ISO/TS 27790:2009

TECHNICAL ISO/TS
SPECIFICATION 27790
First edition
2009-12-01
Health informatics — Document registry
framework
Informatique de santé — Cadre d'enregistrement de document

Reference number
©
ISO 2009
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2009 – All rights reserved

Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.2
3 Terms and definitions .2
4 Abbreviated terms .9
5 Document registry framework .10
5.1 General structure of the framework .10
5.2 Information model (ebRIM) and services (ebRS) web services.10
5.3 Cross-enterprise document sharing (IHE-XDS) .10
5.4 Document separation XDS extension .12
5.5 Patient identification, security and privacy profiles .12
5.6 Document content profiles.12
Annex A (informative) Korean National Extension to IHE IT Infrastructure Technical Framework
CDA Document Separation - XDS Extension.14
Bibliography.23

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of document:
— an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
— an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is
confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an
International Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 27790 was prepared by Technical Committee ISO/TC 215, Health informatics.
iv © ISO 2009 – All rights reserved

Introduction
Development and implementation of electronic health records (EHR) are rapidly progressing around the world.
An appropriate deployment of EHR will enhance various aspects of healthcare delivery in the future. EHR are
thought to enable the provision of essential care information to providers at point-of-care through information
and telecommunications technologies. This includes a broad spectrum of capabilities including acquisition,
storage, presentation, and management of patient information (represented in different digital forms such as
video, audio or data) and communication of this information between care facilities with the use of
communications links.
Recent development of health information exchange where the patients’ EHR are accessed securely
whenever necessary (sharing EHR information at point-of-care and by the consumer citizen) requires that
electronic health records of an individual, although they originate from various health-related subjects
distributed over space and time, remain accessible irrespective of their centralized or distributed storage. The
use of centralized registry systems pointing to such records can greatly facilitate the discovery of their
locations to allow effective access to the appropriate and secured EHR.
This Technical Specification describes the principles and specification of interoperability needed to support a
registry system for locating and accessing records grouped into documents. The supported documents may
contain any type of person-centric health information, structured or not, depending on the standard used for
their content. The clinical document architecture (CDA) is one such standard that is a likely companion to this
Technical Specification. This Technical Specification does not address the security and privacy considerations
in detail but refers to related work in this critical area. The specification is not intended to be prescriptive either
from a methodological or a technological perspective but rather to provide a coherent inclusive description of
principles and practices that could facilitate the formulation of policies and governance practices locally or
nationally.
TECHNICAL SPECIFICATION ISO/TS 27790:2009(E)

Health informatics — Document registry framework
1 Scope
This Technical Specification specifies a general-purpose document registry framework for transmitting, storing
and utilizing documents in clinical and personalized health environments. It is quite broad in its applicability to
realise the goal of sharing health-related documents spanning a broad spectrum of health domains such as
healthcare specialities covering laboratory, cardiology, eye care, etc. and the many areas of personalized
health.
This web services-based registry framework includes a document registry and associated repository to allow
the sharing of any form of health documents including HL7 CDA (clinical document architecture). It specializes
in health, W3C Web Services Standards, ISO 15000 (ebXML registry standards) and OASIS ebXML Registry
Information Model 3.0 through the use of the IHE Cross-Enterprise Document Sharing (XDS) from the
Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) technical framework,
quoting from the Cross-Enterprise Document Sharing (XDS) Profile:
“The Cross-Enterprise Document Sharing IHE Integration Profile facilitates the registration, distribution and
access across health enterprises of patient and citizen electronic health records. Cross-Enterprise Document
Sharing (XDS) is focused on providing a standards-based specification for managing the sharing of
documents between all health enterprises, ranging from private physician offices to clinics to acute care
in-patient facilities to personal heath record systems. The XDS IHE Integration Profile assumes that these
enterprises belong to one or more affinity domains. An affinity domain is a group of healthcare enterprises that
have agreed to work together using a common set of policies and that share a common registry infrastructure.”
This Technical Specification also supports document registration and retrieval via the federation of documents’
registries (see IHE Cross-Community Access) in terms of individual users to reduce health information
extrusion possibilities.
This Technical Specification supports the sharing of documents of any standardized content in the context of
healthcare and well-being. It describes the means of locating and accessing documents among a diverse set
of health organizations. It is designed for leverage of existing health informatics for structuring and
semantically rich health information, if so desired. It does not require the development of new health
informatics standards.
This Technical Specification also references a number of companion standards-based specifications that offer
optional extensions to enhance the basic capabilities offered by IHE XDS, as listed below.
1) An XDS extension supporting the fragmentation of the content of the documents into two parts: a
header fragment and a body fragment. This separation scheme enhances confidentiality because the
gathering of both header and body and their relational information involves cracking into multiple
repository servers. This has been developed as an IHE Korean Extension on the IHE XDS Profile.
NOTE 1 The incremental effectiveness achieved by header/body separation will have to be re-evaluated once the
effectiveness of the security solutions to protect data at rest (e.g. encryption) has been finalized.
2) A series of security- and privacy-related IHE profiles, such as Patient Identification Cross-
Referencing (PIX), Patient Demographics Query (PDQ), Basic Patient Privacy Consent (BPPC), and
Cross-Enterprise User Assertion (XUA).
NOTE 2 The use of IHE Audit trail and Node Authentication (ATNA) as well as Consistent Time (CT) is required as part
of IHE XDS. These Profiles are therefore not listed above.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
OASIS Standards/ISO/TS 15000 (all parts), Electronic business eXtensible Markup Language (ebXML)
ebXML RIM V 3.0, OASIS ebXML Registry Information Model
ebXML RS V 3.0, OASIS ebXML Registry Service Specification
IHE IT Infrastructure Framework
IHE ITI-TF-1 IHE IT Infrastructure Technical Framework V5.0:
⎯ Cross-enterprise Document Sharing (XDS.b) Integration profile
⎯ Audit Trail and Node Authentication (ATNA) Integration profile
⎯ Consistent Time (CT) Integration profile
Extensible Markup Language (XML) 1.0 W3C Recommendation, http://www.w3c.org/TR/REC-xml
SOAP Version 1.2 specification, http://www.w3.org/TR/soap12-part1/, March 2004
SOAP Message Transmission Optimization Mechanism http://www.w3.org/TR/soap12-mtom/
WSDL 1.1 Note http://www.w3.org/TR/wsdl
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. Only key terms and definitions
are provided in this clause.
3.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized
entities in authorized ways
3.2
accountability
property that ensures that the actions of an entity may be traced uniquely to that entity
3.3
actor
user of the system-of-interest interacting with the system in a particular usage context (role)
3.4
agent
device that provides data in a manager/agent communicating system
3.5
architecture
that set of design artefacts or descriptive representations that are relevant for describing an object such that it
can be produced to requirements (quality) as well as maintained over the period of its useful life (change)
2 © ISO 2009 – All rights reserved

------------------
...