SIST EN ISO 21549-2:2014

SLOVENSKI STANDARD
SIST EN ISO 21549-2:2014
01-julij-2014
1DGRPHãþD
SIST EN ISO 21549-2:2004
Zdravstvena informatika - Podatki o pacientu na zdravstveni kartici - 2. del: Skupni
elementi (ISO 21549-2:2014)
Health informatics - Patient healthcard data - Part 2: Common objects (ISO 21549-
2:2014)
Medizinische Informatik - Patientendaten auf Karten im Gesundheitswesen - Teil 2:
Gemeinsame Elemente (ISO 21549-2:2014)
Informatique de santé - Données relatives aux cartes de santé des patients - Partie 2:
Objets communs (ISO 21549-2:2014)
Ta slovenski standard je istoveten z: EN ISO 21549-2:2014
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST EN ISO 21549-2:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 21549-2:2014

---------------------- Page: 2 ----------------------

SIST EN ISO 21549-2:2014

EUROPEAN STANDARD
EN ISO 21549-2

NORME EUROPÉENNE

EUROPÄISCHE NORM
February 2014
ICS 35.240.80 Supersedes EN ISO 21549-2:2004
English Version
Health informatics - Patient healthcard data - Part 2: Common
objects (ISO 21549-2:2014)
Informatique de santé - Données relatives aux cartes de Medizinische Informatik - Patientendaten auf Karten im
santé des patients - Partie 2: Objets communs (ISO 21549- Gesundheitswesen - Teil 2: Gemeinsame Elemente (ISO
2:2014) 21549-2:2014)
This European Standard was approved by CEN on 13 December 2013.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21549-2:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST EN ISO 21549-2:2014
EN ISO 21549-2:2014 (E)
Contents Page
Foreword .3

2

---------------------- Page: 4 ----------------------

SIST EN ISO 21549-2:2014
EN ISO 21549-2:2014 (E)
Foreword
This document (EN ISO 21549-2:2014) has been prepared by Technical Committee ISO/TC 215 “Health
informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of
which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by August 2014, and conflicting national standards shall be withdrawn at
the latest by August 2014.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 21549-2:2004.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Endorsement notice
The text of ISO 21549-2:2014 has been approved by CEN as EN ISO 21549-2:2014 without any modification.


3

---------------------- Page: 5 ----------------------

SIST EN ISO 21549-2:2014

---------------------- Page: 6 ----------------------

SIST EN ISO 21549-2:2014
INTERNATIONAL ISO
STANDARD 21549-2
Second edition
2014-02-15
Health informatics — Patient
healthcard data —
Part 2:
Common objects
Informatique de santé — Données relatives aux cartes de santé des
patients —
Partie 2: Objets communs
Reference number
ISO 21549-2:2014(E)
©
ISO 2014

---------------------- Page: 7 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved

---------------------- Page: 8 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

Contents Page
Foreword .iv
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 3
5 Basic data object model for a healthcare data card - Patient healthcard data
object structure . 3
6 Basic data objects for referencing . 3
6.1 Overview . 3
6.2 Internal links . 4
6.3 Coded data . 4
6.4 Accessory attributes . 6
7 Device and data security attributes . 9
7.1 General . 9
7.2 Specific data cards’ security services-related data objects . 9
Annex A (normative) ASN.1 data definitions .13
Bibliography .15
© ISO 2014 – All rights reserved iii

---------------------- Page: 9 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information.
The committee responsible for this document is ISO/TC 215, Health informatics.
This second edition cancels and replaces the first edition (ISO 21549-2:2004), which has undergone a
minor revision. The following changes have been made.
— Foreword: mention of CEN collaboration is removed.
— Scope: first paragraph is reworded.
— Normative references: references that are not cited normatively are moved to the Bibliography.
— Terms and definitions: unused terms are removed.
— Symbols and abbreviated terms: unused abbreviated terms are removed.
— Subclause 6.3.2, Table 2: data type of codeIdentifier is corrected to match ASN.1 definition.
— Clauses 5, 6, and 7: the figures and tables are renumbered sequentially, references to the figures and
tables are added.
— Bibliography: dates from the references are removed where not applicable.
ISO 21549 consists of the following parts, under the general title Health informatics — Patient healthcard
data:
— Part 1: General structure
— Part 2: Common objects
— Part 3: Limited clinical data
— Part 4: Extended clinical data
— Part 5: Identification data
iv © ISO 2014 – All rights reserved

---------------------- Page: 10 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

— Part 6: Administrative data
— Part 7: Medication data
— Part 8: Links
© ISO 2014 – All rights reserved v

---------------------- Page: 11 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

Introduction
This part of ISO 21549 provides data structures and definitions for limited clinical data for use within
patient-held healthcare data cards.
With a more mobile population, greater healthcare delivery in the community and at patients’ homes,
together with a growing demand for improved quality of ambulatory care, portable information
systems and stores have increasingly been developed and used. Such devices are used for tasks ranging
from identification, through portable medical record files, and on to patient-transportable monitoring
systems.
The functions of such devices are to carry and to transmit person-identifiable information between
themselves and other systems; therefore, during their operational lifetime they may share information
with many technologically different systems which differ greatly in their functions and capabilities.
Healthcare administration increasingly relies upon similar automated identification systems. For
instance prescriptions may be automated and data exchange carried out at a number of sites using
patient transportable computer readable devices. Healthcare insurers and providers are increasingly
involved in cross-region care, where reimbursement may require automated data exchange between
dissimilar healthcare systems.
The advent of remotely accessible data bases and support systems has led to the development and use of
“Healthcare Person” identification devices that are also able to perform security functions and transmit
digital signatures to remote systems via networks.
With the growing use of data cards for practical everyday healthcare delivery, the need has arisen for a
standardized data format for interchange.
The person-related data carried by a data card can be categorized in three broad types: identification
(of the device itself and the individual to whom the data it carries relates), administrative and clinical.
It is important to realize that a given healthcare data card “de facto” has to contain device data and
identification data and may in addition contain administrative, clinical, prescription and linkage data.
Device data is defined to include:
— identification of the device itself;
— identification of the functions and functioning capabilities of the device.
Identification data may include:
— unique identification of the device holder or of all other persons to whom the data carried by the
device are related.
Administrative data may include:
— complementary person(s)-related data;
— identification of the funding of healthcare, whether public or private, and their relationships i.e.
insurer(s), contract(s) and policy(ies) or types of benefits;
— other data (distinguishable from clinical data) that are necessary for the purpose of healthcare
delivery.
Clinical data may include:
— items that provide information about health and health events;
— their appraisal and labeling by a healthcare provider (HCP);
— related actions planned requested or performed.
vi © ISO 2014 – All rights reserved

---------------------- Page: 12 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

Because a data card essentially provides specific answers to definite queries while having at the same
time a need to optimize the use of memory by avoiding redundancies, “high level” Object Modeling
Technique (OMT) has been applied with respect to the definition of healthcare data card data structures.
Data in the four categories above share many features. For instance, each may need to include ID
numbers, names and dates. Some information may also have clinical as well as administrative uses.
Therefore it has been considered inadequate to provide a simple list of items carried by healthcare data
cards without applying a generic organization, based upon the existence of basic data elements. These
may be defined by their characteristics (e.g. their format), and from them compound data objects may
be constructed; several such objects may also share attributes.
This part of ISO 21549 describes and defines the Common Data objects used within or referenced by
patient held health data cards using UML, plain text and Abstract Syntax Notation (ASN.1).
These data objects are utilized in all forms of healthcare data cards and are used to construct compound
data objects as defined in Parts 3 to 8 of ISO 21549.
© ISO 2014 – All rights reserved vii

---------------------- Page: 13 ----------------------

SIST EN ISO 21549-2:2014

---------------------- Page: 14 ----------------------

SIST EN ISO 21549-2:2014
INTERNATIONAL STANDARD ISO 21549-2:2014(E)
Health informatics — Patient healthcard data —
Part 2:
Common objects
1 Scope
This part of ISO 21549 establishes a common framework for the content and the structure of common
objects used to construct data held on patient healthcare data cards. It is also applicable to common
objects referenced by other data objects.
This part of ISO 21549 is applicable to situations in which such data is recorded on or transported by
patient healthcards compliant with the physical dimensions of ID-1 cards defined by ISO/IEC 7810.
This part of ISO 21549 specifies the basic structure of the data, but does not specify or mandate particular
data-sets for storage on devices.
The detailed functions and mechanisms of the following services are not within the scope of this part of
ISO 21549, (although its structures can accommodate suitable data objects elsewhere specified):
— the encoding of free text data;
— security functions and related services which are likely to be specified by users for data cards
depending on their specific application, for example: confidentiality protection, data integrity
protection, and authentication of persons and devices related to these functions;
— access control services which may depend on active use of some data card classes such as
microprocessor cards;
— the initialization and issuing process (which begins the operating lifetime of an individual data
card, and by which the data card is prepared for the data to be subsequently communicated to it
according to this part of ISO 21549).
The following topics are therefore beyond the scope of this part of ISO 21549:
— physical or logical solutions for the practical functioning of particular types of data cards;
— how the message is processed further ‘downstream’ of the interface between two systems;
— the form which data takes for use outside the data card, or the way in which such data is visibly
represented on the data card or elsewhere.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 21090:2011, Health informatics — Harmonized data types for information interchange
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO 2014 – All rights reserved 1

---------------------- Page: 15 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

3.1
country
code that identifies the country of origin of the device issuer
Note 1 to entry: This may not necessarily be the same as the nationality of the device holder.
3.2
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[SOURCE: ISO 7498-2:1989]
3.3
data object
collection of data that has a natural grouping and may be identified as a complete entity
3.4
data sub-object
component of a data object that itself may be identified as a discrete entity
3.5
device holder
individual transporting a data card which contains a record with themselves identified as the major
record person
3.6
entity authentication
corroboration that an entity is the one claimed
[SOURCE: ISO/IEC 9798-1:2010]
3.7
erasure
process whereby access to a data entity after a given point in time is permanently removed or access
denied thereafter to all parties
Note 1 to entry: This may not involve physical removal from the device and may merely be the result of altering
security such that access is permanently denied to all parties.
3.8
healthcard holder
individual transporting a healthcare data card which contains a record with themselves identified as
the major record person
3.9
healthcare data card
machine readable card conformant to ISO/IEC 7816 intended for use within the healthcare domain
3.10
record
collection of data
3.11
record person
individual about whom there is an identifiable record containing person-related data
3.12
security
combination of confidentiality, integrity and availability
2 © ISO 2014 – All rights reserved

---------------------- Page: 16 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

4 Symbols and abbreviated terms
ASN.1 Abstract Syntax Notation version 1
HCP Healthcare person
UML Unified Modeling Language
UTC Universal Time Coordinated
5 Basic data object model for a healthcare data card - Patient healthcard data
object structure
A set of basic data objects have been designed to facilitate the storage of clinical data in a flexible structure,
allowing for future application specific enhancements. These tools should help the implementation
of common accessory characteristics of stored data in a way that allows efficient use of memory, an
important feature for many types of data cards.
The tools consist of a generic data structure based on an object-oriented model represented as an UML
class diagram as shown in Figure 1.
PatientHealthcardData
1
1 0.1 0.1 0.1
DeviceData IdentiicationData ClinicalData Links PatientHealthcardSecurityData
0.1 0.1
AdministrativeData MedicationData
0.1 0.1
LimitedClinicalData ExtendedClinicalData
Figure 1 — Patient healthcard data: overall structure
The content of this object-oriented structure is described below and intrinsically will also require the
use of data objects not defined within this part of ISO 21549.
NOTE 1 This part of ISO 21549 is purely applicable to patient healthcards containing health data. Data objects
containing financial and healthcare reimbursement data are not defined within this International Standard.
NOTE 2 It is possible to take the data objects and recombine them while preserving their context-specific tags,
and to define new objects, while still preserving interoperability.
In addition to the capability of building complex aggregate data objects from simpler building blocks,
this part of ISO 21549 allows for associations between certain objects so that information can be shared.
This feature is mainly used to allow, for example, a set of accessory attributes to be used as services to
several stored information objects.
6 Basic data objects for referencing
6.1 Overview
A series of generally useful data type definitions have been made that have no intrinsic value in
themselves, but which are used to define other objects within this multi-part standard. Operations may
be performed with these objects in association with other information objects to “add value”.
© ISO 2014 – All rights reserved 3

---------------------- Page: 17 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

6.2 Internal links
6.2.1 General
A number of objects in the data model of this part of ISO 21549 are used mainly as a reference to other
objects. In many situations constructed objects contain a general pointer called a RefPointer that is a
sequence of tags allowing a reference to any object, including sub-objects that can only be referenced as
part of a constructed object, using an application-specific tag and a number of context-specific tags to
sufficient depth.
6.2.2 The “ReferencePointer” and “ReferenceTag” data objects
A general reference pointer is defined in this part of ISO 21549 as an ordered list of tags pointing to
the object or sub-object that is referenced. The data object “RefPointer” shall consist of a sequence of
“RefTag” (of integer type). The “RefTag” is the application-specific tag of the object as defined in this part
of ISO 21549. Each following “RefTag” in Table 1 specifies the context-specific tag in increasing depth.
Table 1 — The specification of individual entities within the object RefPointer
Object name Data Multiplicity Comments
Type
RefTag Integer 1.* This is a sequence of references to other objects. The Refer-
ence is the ASN.1 Tag of another data object.
6.3 Coded data
6.3.1 General
Coded values are understood by reference to the coding scheme to which they apply. The general
principle in this part of ISO 21549 is that it is not mandatory to use a particular coding scheme, unless
specified within this part of ISO 21549, when such codes act as parameters. One example is the use of
ISO 3166-1 for country codes.
When a coding scheme is exclusively specified within this part of ISO 21549 no alternative coding
scheme shall be allowed. Any references to coding schemes not so specified may however be modified in
the future independent of the rest of this part of ISO 21549.
6.3.2 The data object CodingSchemesUsed
A coding scheme in accordance with ISO 21090 shall be referred to by a unique identifier, which allows
unambiguous reference to standard code systems and other local code systems. Where either ISO or HL7
have assigned the unique identifiers to coding schemes, then these identifiers shall be used. Otherwise
implementations shall use an appropriate ISO Object Identifier (OID) or UUID to construct a globally
unique local coding scheme identifier.
The data object CodingSchemesUsed shall consist of an ordered sequence of the sub-object CodingScheme,
which shall itself consist of a code identifier, a code length (of integer type), and an optional free text
comment (an octet string with a length of between 1 and 20 characters). Figure 2 and Table 2 define
CodingScheme data object.
4 © ISO 2014 – All rights reserved

---------------------- Page: 18 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

CodingSchemesUsed
1
1.*
CodingScheme
+codeIdentiier : Uid [1]
+codeLength : INTEGER [1]
+comment : OCTET STRING(SIZE(20)) [0.1]
Figure 2 — The structure of CodingScheme
Table 2 — The specification of individual entities within the object CodingScheme
Object name Data Type Multiplicity Comments
codeIdentifier OCTET 1 This identifies the particular coding scheme being
STRING referenced.
(SIZE (64))
codeLength INTEGER 1 This identifies the length of the code.
comment OCTET 0.1 This optional element of free text allows the qualifica-
STRING tion in text of the coding scheme.
(SIZE(20))
6.3.3 The data object CodedData
The data object CodedData shall include both a reference to coding schemes used and a code data value
as well as optional free text.
The object codingSchemeRef is a RefPointer pointing at a value that identifies a particular coding scheme
within the object coding schemes used. If codingSchemeRef = 0 then the coding scheme is implicit in this
part of ISO 21549.
The object codeDataValue has been defined to indicate the actual code value in a particular coding
scheme. Figure 3 and Table 3 define CodedData data object.
CodedData
+codeDataValue : OCTET STRING [1]
+codeDataFreeText : OCTET STRING [0.1]
0.*
+codingSchemeRef 1
CodingScheme
Figure 3 — The structure of CodedData
© ISO 2014 – All rights reserved 5

---------------------- Page: 19 ----------------------

SIST EN ISO 21549-2:2014
ISO 21549-2:2014(E)

Table 3 — The specification of individual entities within the object CodedData
Object name Data Type Multiplicity Comments
codingSchemeRef RefPointer 1 This is a reference pointer to a value that identifies
a particular coding scheme within the data object
CodingSchemesUsed. If CodingSchemeRef = 0 then the
following code set is used: A = Admininstrative-data
free text, C = Clinical-data free text.
codeDataValue OCTET STRING 1 This string contains the value of the coded data.
codeDataFreeText OCTET STRING 0.1 This optional element of free text allows the qualifica-
tion in text of the coding scheme.
6.4 Accessory attributes
The data object “AccessoryAttributes” shall consist of an ordered set of data that is essential to record
an audit trail regarding both the originator of the information and the means via which it arrives to the
recipient. It shall consist of:
— date1 which shall represent the time/date of data being communicated to the data card across the
interface;
— date2 which shall represent the time/date of data being available to the originator of the message;
— place1 whi
...