
and communication protocols
[SOURCE: ISO 18308:2011, 3.48]
3.16
use case
methodology used in system analysis to identify, clarify, and organize system requirements
Note 1 to entry: The use case is made up of a set of possible sequences of interactions between systems and users
in a particular environment and related to a particular goal. In the context of this Technical Report, a use case
provides a depiction of the actors and services that addresses information exchange in the context of a set of
specific tasks performed by different systems or devices
3.17
vocabulary
terminological dictionary which contains designations and definitions from one or more specific
subject fields
[SOURCE: ISO 1087-1:2000]
© ISO 2014 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/TR 28380-3:2014(E)

4 Abbreviations
ATNA Audit Trail and Node Authentication
BPPC Basic Patient Privacy Consent
CEN European Standardization Committee
CDA Clinical Document Architecture
DICOM Digital Imaging and Communications in Medicine
EHR Electronic Health Record
HL7 Health Level Seven
IHE Integrating the Healthcare Enterprise
IHTSDO International Health Terminology Standards Development Organization
ISO International Organization for Standardization
ISO/TC 215 ISO Technical Committee 215 (Health Informatics)
IT Information Technology
LOINC Logical Observation Identifiers Names and Codes
MoH Ministry of Health
OASIS Advancing Open Standards for the Information Society
PDQ Patient Demographics Query
PHR Personal Health Record
SDO Standards Development Organization
SNOMED CT Systematized Nomenclature of Medicine Clinical Terms
W3C World-Wide Web Consortium
XCA Cross-Community Access
XDS Cross-enterprise Document Sharing
XUA Cross-Enterprise User Assertion
5 General approach to analyse the interoperability requirements in support of
an interoperability use case
5.1 Concept of an Interoperability Use Case
A Use Case is a concept that is widely used but often called with different terms (requirement, business
scenario, etc.). In this Technical Report, we focus the use case content on interoperability defined as: “A
depiction of the actors and services that address information exchange in the context of a set of specific
tasks performed by different systems or devices in support of its users”.
Use Cases can be defined at various levels. An Interoperability Use Case is at a level that Part 1 of this
report describes as:
4 © ISO 2014 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TR 28380-3:2014(E)

“This encompasses health system objectives such as “chronic disease management” or “sharing patient
summaries with a medication history.” There are many ways of identifying and structuring use cases
at the business level, which contributes to the challenge of accepting a certain fuzziness and flexibility.
Interoperability level use cases are most successful, when they select a small – and therefore achievable
and implementable scope, thus providing value while remaining achievable. This is what a number
of regional and national projects around the world are often using to shape their objectives in the
area of interoperability. However, as the number of use cases providing incremental interoperability
requirements increases, it becomes apparent that they overlap, each potentially reusing a subset of
another Interoperability Use Case (e.g. in our example above “sharing patient summaries and “patient
empowerment with a medication history” have likely some overlap). This needs to be recognized, and
factoring will happen at the lower levels of requirements.”
An Interoperability Use Case can be summarized in one sentence and described in a few pages of text that
any stakeholder in health, including non IT professionals would understand along with the necessary
underlying exchange of health information.
An Interoperability Use Case is described by a flow of health information between Actors, where Actors
are a representation of health information systems supporting users such as healthcare professionals
in specific roles as well as the patients, but also extend to include the organizations they support and
benefit from the real world information interchange defined by an Interoperability Use Case.
Examples of Interoperability Use cases:
— Patient summaries for regional/national information sharing;
— Prescriptions for regional/national information sharing;
— Request and results distribution for radiology enterprise workflow (e.g. within a hospital);
— Flow of device measurements from mobile and/or home-based monitoring devices to care
management services.
These examples of Interoperability Use case cover a diverse range of information exchange
environments: cross-border, national/regional, intra-hospital; and citizens on the move or at home. They
come from the European eHealth Interoperability Framework (http://ec.europa.eu/digital-agenda/en/
news/ehealth-interoperability-framework-study) and the eHealth Interoperability Standards Mandate
(www.ehealth-interop.eu).
5.2 Decomposition of an Interoperability Use Case into Technical Use Cases
A set of Technical Use Cases may be derived from an Interoperability Use Case by taking the requirements
at a service/content/semantic level, where the flows of health information are more specific and
described between specific software entities, or Technical Actors that support the Actors engaged
into the Interoperability Use Case. This results in a decomposition of an Interoperability Use Case into
Technical Use Cases of different types, such as:
a) Specific flows of health information between Technical Actors abstracting the part of software
applications, which are engaged in one or more specific transactions or services to support a specific
aspect of a real world health information interchange.
b) Specific health information content and semantics associated with each flow between the Technical
Actors identified in 1) above.
c) Specific security and privacy requirements attached to the above specific flows identified in 1) above.
The isolation of these Technical Use Cases is important because it modularizes the specification process
around Profiles, or a reusable communication service which is defined in Part 1 of this technical report as:
“A communication service defining a number of related means and constraints to exchange specific types
of health information for the purpose of communicating this information from one or more systems to
© ISO 2014 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/TR 28380-3:2014(E)

another or accessing it in remote systems. One defines at this level core communication services that are
most likely to be needed to support a broad range of interoperability use cases”.
These Technical Use Cases may be defined at different levels of granularity, but their main characteristics
are that the interoperability requirements are sufficiently focused so that each Technical Use Case
forms a building block of requirements which is reusable across multiple Interoperability Use Cases.
This encourages and supports modularity as well as facilitating evolution by substitution.
It is at the level of Technical Use Cases that the IHE development process operates, by associating a
detailed selection of supporting standards. This is where the processes discussed in Part 1 are engaged
and result in the specification of profiles that each support a well-defined Technical Use Case.
Figure 1 — Decomposition of Interoperability Use Cases into Profiles/Technical Use Cases
A breakdown of an Interoperability Use Case such as Patient summaries for regional/national information
sharing may for example include the following Technical Use Cases:
a) Patient summary document content data structure;
b) Coded entries terminology value sets (diagnosis, medications, allergies, procedures, etc.);
c) Patient identity demographics query;
6 © ISO 2014 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/TR 28380-3:2014(E)

d) Sharing of documents within a region (publish, query and retrieve to a document registry and
repositories);
e) Access to documents across regions (peer-to-peer query/retrieve);
f) User authentication, audit trail feed, system authentication and transport encryption;
g) Patient privacy consent content data structure.
Examples of specific Profiles associated with each one of these Technical Use Cases are discussed in 6.4.
6 Project Interoperability Specification
6.1 Scope of Interoperability
A simplified abstraction that represents the two dimensional scope of interoperability in an eHealth
project is shown in Figure 2 below.
Figure 2 — Two dimensional scope of interoperability
One generally distinguishes between a set of IT systems that provide an infrastructure to which are
interfaced the IT systems and devices used by the health workers and patients. This depiction is simply
intended to position:
— the need for a “standardized interface“ between the infrastructure and the various IT systems
and devices it interconnects (the vertical system-to-system interfaces as shown by the vertical
arrows in Figure 2)
— the end-to-end interoperability requirements (the end-to-end user perception of interoperability as
shown by the horizontal arrow in Figure 2.
The role of the Interoperability Specification in an eHealth project is to specify the interfacing of the
various IT systems and devices to the eHealth infrastructure. This interfacing covers not only the
specification of the information that may flow back and forth across the interface, but also the policies
that control the behaviour of the systems and users to ensure end-to-end interoperability (e.g. semantics,
security, privacy, service level agreements). Although these policies are not discussed here, they are
critical to interoperability and only their technical support is addressed by the Profiles that seek to be,
as much as possible, policy neutral.
6.2 Selection and combination of the appropriate Profiles
Applying the above methodology to a typical eHealth project is where the benefits should be realized.
© ISO 2014 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO/TR 28380-3:2014(E)

Interoperability Use Cases are often dependent on the specifics of the health system in which they will
be deployed. Each one of these Interoperability Use Cases that a project has chosen to address can be
decomposed into a coherent set of Technical Use Cases along with the associated supporting Profiles,
where they exist. Of course, some Technical Use Cases may be found to lack the associated supporting
Profiles, or that certain extensions may be required. The Profile development process is organized to be
reactive, and address these newly identified gaps
...