SIST EN ISO 21549-2:2004

SLOVENSKI STANDARD
SIST EN ISO 21549-2:2004
01-september-2004
Zdravstvena informatika - Podatki o pacientu na zdravstveni kartici - 2. del: Skupni
elementi (ISO 21549-2:2004)
Health informatics - Patient healthcard data - Part 2: Common objects (ISO 21549-
2:2004)
Medizinische Informatik - Patientendaten auf Karten im Gesundheitswesen - Teil 2:
Gemeinsame Elemente (ISO 21549-2:2004)
Informatique de santé - Données relatives aux cartes de santé des patients - Partie 2:
Objets communs (ISO 21549-2:2004)
Ta slovenski standard je istoveten z: EN ISO 21549-2:2004
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST EN ISO 21549-2:2004 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 21549-2:2004

---------------------- Page: 2 ----------------------

SIST EN ISO 21549-2:2004

---------------------- Page: 3 ----------------------

SIST EN ISO 21549-2:2004

---------------------- Page: 4 ----------------------

SIST EN ISO 21549-2:2004


INTERNATIONAL ISO
STANDARD 21549-2
First edition
2004-05-15


Health informatics — Patient healthcard
data —
Part 2:
Common objects
Informatique de santé — Données relatives aux cartes de santé des
patients —
Partie 2: Objets communs




Reference number
ISO 21549-2:2004(E)
©
ISO 2004

---------------------- Page: 5 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO 2004
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2004 – All rights reserved

---------------------- Page: 6 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references. 1
3 Terms and definitions. 2
4 Symbols and abbreviated terms. 3
5 Basic data object model for a healthcare data card — Patient healthcard data object
structure. 3
6 Basic data objects for referencing . 4
6.1 Overview. 4
6.2 Internal links. 4
6.2.1 General. 4
6.2.2 The “Links” data object. 5
6.2.3 The “ReferencePointer” and “ReferenceTag” data objects . 6
6.2.4 The “RecordPersonPointer” data object. 6
6.3 Coded data. 6
6.3.1 General. 6
6.3.2 The “CodingSchemesUsed” data object. 7
6.3.3 The “CodedData” data object . 7
6.4 Accessory attributes. 8
7 Device and data security attributes . 10
7.1 General. 10
7.2 Data objects related to specific data-card security services . 11
7.2.1 General. 11
7.2.2 Data related to patient-device security. 11
7.2.3 Data from data cards held by healthcare persons . 11
7.2.4 Data related to patient healthcard security . 11
Annex A (normative) ASN.1 data definitions. 13
A.1 “Links”. 13
A.2 The “ReferencePointer” and “ReferenceTag” data objects . 13
A.3 The “RecordPersonPointer” data object. 13
A.4 The “CodingSchemesUsed” data object. 13
A.5 The “CodedData” data object . 13
A.6 “AccessoryAttributes” data object . 14
A.7 PatientHealthcardSecurity data set. 15
Bibliography . 16

© ISO 2004 – All rights reserved iii

---------------------- Page: 7 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 21549-2 was prepared by Technical Committee ISO/TC 215, Health informatics.
ISO 21549 consists of the following parts, under the general title Health informatics — Patient healthcard data:
 Part 1: General structure
 Part 2: Common objects
 Part 3: Limited clinical data
 Part 4: Extended clinical data
 Part 5: Identification data
 Part 6: Administrative data
 Part 7: Electronic prescription (medication data)
 Part 8: Links
At the time of publication of this part of ISO 21549, some of these parts were in preparation.
This work is being carried out by ISO/TC 215 in collaboration with CEN/TC 251, Medical informatics, under
the Vienna Agreement, with ISO having the lead role. This new series of International Standards is intended to
replace the European Prestandard ENV 12018 ratified by CEN in 1997.
iv © ISO 2004 – All rights reserved

---------------------- Page: 8 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
Introduction
With a more mobile population, greater healthcare delivery in the community and at patients' homes, together
with a growing demand for improved quality of ambulatory care, portable information systems and stores have
increasingly been developed and used. Such devices are used for tasks ranging from identification, through
portable medical records, and on to patient-transportable monitoring systems.
The functions of such devices are to carry and to transmit person-identifiable information between themselves
and other systems; therefore, during their operational lifetime they may share information with many
technologically different systems which differ greatly in their functions and capabilities.
Healthcare administration increasingly relies upon similar automated identification systems. For instance,
prescriptions may be automated and data exchange carried out at a number of sites using patient-
transportable computer-readable devices. Healthcare insurers and providers are increasingly involved in
cross-region care, where reimbursement may require automated data exchange between dissimilar
healthcare systems.
The advent of remotely accessible data bases and support systems has led to the development and use of
“healthcare person” identification devices that are also able to perform security functions and transmit digital
signatures to remote systems via networks.
With the growing use of data cards for practical everyday healthcare delivery, the need has arisen for a
standardized data format for interchange.
The person-related data carried by a data card can be categorized into three broad types: identification (of the
device itself and the individual to whom the data it carries relates), administrative and clinical. It is important to
realize that a given healthcare data card de facto has to contain device data and identification data and may in
addition contain administrative and clinical data.
Device data is defined to include:
 identification of the device itself;
 identification of the functions and functioning capabilities of the device.
Identification data may include:
 unique identification of the device holder or of all other persons to whom the data carried by the device
are related.
Administrative data may include:
 complementary person-related data;
 identification of the funding of healthcare, whether public or private, and their relationships, i.e. insurer(s),
contract(s) and policy(ies) or types of benefits;
 other data (distinguishable from clinical data) that are necessary for the purpose of healthcare delivery.
Clinical data may include:
 items that provide information about health and health events;
 their appraisal and labelling by a healthcare person (HCP);
 related actions planned, requested or performed.
© ISO 2004 – All rights reserved v

---------------------- Page: 9 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
Because a data card essentially provides specific answers to definite queries, whilst at the same time there is
a need to optimize the use of memory by avoiding redundancies, a “high-level” object-modelling technique
(OMT) has been applied with respect to the definition of healthcare data card data structures.
Data in the four categories above share many features. For instance, each may need to include ID numbers,
names and dates. Some information may also have clinical as well as administrative uses. Therefore, it has
been considered inadequate to provide a simple list of items carried by healthcare data cards without applying
a generic organization, based upon the existence of basic data elements. These may be defined by their
characteristics (e.g. their format), and from them compound data objects may be constructed. Several such
objects may also share attributes.
This part of ISO 21549 describes and defines the common data objects used in or referenced by patient-held
health data cards using UML, plain text and abstract syntax notation (ASN.1).
These data objects are utilized in all forms of healthcare data cards, and are used to construct compound data
objects as defined in Parts 3 to 8 of ISO 21549.

vi © ISO 2004 – All rights reserved

---------------------- Page: 10 ----------------------

SIST EN ISO 21549-2:2004
INTERNATIONAL STANDARD ISO 21549-2:2004(E)

Health informatics — Patient healthcard data —
Part 2:
Common objects
1 Scope
This part of ISO 21549 establishes a common framework for the content and the structure of common objects
used to construct or referenced by other data-object data held on patient healthcare data cards.
It is applicable to situations in which such data are recorded on or transported by patient healthcards whose
physical dimensions are compliant with those of ID-1 cards as defined by ISO/IEC 7810.
This part of ISO 21549 specifies the basic structure of the data, but does not specify or mandate particular
data-sets for storage on devices.
The detailed functions and mechanisms of the following services are not within the scope of this part of
ISO 21549 (although its structures can accommodate suitable data objects specified elsewhere):
 the encoding of free text data;
 security functions and related services which are likely to be specified by users for data cards, depending
on their specific application, for example confidentiality protection, data integrity protection, and
authentication of persons and devices related to these functions;
 access control services which may depend on active use of some data card classes such as
microprocessor cards;
 the initialization and issuing process (which begins the operating lifetime of an individual data card, and
by which the data card is prepared for the data to be subsequently communicated to it in accordance with
this part of ISO 21549).
The following topics are therefore beyond the scope of this part of ISO 21549:
 physical or logical solutions for the practical functioning of particular types of data card;
 how the message is processed further “downstream” of the interface between two systems;
 the form which data take for use outside the data card, or the way in which such data are visibly
represented on the data card or elsewhere.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ENV 1068:1993, Medical informatics — Healthcare information interchange — Registration of coding
schemes
© ISO 2004 – All rights reserved 1

---------------------- Page: 11 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
ISO 3166-1, Codes for the representation of names of countries and their subdivisions — Part 1: Country
codes
ISO 7498-2:1989, Information processing systems — Open systems interconnection — Basis reference
model — Part 2: Security architecture
ISO/IEC 7810, Identification cards — Physical characteristics
ISO/IEC 9798-1:1997, Information technology — Security techniques — Entity authentication — Part 1:
General
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
country
code that identifies the country of origin of the device issuer
NOTE This may not necessarily be the same as the nationality of the device holder.
3.2
data integrity
the property that data have not been altered or destroyed in an unauthorized manner
[ISO 7498-2:1989]
3.3
data object
collection of data that has a natural grouping and may be identified as a complete entity
3.4
data sub-object
component of a data object that itself may be identified as a discrete entity
3.5
device holder
individual transporting a data card which contains a record with the individual identified as the major record
person
3.6
entity authentication
corroboration that an entity is the one claimed
[ISO/IEC 9798-1:1997]
3.7
erasure
process whereby, after a given point in time, access to a data entity is permanently removed or access
permanently denied to all parties
NOTE This may not necessarily involve physical removal from the device, but may merely be the result of altering
security such that access is permanently denied to all parties.
3.8
healthcard holder
individual transporting a healthcare data card which contains a record with the individual identified as the
major record person
2 © ISO 2004 – All rights reserved

---------------------- Page: 12 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
3.9
healthcare data card
machine-readable card, conformant to ISO/IEC 7810, intended for use within the healthcare domain
3.10
major industry identifier
MII
code that identifies the sector/industry within which the data card is intended for use
NOTE The designated MII for healthcare is 80.
3.11
major record identifier
identifier linked to a primary record relating to a record person in a data card and a given healthcare delivery
system
3.12
record
collection of data
3.13
record person
individual about whom there is an identifiable record containing person-related data
3.14
security
combination of confidentiality, integrity and availability
4 Symbols and abbreviated terms
ASN.1 Abstract syntax notation, version 1
EN European Standard
HCP Healthcare person
ICC Integrated-circuit card
IEC International Electrotechnical Commission
ISO International Organization for Standardization
MII Major industry identifier
UML Unified modelling language
UTC Coordinated universal time
5 Basic data object model for a healthcare data card — Patient healthcard data
object structure
A set of basic data objects has been designed to facilitate the storage of clinical data in a flexible structure,
allowing for future application-specific enhancements. These tools should help the implementation of common
accessory characteristics of stored data in a way that allows efficient use of memory, an important feature for
many types of data card.
© ISO 2004 – All rights reserved 3

---------------------- Page: 13 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
The tools consist of a generic data structure based on an object-oriented model represented as a UML class
diagram as shown below in Figure 1.

Figure 1 — Patient healthcard data — Overall structure
The content of this object-oriented structure is described below and intrinsically will also require the use of
data objects not defined in this part of ISO 21549.
NOTE 1 This part of ISO 21549 is solely applicable to patient healthcards containing health data. Data objects
containing financial and healthcare reimbursement data are not defined in this International Standard.
NOTE 2 It is possible to take the data objects and recombine them whilst preserving their context-specific tags, and to
define new objects while still preserving interoperability.
In addition to the capability of building complex aggregate data objects from simpler building blocks, this
International Standard allows associations between certain objects, so that information can be shared. This
feature is mainly used to allow, for example, a set of accessory attributes to be used as services to several
stored information objects.
6 Basic data objects for referencing
6.1 Overview
A series of generally useful data type definitions have been made that have no intrinsic value in themselves,
but which are used to define other objects in this multi-part standard. Operations may be performed with these
objects in association with other information objects to “add value”.
6.2 Internal links
6.2.1 General
A number of objects in the data model of this part of ISO 21549 are used mainly as a reference to other
objects. One example is the RecordPerson data object that defines the basic identification information of a
person to whom records on the device relate. Since this is a part of an aggregate object containing information
on all record persons in a sequential order, the pointer may be a simple one-dimensional integer number. This
type of pointer has the name RecPersPointer and is used extensively to indicate the record person to whom a
certain information object is related.
4 © ISO 2004 – All rights reserved

---------------------- Page: 14 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
NOTE This internal link RecPersPointer is especially useful where the healthcard contains records in relation to more
than one identifiable individual.
In other situations, constructed objects contain a more general pointer called a RefPointer that is a sequence
of tags allowing a reference to any object, including sub-objects that can only be referenced as part of a
constructed object, using an application-specific tag and a number of context-specific tags to sufficient depth.
A RefPointer to the name of a healthcare person may contain the following information with the appropriate
tags (here represented by their symbolic names):
HealthCarePersons [7] HealthCarePerson No. 7 [1] HcpName
Application tag Context level 1 Context level 2
There is also a third possibility that allows the creation of linkages between all objects using the Linkages
object 5. This is an ordered list of link associations. All entries in this list are a sequential list of other objects,
each defined with a RefPointer.
EXAMPLE Link No. 2 may link four objects:
1
2 RefPointer1 RefPointer2 RefPointer3 RefPointer4
3
An example of this process could be the linkage of the following objects as utilized in a patient data card
containing clinical data:
Diagnosis RefPointer1
MedicationPrescription RefPointer2
MedicationNote RefPointer3
MedicationDispensed RefPointer4
This linkage table entry may be pointed to by the ClinRefPointer of each ClinDat object.
NOTE Even though the “Links” object itself is openly available, the linked objects may have restricted access.
The following reference objects may be associated with other information objects defined. This relation is not
an aggregation. The reference object is not a part of the information object but stays independent and may be
referenced by several objects. The concept used in this part of ISO 21549 is to reference (point at) the
appropriate record person as well as a healthcare provider and relevant accessory attributes. These linkages
add value to the data and may be used to provide context specificity.
6.2.2 The “Links” data object
The “Links” object is used to create internal references or linkages between any other defined data objects
stored in the healthcard. It shall be constructed as a sequence of “Link” sub-objects. The data object “Link”
shall consist of a sequence of references to other objects in the form of a sequence of “RefPointer” objects.
This is pointed to by a “LinkagePointer” object.
© ISO 2004 – All rights reserved 5

---------------------- Page: 15 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)

Figure 2 — The structure of the “Links” data object
Table 1 — The specification of individual entities within “Links”
Data type Multiplicity Link Comments
Link Integer 1.M This is a sequence of references to other objects.
6.2.3 The “ReferencePointer” and “ReferenceTag” data objects
A general reference pointer is defined in this part of ISO 21549 as an ordered list of tags pointing to the object
or sub-object that is referenced. The data object “RefPointer” shall consist of a sequence of “RefTags” (of
integer type). A “RefTag” is an APPLICATION-SPECIFIC tag of the object as defined in this part of ISO 21549.
The following “RefTags” specify the CONTEXT-SPECIFIC tags in increasing depth.
Table 2 — The specification of “RefPointer”
Data type Multiplicity Length Comments
RefPointer Integer 1.M This is a sequence of references to other objects.
The reference is the ASN.1 tag of another data
object.
6.2.4 The “RecordPersonPointer” data object
The data object “RecPersPointer” is used to reference one of the record persons stored in the
“RecordPersons” data object and shall be of the integer type.
NOTE The object RecordPersons is defined in part 5 (Identification data) of this International Standard.
Table 3 — The specification of “RecPersPointer”
Data type Multiplicity Length Comments
RecPersPointer Integer 1 The data object “RecPersPointer” is used to
reference one of the record persons stored in the
“RecordPerson” data object.
6.3 Coded data
6.3.1 General
Coded values are understood by reference to the coding scheme to which they apply. The general principle in
this part of ISO 21549 is that it is not mandatory to use a particular coding scheme, unless specified in this
part of ISO 21549, when such codes act as parameters. One example is the use of ISO 3166-1 for country
codes.
When a coding scheme is exclusively specified in this part of ISO 21549, no alternative coding scheme shall
be allowed. Any references to coding schemes not so specified may, however, be modified in the future,
independently of the rest of the standard.
6 © ISO 2004 – All rights reserved

---------------------- Page: 16 ----------------------

SIST EN ISO 21549-2:2004
ISO 21549-2:2004(E)
6.3.2 The “CodingSchemesUsed” data object
Coding schemes not specified in this part of ISO 21549 may themselves be the subject of a registration within
the coding schemes procedure as defined in ENV 1068:1993, and shall then be interpreted, if intepretation is
necessary, in accordance with all conditions of that registration. ENV 1068:1993 specifies a procedure for
registration of coding schemes and the allocation of a healthcare coding scheme designator (HCD). It is
possible to reference both internationally registered coding schemes and unregistered coding schemes as
defined in Clause 5 of ENV 1068:1993. The use of such private CodeIdentifiers may, however, create the
potential risk of ambiguity if a device should be used in an open environment.
Code values from unregistered schemes (or registered schemes outside the scope of a particular application)
cannot be understood, unless the recipient of information is party to an agreement with the originator to use
additional or non-registered coding schemes.
The data object “CodingSchemesUsed” shall consist of an ordered sequence comprising the sub-object
“CodingScheme”, which shall itself consist of a code identifier (an octet string of 6 characters), a code length
(of integer type), and an optional free-text comment (an octet string with a length of between 1 and
20 characters).

Figure 3 — The structure of “CodingSchemesUsed”
Table 4 — The specification of individual entities within “CodingSchemesUsed”
Data type Multiplicity Length Comments
CodingSchemesUsed Class 1 N/A
CodeIdentifier Octet 1 6 This identifies the particular coding
...