ISO/TS 27790:2009

TECHNICAL ISO/TS
SPECIFICATION 27790
First edition
2009-12-01

Health informatics — Document registry
framework
Informatique de santé — Cadre d'enregistrement de document




Reference number
ISO/TS 27790:2009(E)
©
ISO 2009

---------------------- Page: 1 ----------------------
ISO/TS 27790:2009(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2009 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 27790:2009(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.2
3 Terms and definitions .2
4 Abbreviated terms .9
5 Document registry framework .10
5.1 General structure of the framework .10
5.2 Information model (ebRIM) and services (ebRS) web services.10
5.3 Cross-enterprise document sharing (IHE-XDS) .10
5.4 Document separation XDS extension .12
5.5 Patient identification, security and privacy profiles .12
5.6 Document content profiles.12
Annex A (informative) Korean National Extension to IHE IT Infrastructure Technical Framework
CDA Document Separation - XDS Extension.14
Bibliography.23

© ISO 2009 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 27790:2009(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of document:
— an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
— an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is
confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an
International Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 27790 was prepared by Technical Committee ISO/TC 215, Health informatics.
iv © ISO 2009 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 27790:2009(E)
Introduction
Development and implementation of electronic health records (EHR) are rapidly progressing around the world.
An appropriate deployment of EHR will enhance various aspects of healthcare delivery in the future. EHR are
thought to enable the provision of essential care information to providers at point-of-care through information
and telecommunications technologies. This includes a broad spectrum of capabilities including acquisition,
storage, presentation, and management of patient information (represented in different digital forms such as
video, audio or data) and communication of this information between care facilities with the use of
communications links.
Recent development of health information exchange where the patients’ EHR are accessed securely
whenever necessary (sharing EHR information at point-of-care and by the consumer citizen) requires that
electronic health records of an individual, although they originate from various health-related subjects
distributed over space and time, remain accessible irrespective of their centralized or distributed storage. The
use of centralized registry systems pointing to such records can greatly facilitate the discovery of their
locations to allow effective access to the appropriate and secured EHR.
This Technical Specification describes the principles and specification of interoperability needed to support a
registry system for locating and accessing records grouped into documents. The supported documents may
contain any type of person-centric health information, structured or not, depending on the standard used for
their content. The clinical document architecture (CDA) is one such standard that is a likely companion to this
Technical Specification. This Technical Specification does not address the security and privacy considerations
in detail but refers to related work in this critical area. The specification is not intended to be prescriptive either
from a methodological or a technological perspective but rather to provide a coherent inclusive description of
principles and practices that could facilitate the formulation of policies and governance practices locally or
nationally.

© ISO 2009 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/TS 27790:2009(E)

Health informatics — Document registry framework
1 Scope
This Technical Specification specifies a general-purpose document registry framework for transmitting, storing
and utilizing documents in clinical and personalized health environments. It is quite broad in its applicability to
realise the goal of sharing health-related documents spanning a broad spectrum of health domains such as
healthcare specialities covering laboratory, cardiology, eye care, etc. and the many areas of personalized
health.
This web services-based registry framework includes a document registry and associated repository to allow
the sharing of any form of health documents including HL7 CDA (clinical document architecture). It specializes
in health, W3C Web Services Standards, ISO 15000 (ebXML registry standards) and OASIS ebXML Registry
Information Model 3.0 through the use of the IHE Cross-Enterprise Document Sharing (XDS) from the
Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) technical framework,
quoting from the Cross-Enterprise Document Sharing (XDS) Profile:
“The Cross-Enterprise Document Sharing IHE Integration Profile facilitates the registration, distribution and
access across health enterprises of patient and citizen electronic health records. Cross-Enterprise Document
Sharing (XDS) is focused on providing a standards-based specification for managing the sharing of
documents between all health enterprises, ranging from private physician offices to clinics to acute care
in-patient facilities to personal heath record systems. The XDS IHE Integration Profile assumes that these
enterprises belong to one or more affinity domains. An affinity domain is a group of healthcare enterprises that
have agreed to work together using a common set of policies and that share a common registry infrastructure.”
This Technical Specification also supports document registration and retrieval via the federation of documents’
registries (see IHE Cross-Community Access) in terms of individual users to reduce health information
extrusion possibilities.
This Technical Specification supports the sharing of documents of any standardized content in the context of
healthcare and well-being. It describes the means of locating and accessing documents among a diverse set
of health organizations. It is designed for leverage of existing health informatics for structuring and
semantically rich health information, if so desired. It does not require the development of new health
informatics standards.
This Technical Specification also references a number of companion standards-based specifications that offer
optional extensions to enhance the basic capabilities offered by IHE XDS, as listed below.
1) An XDS extension supporting the fragmentation of the content of the documents into two parts: a
header fragment and a body fragment. This separation scheme enhances confidentiality because the
gathering of both header and body and their relational information involves cracking into multiple
repository servers. This has been developed as an IHE Korean Extension on the IHE XDS Profile.
NOTE 1 The incremental effectiveness achieved by header/body separation will have to be re-evaluated once the
effectiveness of the security solutions to protect data at rest (e.g. encryption) has been finalized.
2) A series of security- and privacy-related IHE profiles, such as Patient Identification Cross-
Referencing (PIX), Patient Demographics Query (PDQ), Basic Patient Privacy Consent (BPPC), and
Cross-Enterprise User Assertion (XUA).
NOTE 2 The use of IHE Audit trail and Node Authentication (ATNA) as well as Consistent Time (CT) is required as part
of IHE XDS. These Profiles are therefore not listed above.
© ISO 2009 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/TS 27790:2009(E)
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
OASIS Standards/ISO/TS 15000 (all parts), Electronic business eXtensible Markup Language (ebXML)
ebXML RIM V 3.0, OASIS ebXML Registry Information Model
ebXML RS V 3.0, OASIS ebXML Registry Service Specification
IHE IT Infrastructure Framework
IHE ITI-TF-1 IHE IT Infrastructure Technical Framework V5.0:
⎯ Cross-enterprise Document Sharing (XDS.b) Integration profile
⎯ Audit Trail and Node Authentication (ATNA) Integration profile
⎯ Consistent Time (CT) Integration profile
Extensible Markup Language (XML) 1.0 W3C Recommendation, http://www.w3c.org/TR/REC-xml
SOAP Version 1.2 specification, http://www.w3.org/TR/soap12-part1/, March 2004
SOAP Message Transmission Optimization Mechanism http://www.w3.org/TR/soap12-mtom/
WSDL 1.1 Note http://www.w3.org/TR/wsdl
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. Only key terms and definitions
are provided in this clause.
3.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized
entities in authorized ways
3.2
accountability
property that ensures that the actions of an entity may be traced uniquely to that entity
3.3
actor
user of the system-of-interest interacting with the system in a particular usage context (role)
3.4
agent
device that provides data in a manager/agent communicating system
3.5
architecture
that set of design artefacts or descriptive representations that are relevant for describing an object such that it
can be produced to requirements (quality) as well as maintained over the period of its useful life (change)
2 © ISO 2009 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/TS 27790:2009(E)
3.6
archival
relating to the storage of data over a prolonged period
3.7
attestation
process of certifying and recording legal responsibility for a particular unit of information
3.8
authentication
act of verifying the claimed identity of an entity
3.9
authorization
granting of rights, including the granting of access based on access rights
3.10
availability
〈in computer science〉 property of data or of resources being accessible and usable on demand by an
authorized entity
3.11
class
description of a set of objects that share the same attributes, methods and associations
3.12
clinical process
steps that are involved in the delivery of healthcare services to a patient/consumer
3.13
clinician
healthcare professional who delivers healthcare services directly to a patient/consumer
3.14
confidentiality
property that information is not made available or disclosed to unauthorized individuals, entities or processes
3.15
consumer
person requiring, scheduled to receive, receiving or having received a healthcare service
3.16
controller
natural or legal person, public authority, agency or any other body that, alone or jointly with others, determines
the purposes and means of the processing of personal data
3.17
data aggregation
process by which information is collected, manipulated and expressed in summary form
NOTE Data aggregation is primarily performed for reporting purposes, policy development, health service
management, research, statistical analysis and population health studies.
3.18
data format
arrangement of data in a file or stream
© ISO 2009 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/TS 27790:2009(E)
3.19
data integrity
property that data have not been altered or destroyed in an unauthorized manner
[ISO 7498-2:1989, definition 3.3.21]
3.20
data object
collection of data that have a natural grouping and may be identified as a complete entity
3.21
data structure
manner in which application entities construct the data set information resulting from the use of an information
object
3.22
data subject's consent
any freely given specific and informed indication of his wishes by which the data subject signifies his
agreement to personal data relating to him being processed
3.23
data validation
process used to determine if data are accurate, complete or meet specified criteria
3.24
Electronic health record
EHR
repository of information regarding the health status of a subject of care, in computer processable form
[ISO/TR 20514:2005, definition 2.11]
3.24.1 electronic longitudinal collection of personal health information, usually based on the individual,
entered or accepted by healthcare providers, which can be distributed over a number of sites or aggregated at
a particular source
NOTE The information is organized primarily to support continuing, efficient and quality health care. The record is
under the control of the consumer and is stored and transmitted securely [NEHRT:2000].
3.24.2 longitudinal collection of personal health information of a single individual, entered or accepted by
healthcare providers, and stored electronically
NOTE The record may be made available at any time to providers, who have been authorized by the individual, as a
tool in the provision of health care services. The individual has access to the record and can request changes to its
contents. The transmission and storage of the record is under strict security [OHIH:2001].
3.24.3 collection of data and information gathered or generated to record clinical care rendered to an
individual
[ASTM E1769:1995]
3.24.4 comprehensive, structured set of clinical, demographic, environmental, social, and financial data and
information in electronic form, documenting the health care given to a single individual
[ASTM E1769:1995]
3.24.5 healthcare record in computer-readable format
NOTE Definitions 3.21 to 3.26 of ISO 13606-1:2008 provide further information.
4 © ISO 2009 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 27790:2009(E)
3.24.6 electronic patient record that resides in a system designed to support users through availability of
complete and accurate data, practitioner reminders and alerts, clinical decision support systems, links to
bodies of medical knowledge, and other aids
[IOM:1991]
3.24.7 virtual compilation of non-redundant health data about a person across a lifetime, including facts,
observations, interpretations, plans, actions and outcomes
NOTE Health data include information on allergies, history of illness and injury, functional status, diagnostic studies,
assessments, orders, consultation reports, treatment records, etc. Health data also include well-being data such as
immunization history, behavioural data, environmental information, demographics, health insurance, administrative data
for care delivery processes and legal data such as consents.
3.25
encounter
patient contact
contact between a clinician and patient
3.26
event
change in device status that is communicated by a notification reporting service
3.27
framework
logical structure for classifying and organizing complex information
3.28
generalization
taxonomic relationship between a more general element and a more specific element
3.29
healthcare professional
person who is authorized by a nationally recognized body to be qualified to perform certain health duties
3.30
host system
term used as an abstraction of a medical system to which measurement devices are attached
3.31
identifiable person
one who can be identified, directly or indirectly, in particular by reference to an identification number or one or
more factors specific to his physical, physiological, mental, economic, cultural or social identity
3.32
information model
structured specification of the information requirements of a project
3.33
information object
provision of an abstract data model applicable to the communication of vital signs information and related
patient data
NOTE The attributes of an information object definition describe its properties. Each information object definition
does not represent a specific instance of real-world data, but rather a class of data that share the same properties.
3.34
inheritance
mechanism by which more specific elements incorporate structure and behaviour of more general elements
© ISO 2009 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/TS 27790:2009(E)
3.35
instance
realization of an abstract concept or specification
EXAMPLES Object instance, application instance, information service element instance, VMD instance, class
instance, operating instance.
3.36
integrity
property of data whose accuracy and consistency are preserved regardless of changes made
3.37
interaction
combination of the specific elements that are needed to support the functional requirements defined within the
use case model
3.38
interchange format
representation of the data elements and the structure of the message containing those data elements while in
transfer between systems
NOTE The interchange format consists of a data set of construction elements and a syntax. The representation is
technology-specific.
3.39
interoperability
ability of two or more systems or components to exchange information and to use the information that has
been exchanged
[IEEE Standard Computer Dictionary]
3.40
latency
〈communications〉 time delay between the sending of a signal from one device and its reception by another
device
3.41
manager
device that receives data in a manager/agent communicating system
3.42
medical device
device, apparatus or system used for patient monitoring, patient treatment or therapy, which does not normally
enter metabolic pathways
NOTE For the purposes of this document, the scope of medical devices is further limited to those patient-connected
medical devices which provide support for electronic communications.
3.43
message element
unit of structure within a message type
3.44
message type
organization of message elements that is specified in a hierarchical message definition
3.45
model
abstraction used to express the relevant concepts and interdependencies of a project
6 © ISO 2009 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/TS 27790:2009(E)
3.46
object
instance of a class
3.47
object attributes
data that, together with methods, define an object
3.48
object class
descriptor used in association with a group of objects with similar properties (attributes), common behaviour
(operations), common relationships to other objects and common semantics
3.49
object diagram
diagram showing connections between objects in a system
3.50
object method
procedure or process acting upon the attributes and states of an object class
3.51
object-oriented analysis
method of analysis where the problem domain is modelled in the form of objects and their interactions
3.52
operation
function or transformation that may be applied to or by objects in a class
NOTE Sometimes also called service.
3.53
participants
data exporters and data importers
3.54
patient
individual person who is a subject of care
3.55
personal health data
any personal data relevant to the health of an identified or identifiable natural person
3.56
privacy
freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or
illegal gathering and use of data about that individual
3.57
processing of personal data
processing
any operation or set of operations that is performed upon personal data, whether or not by automatic means,
such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use
3.58
processor
natural or legal person, public authority, agency or any other body that processes personal data on behalf of
the controller
© ISO 2009 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/TS 27790:2009(E)
3.59
protocol
standard set of rules describing the transfer of data between devices, specifying the format of the data and the
signals to start, control and end the transfer
3.60
record
collection of data
3.61
record entry
semantically indivisible clinical statement that may be structurally large or small, but which loses meaning if
broken up
3.62
reference information model
single information model that covers the domain of activity being addressed by a standards developing
organization using this methodology
3.63
registry
collection of all the official records relating to something, or the place where they are kept
3.64
repository
place where something is safely kept
3.65
scenario
statement of healthcare-relevant events defined as a sequence of interactions
3.66
security
combination of confidentiality, integrity and availability
3.67
semantic interoperability
ability for data shared by systems to be understood at the level of formally defined domain concepts
3.68
service
specific behaviour that a communication party in a specific role is responsible for exhibiting
3.69
specialization
definition of a concept or class subordinate to a general concept or class
3.70
standards developing organization
any organization one of whose functions is to create and/or publish standards
3.71
subject of care
one or more persons scheduled to receive, receiving, or having received a healthcare service
3.72
system
demarcated part of the perceivable universe, existing in time and space, that may be regarded as a set of
elements and relationships between these elements
8 © ISO 2009 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/TS 27790:2009(E)
3.73
timestamp
attribute or field in data which denotes the time of data generation
3.74
vital sign
clinical information relating to one or more patients; measured by or derived from apparatus connected to the
patient, or otherwise gathered from the patient
4 Abbreviated terms
⎯ ANSI American National Standards Institute
⎯ B2B Business to Business
⎯ CDA Clinical Document Architecture
⎯ ebXML Electronic Business Extensible Markup Language
⎯ ECG Electrocardiogram
⎯ HL7 Health Level 7
⎯ IHE Integrating the Healthcare Enterprise
⎯ MIME Multipurpose Internet Mail Extension
⎯ MVC Model-View-Controller
⎯ OASIS Organization for the Advancement of Structured Information Standards
⎯ OMS Object Management Service
⎯ PKI Public Key Infrastructure
⎯ RCA Registry Client Application
⎯ RIM Reference Information Model
⎯ RS Registry Service
⎯ SAML Security Assertion Markup Language
⎯ SOAP Simple Object Access Protocol
⎯ UDDI Universal Description, Discovery and Integration
⎯ UN/CEFACT United Nations Centre for Trade Facilitation and Electronic Business
⎯ XACML Extensible Access Control Markup Language
⎯ XML Extensible Markup Language
© ISO 2009 – All rights reserved 9

---------------------- Page: 14 ----------------------
ISO/TS 27790:2009(E)
5 Document registry framework
5.1 General structure of the framework
The document registry framework includes a number of specification components organized as shown in
Figure 1. These will be specified in 5.2 to 5.6.

Document Content
Security and Privacy Profiles
Profiles
(IHE-ATNA, XUA, BPPC, CT)


(Based on CDA:XDS-
MS, XD*-Lab, etc. ),

Based on DICOM
Document Separation
(XDS-I)
XDS Extension


Cross-Enterprise Document Sharing (IHE-XDS)
EbRegistry Information Model (ebRIM) and Services (ebRS)
Web Services

Figure 1 — General structure of the document registry framework
5.2 Information model (ebRIM) and services (ebRS) web services
These standards form the foundation upon which the document registry framework is established. In particular,
they include web services with MTOM/XOP and ebRegistry Services that organize the registry metadata
according to the ebRegistry Information Model (ebRIM).
The following references apply:
⎯ ebXML RIM V 3.0, OASIS ebXML Registry Information Model;
⎯ ebXML RS V 3.0, OASIS ebXML Registry Service Specification;
⎯ Extensible Markup Language (XML) 1.0 W3C Recommendation, http://www.w3c.org/TR/REC-xml;
⎯ SOAP Version 1.2 specification, http://www.w3.org/TR/soap12-part1/, March 2004;
⎯ SOAP Message Transmission Optimization Mechanism http://www.w3.org/TR/soap12-mtom/;
⎯ WSDL 1.1 Note http://www.w3.org/TR/wsdl.
5.3 Cross-enterprise document sharing (IHE-XDS)
This IHE Profile adapts the standards defined in 5.2 to the sharing of health documents using a registry and
one or more repositories. In particular, it defines registry metadata specific to a person’s health documents. It
remains sufficiently general to address documents encapsulating one or more electronic health re
...