CEN/TC 251/WG 1 - Information models

This document specifies the characteristics of categorial structures, representing nursing practice. The overall aim of this document is to support interoperability in the exchange of meaningful information between information systems in respect of nursing diagnoses, nursing actions and nurse sensitive outcomes. Categorial structures for nursing diagnoses, nursing actions, nurse sensitive outcomes and associated categories support interoperability by providing common frameworks with which to
a)       analyse the features of different terminologies, including pre- and post-coordinated expressions, those of other healthcare disciplines, and to establish the nature of the relationship between them,[3][4][5][6][7][8]
b)       develop terminologies for representing nursing diagnoses, nursing actions,[9][10][11][12] and nurse sensitive outcomes,
c)        develop terminologies that are able to be related to each other,[3][8][13] and
d)       establish relationships between terminology models, information models, including archetypes, and ontologies in the nursing domain.[14][15][16][45]
There is early evidence that the categorial structures can be used as a framework for analysing nursing practice,[17] for developing nursing content of electronic record systems,[18][19] document the value of nursing services provided and to make nursing’s contribution visible[16][36][47][50].

This document specifies:
—     the data elements, structures and relationships between the data elements required for the exchange of information, which uniquely and with certainty identify pharmaceutical dose forms, units of presentation, routes of administration and packaging items (containers, closures and administration devices) related to medicinal products;
—     a mechanism for the association of translations of a single concept into different languages, which is an integral part of the information exchange;
—     a mechanism for the versioning of the concepts in order to track their evolution;
—     rules to help regional authorities to map existing regional terms to the terms created using this document, in a harmonized and meaningful way.

This document specifies the business requirements for the structured content of structured or semi-
structured dose instructions for recording dose instructions in the electronic health record (EHR),
supporting clinical decision support, and in exchanging medication orders, as applicable to primary,
secondary and tertiary care.
This document is focused on the dose instructions as will be presented to the individual subject of care
or caregiver. Comprehension of dose instructions by the subject of care or caregiver is an overarching
consideration for subject of care safety and the best outcomes. Related factors are discussed but are not
part of the primary scope.
This document does not define an information model, except to the extent that those information model
concepts are necessary to define business requirements.
Outside the scope of this document are:
— The implementation of dose instructions, i.e. assembling the structured elements into a form
appropriate for the patient or caregiver;
— The content of a medication order (see ISO 17523) beyond content related to dose instructions;
— The content of a record of dispense of a medicinal product (see ISO/TS 19293);
— The functionality of health, clinical and/or pharmacy systems;
— Other kinds of content of health, clinical or pharmacy systems that are needed to support the whole
process of health care providers, such as:
— A drug knowledge database (see ISO/TS 22756);
— A decision support system (see ISO/TS 22756 and ISO/TS 22703);
— A complete medical record (EHR);
— A medicinal product dictionary (see ISO/TS 19256);
— Verification of the medicinal product and dose being administered.
— Some concepts from Identification of Medicinal Products are referenced, but not defined, in this
document. See Clause 4 for discussion of the relationship of this document with IDMP.

This document specifies a number of metadata elements that describe resources containing medical knowledge, primarily digital documents provided as web resources, accessible from databases or via file transfer, but can be applicable also to paper documents, e.g. articles in the medical literature.
The metadata elements
—    support unambiguous and international understanding of important aspects to describe a resource, e.g. purpose, issuer, intended audience, legal status and scientific background,
—    are applicable to different kinds of digital resources, e.g. recommendation from consensus of a professional group, regulation by a governmental authority, clinical trial protocol from a pharmaceutical company, scientific manuscript from a research group, advice to patients with a specific disease, review article,
—    are possible to present to human readers including health professionals as well as individuals/patients, and
—    are potentially usable for automatic processing, e.g. to support search engines to restrict matches to documents of a certain type or quality level.
The metadata elements defined in this document are not intended to
—    describe documents about a single patient, such as medical records,
—    describe details of the medical content of the resource (but some idea of the content can be described via keywords or codes), or
—    prescribe criteria for the quality of the resource content.

This document defines the core data set for a patient summary document that supports continuity of care for a person and coordination of their healthcare. It is specifically aimed at supporting the use case’ scenario for ‘unplanned, cross border care’ and is intended to be an international patient summary (IPS). Whilst the data set is minimal and non-exhaustive, it provides a robust, well-defined core set of data items. The tight focus on this use case also enables the IPS to be used in planned care. This means that both unplanned and planned care can be supported by this data set within local and national contexts, thereby increasing its utility and value.
It uses the European Guideline from the eHN as the initial source for the patient summary requirements, then takes into consideration other international patient summary projects to provide an interoperable data set specification that has global application.
This document provides an abstract definition of a Patient Summary from which derived models are implementable. Due to its nature therefore, readers should be aware that the compliance with this document does not imply automatic technical interoperability; this result, enabled by this document, can be reached with the conformity to standards indicated in the associated technical specification and implementation guides.
This document does not cover the workflow processes of data entry, data collection, data summarization, subsequent data presentation, assimilation, or aggregation. Furthermore, this document does not cover the summarization act itself, i.e. the intelligence/skill/competence that results in the data summarization workflow.
It is not an implementation guide that is concerned with the various technical layers beneath the application layer. Implementation guidance for specifically jurisdictional concerns, e.g. Directives, terminologies, formats, etc., an example is specified in the associated Technical Specification[3].
In particular, representation by various coding schemes, additional structures and terminologies are not part of this document. Terminology and its binding are addressed in Reference [3]. The Identification of Medicinal Products standards (abbreviated to IDMP) are the recommended target for the Medication Summary related to this document but, prior to IDMP’s full implementation in practice, this IPS standard cannot insist in its use at this point in time and recognizes that interim schemes might be necessary until IDMP becomes established as a norm.

This document:
—    Specifies clinical information models (CIMs) as health and care concepts that can be used to define and to structure information for various purposes in health care, also enabling information reuse;
—    Describes requirements for CIMs content, structure and context and specification of their data elements, data element relationships, meta-data and versioning, and provides guidance and examples;
—    Specifies key characteristics of CIMs used in conceptual and logical analysis for use cases such as (reference) architectures, information layers, EHR and PHR systems, interoperability, systems integration in the health domain, and secondary use of data including for public health reporting;
—    Defines a Quality Management System (QMS) for a systematic and effective governance, quality management, and measurement of CIMs through their lifecycle of development, testing, distribution, application and maintenance;
—    Provides principles for the transformation and application of clinical information models through the wide variation of health information technology.
This document excludes:
—    Requirements on the content or application of any particular clinical information model or clinical information modelling methodology;
—    Specific applications of clinical information models such as for dynamic modelling of workflow;
—    Specifications for modelling entire domains or aggregates of many CIMs such as complete assessment documents or discharge summaries. It does not specify CIMs compositions;
—    Specification of how to involve specific clinicians, how to carry out governance including information governance, or how to ensure patient safety.

ISO 17117-1:2018 defines universal and specialized characteristics of health terminological resources that make them fit for the purposes required of various applications. It refers only to terminological resources that are primarily designed to be used for clinical concept representation or to those parts of other terminological resources designed to be used for clinical concept representation.
ISO 17117-1:2018 helps users to assess whether a terminology has the characteristics or provides the functions that will support their specified requirements. The focus of this document is to define characteristics and functions of terminological resources in healthcare that can be used to identify different types of them for categorization purposes. Clauses 4 and 5 support categorization according to the characteristics and functions of the terminological resources rather than the name.
NOTE       Categorization of healthcare terminological systems according to the name of the system might not be helpful and has caused confusion in the past.
The target groups for this document are:
a)    organizations wishing to select terminological systems for use in healthcare information systems;
b)    developers of terminological systems;
c)    developers of terminology standards;
d)    those undertaking independent evaluations/academic reviews of terminological resources;
e)    terminology Registration Authorities.
ISO 17117-1:2018 contains general characteristics and criteria with which systems can be evaluated.
The following considerations are outside the scope of this document.
-      Evaluations of terminological resources.
-      Health service requirements for terminological resources and evaluation criteria based on the characteristics and functions.
-      The nature and quality of mappings between different terminologies. It is unlikely that a single terminology will meet all the terminology requirements of a healthcare organization: some terminology providers produce mappings to administrative or statistical classifications such as the International Classification of Diseases (ICD). The presence of such maps would be a consideration in the evaluation of the terminology.
-      The nature and quality of mappings between different versions of the same terminology. To support data migration and historical retrieval, terminology providers can provide maps between versions of their terminology. The presence of such maps would be a consideration in the evaluation of the terminology.
-      Terminology server requirements and techniques and tools for terminology developers.
-      Characteristics for computational biology terminology. Progress in medical science and in terminology science will necessitate updating of this document in due course.

This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.
It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system.
NOTE       Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed.
This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.
It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408 (all parts)[9].
Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services.

This document is applicable to the data exchange format that is designed to facilitate exchanging omics data around the world without forcing changes of any database schema.
This document specifies the characteristics of OML from the following perspectives.
From an informatics perspective, OML defines the data exchange format based on XML. This document gives guidelines for the specifications of the data exchange format, but this document excludes the database schema itself.
From a molecular side of view, this document is applicable to all kinds of omics data, while this document excludes the details of the molecules (e.g., details of genomic sequence variations or whole genomic sequence). This document is also applicable to the molecular annotations including clinical concerns and relations with other omics concerns.
From an application side of view, this document is applicable to the clinical field including clinical practice, preventive medicine, translational research, and clinical research including drug discovery. This document does not apply to basic research and other scientific fields.
From a biological species side of view, this document is applicable to the human health-associated species as human, preclinical animals, and cell lines. This document does not apply to the other biological species.

This document enables the advancement of interoperability from the data/information exchange paradigm to knowledge sharing at decreasing level of abstraction, starting at IT concept level (semantic coordination) through business domain concept level (agreed service function level cooperation), domain level (cross-domain cooperation) up to individual context (skills-based end-user collaboration). The document defines a model and framework for a harmonized representation of existing or intended systems with a specific focus on ICT-supported business systems. The Interoperability and Integration Reference Architecture supports ontology harmonization or knowledge harmonization to enable interoperability between, and integration of, systems, standards and solutions at any level of complexity without the demand for continuously adapting/revising those specifications. The approach can be used for analysing, designing, integrating, and running any type of systems. For realizing advanced interoperability, flexible, scalable, business-controlled, adaptive, knowledge-based, intelligent health and social ecosystems need to follow a systems-oriented, architecture-centric, ontology-based and policy-driven approach.
The languages for representing the different views on systems such as ontology languages like Common Logic (CL) (ISO/IEC 24707[24]) and Web Ontology Language (OWL)[25] – specifically OWL 2[26] (World Wide Web Consortium (W3C®), languages for modeling and integrating business processes like Business Process Modeling Language (BPML) (OMG®), but also OMG’s Unified Modeling Language (UML, also specified as ISO/IEC 19505[27]) based representation styles for the different ISO/IEC 10746 (all parts) views are outside the scope of this document.

This document outlines the standards needed to identify and label the Subject of Care (SoC) and the Individual Provider on objects such as identification (wrist) bands, identification tags or other objects, to enable automatic data capture using data carriers in the care delivery process.
It provides for a unique SoC identification that can be used for other purposes, such as recording the identity of the SoC in individual health records.
This document serves as a reference for any organization which plans to implement or improve Automatic Identification and Data Capture (AIDC) in their delivery of care process. It is based on the use of the GS1® system of standards. Other solutions, such as using other identification systems (for example, systems based on ISBT 128), are possible but not addressed by this document.
This document describes good practices to reduce/avoid variation and workarounds which challenge the efficiency of AIDC at the point of care and compromise patient safety[5][6].
This document specifies how to manage identifiers in the AIDC process, and completes the information found in ISO/TS 22220 and ISO/TS 27527.

This document specifies the fundamental characteristics of the information model implemented by a specific architectural layer (i.e. the service architecture) of the information system to provide a comprehensive and integrated storage of the common enterprise data and to support the fundamental business processes of the healthcare organization, as defined in ISO 12967‑1.
The information model is specified in this document without any explicit or implicit assumption on the physical technologies, tools or solutions to adopt for its physical implementation in the various target scenarios. The specification is nevertheless formal, complete and non-ambiguous enough to allow implementers to derive an efficient design of the system in the specific technological environment that will be selected for the physical implementation.
This document does not aim at representing a fixed, complete, specification of all possible data that can be necessary for any requirement of any healthcare enterprise. It specifies only a set of characteristics, in terms of overall organization and individual information objects, identified as fundamental and common to all healthcare organizations, and that is satisfied by the information model implemented by the service architecture.
Preserving consistency with the provisions of this document, physical implementations are allowed extensions to the standard information model in order to support additional and local requirements. Extensions include both the definition of additional attributes in the objects of the standard model, and the implementation of entirely new objects.
Also, this document specification is extensible over time according to the evolution of the applicable standardization initiatives.
The specification of extensions is carried out according to the methodology defined in ISO 12967-1:2020, Clause 7.

This document provides guidance and requirements for the description, planning and development of new systems, as well as for the integration of existing information systems, both within one enterprise and across different healthcare organizations, through an architecture integrating the common data and business logic into a specific architectural layer (i.e. the middleware), distinct from individual applications and accessible throughout the whole information system through services, as shown in Figure 2.

This document specifies the fundamental characteristics of the computational model implemented by a specific architectural layer of the information system (i.e. the service architecture) to provide a comprehensive and integrated interface to the common enterprise information and to support the fundamental business processes of the healthcare organization, as defined in ISO 12967‑1. The computational model is specified without any explicit or implicit assumption about the physical technologies, tools or solutions to adopt for its physical implementation in the various target scenarios. The specification is nevertheless formal, complete and non-ambiguous enough to allow implementers to derive an efficient design of the system in the specific technological environment which will be selected for the physical implementation.
The computational model specified in this document provides the basis for ensuring consistency between different engineering and technology specifications (including programming languages and communication mechanisms) since they are intended to be consistent with the same computational object model. This consistency allows open inter-working and portability of components in the resulting implementation.
This document does not aim at representing a fixed, complete, specification of all possible interfaces that might be necessary for any requirement of any healthcare enterprise. It specifies only a set of characteristics — in terms of overall organization and individual computational objects, identified as fundamental and common to all healthcare organizations, and that are satisfied by the computational model implemented by the service architecture.
Preserving consistency with the provisions of this document, physical implementations of the computational model specified in this document can allow extensions in order to support additional and local requirements. Extensions can include both the definition of additional properties of the objects of the computational model specified in this document and the implementation of entirely new objects.
Also, the computational model specified in this document can be extendable over time according to the evolution of the applicable standardization initiatives, in accordance to the methodology defined in ISO 12967‑1:2020, Clause 7, which identifies a set of healthcare common information services, describing the requirements behind them and the methodology through which they will be used.
The information services specified in this document are only the minimal set identifiable according to the identified requirements of the healthcare enterprise, and constituting the service architecture (i.e. the integration platform) to serve as the basis for healthcare applications, e.g. EHR or patient administration.

This document provides guidelines on identification and labelling of medicinal products from the point of manufacture of packaged medicinal product to the point of dispensing the product.
This document outlines best practice for AIDC barcoding solutions for applications. Users can, however, consider the coding interoperability requirements for other AIDC technologies, e.g. Radio Frequency Identification (RFID).

This document specifies a means for communicating part or all of the electronic health record (EHR) of one or more identified subjects of care between EHR systems, or between EHR systems and a centralised EHR data repository.
It can also be used for EHR communication between an EHR system or repository and clinical applications or middleware components (such as decision support components) that need to access or provide EHR data, or as the representation of EHR data within a distributed (federated) record system.
This document will predominantly be used to support the direct care given to identifiable individuals, or to support population monitoring systems such as disease registries and public health surveillance. Uses of health records for other purposes such as teaching, clinical audit, administration and reporting, service management, research and epidemiology, which often require anonymization or aggregation of individual records, are not the focus of this standard series but such secondary uses might also find it useful.
This document defines an Archetype Model to be used to represent Archetypes when communicated between repositories, and between archetype services. It defines an optional serialised representation, which may be used as an exchange format for communicating individual archetypes. Such communication might, for example, be between archetype libraries or between an archetype service and an EHR persistence or validation service.

This document specifies a means for communicating part or all of the electronic health record (EHR) of one or more identified subjects of care between EHR systems, or between EHR systems and a centralised EHR data repository.
It can also be used for EHR communication between an EHR system or repository and clinical applications or middleware components (such as decision support components), or personal health applications and devices, that need to access or provide EHR data, or as the representation of EHR data within a distributed (federated) record system.
This document will predominantly be used to support the direct care given to identifiable individuals or self-care by individuals themselves, or to support population monitoring systems such as disease registries and public health surveillance. Uses of health records for other purposes such as teaching, clinical audit, administration and reporting, service management, research and epidemiology, which often require anonymization or aggregation of individual records, are not the focus of this document but such secondary uses might also find the document useful.
This Part 1 of the multipart series is an Information Viewpoint specification as defined by the Open Distributed Processing ? Reference model: Overview (ISO/IEC 10746-1). This document is not intended to specify the internal architecture or database design of EHR systems.

This document describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in ISO 13606-1.
This document seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.
NOTE       Security requirements for EHR systems not related to the communication of EHRs are outside the scope of this document.

This document specifies a means for communicating part or all of the electronic health record (EHR) of one or more identified subjects of care between EHR systems, or between EHR systems and a centralised EHR data repository.
It can also be used for EHR communication between an EHR system or repository and clinical applications or middleware components (such as decision support components), or personal health applications and devices, that need to access or provide EHR data, or as the representation of EHR data within a distributed (federated) record system.
This document defines term lists that each specify the set of values for the particular attributes of the Reference Model defined in ISO 13606-1. It also defines normative and informative Reference Archetypes that enable frequently-occurring instances of EHR data to be represented within a consistent structure when communicated using this document.

This document specifies the information architecture required for interoperable communications between systems and services that need or provide EHR data. This document is not intended to specify the internal architecture or database design of such systems.
The subject of the record or record extract to be communicated is an individual person, and the scope of the communication is predominantly with respect to that person's care.
Uses of healthcare records for other purposes such as administration, management, research and epidemiology, which require aggregations of individual people's records, are not the focus of this document but such secondary uses could also find the document useful.
This document defines a set of interfaces to request and provide:
—          an EHR_EXTRACT for a given subject of care as defined in ISO 13606-1;
—          one or more ARCHETYPE(s) as defined in ISO 13606-2;
—          an EHR_AUDIT_LOG_EXTRACT for a given subject of care as defined in ISO 13606-4.
This document defines the set of interactions to request each of these artefacts, and to provide the data to the requesting party or to decline the request. An interface to query an EHR or populations of EHRs, for example for clinical audit or research, are beyond its scope, although provision is made for certain selection criteria to be specified when requesting an EHR_EXTRACT which might also serve for population queries.
This document defines the Computational Viewpoint for each interface, without specifying or restricting particular engineering approaches to implementing these as messages or as service interfaces.
This document effectively defines the payload to be communicated at each interface. It does not specify the particular information that different transport protocols will additionally require, nor the security or authentication procedures that might be agreed between the communicating parties or required by different jurisdictions.

The main purpose of ClaML is to formally represent the content and hierarchical structure of healthcare classification systems in a markup language for the safe exchange and distribution of data and structure between organizations and dissimilar software products.
The scope of healthcare classification systems covered by this document encompasses terminologies, and is constrained to traditional paper-based systems (like ICD-10) and systems built according to categorial structures and a cross thesaurus (like ICNP)[2]. ClaML is intended for representation of healthcare classification systems in which classes have textual definitions, hierarchical ordering, named hierarchical levels (such as "chapter", "section"), inclusion and exclusion criteria, and codes. It is not intended to cover any formal representation, neither for definition or composition of concepts, nor for specification of classification rules. Systems with such formal specifications can at best be partially represented using ClaML, and are hence out of scope. Most of the notes and examples in this document relate to ICD. This is because ICD is the most common classification system in the scope of this document. As a highly complex classification system it is an inexhaustible source for examples of nearly any kind. But all these notes and examples represent also other similar classification systems, if applicable, which are usually less complex. An overview of currently known classification systems using ClaML is provided in a separate document which is electronically available (see 7.3).
This document is not intended to:
a)    provide a normative syntax on how a healthcare classification system is to be constructed;
b)    define link types between elements in a healthcare classification system (this is left to the developers of healthcare classification systems);
c)    provide a representation for direct viewing or printing.

This document provides an information model to define and identify substances within medicinal products or substances used for medicinal purposes, including dietary supplements, foods and cosmetics. The information model can be used in the human and veterinary domain since the principles are transferrable. Other standards and external terminological resources are referenced that are applicable to this document.

ISO 11616:2017 is intended to provide specific levels of information relevant to the identification of a Medicinal Product or group of Medicinal Products. It defines the data elements, structures and relationships between data elements that are required for the exchange of regulated information, in order to uniquely identify pharmaceutical products. This identification is to be applied throughout the product lifecycle to support pharmacovigilance, regulatory and other activities worldwide. In addition, ISO 11616:2017 is essential to ensure that pharmaceutical product information is assembled in a structured format with transmission between a diverse set of stakeholders for both regulatory and clinical (e.g. e-prescribing, clinical decision support) purposes. This ensures interoperability and compatibility for both the sender and the recipient.
ISO 11616:2017 is not intended to be a scientific classification for pharmaceutical products. Rather, it is a formal association of particular data elements categorised in prescribed combinations and uniquely identified when levelling degrees of information are incomplete. This allows for Medicinal Products to be unequivocally identified on a global level.
References to other normative IDMP and messaging standards for pharmaceutical product information are included in Clause 2, to be applied in the context of ISO 11616:2017.
Medicinal products for veterinary use are out of scope of ISO 11616:2017.

ISO 11615:2017 establishes definitions and concepts and describes data elements and their structural relationships, which are required for the unique identification and the detailed description of Medicinal Products.
Taken together, the standards listed in the Introduction define, characterise and uniquely identify regulated Medicinal Products for human use during their entire life cycle, i.e. from development to authorisation, post-marketing and renewal or withdrawal from the market, where applicable.
Furthermore, to support successful information exchange in relation to the unique identification and characterisation of Medicinal Products, the use of other normative IDMP messaging standards is included, which are to be applied in the context of ISO 11615:2017.

ISO/TS 20451:2017 defines the concepts required to associate pharmaceutical products with an appropriate set of PhPID(s) in accordance with ISO 11616.
Pharmaceutical identifiers and elements are to represent pharmaceutical products as represented in a Medicinal Product as indicated by a Medicines Regulatory Authority. The suite of ISO IDMP standards can be applied to off-label usage of Medicinal Products, but is currently outside of the scope of ISO/TS 20451:2017.
Reference to ISO 11238, ISO 11239, ISO 11240 and ISO 11615 and HL7 messaging standards, HL7 Reference Information Model (RIM), HL7 V3 Common Product Model (CPM) and HL7 V3 Structured Product Labelling (SPL) can be applied for pharmaceutical product information in the context of ISO/TS 20451:2017.

ISO/TS 20443:2017 defines concepts and describes data elements and their structural relationships, which are required for the unique identification and the detailed description of Medicinal Products.
Taken together, all ISO IDMP standards (ISO 11615, ISO 11616, ISO 11238, ISO 11239 and ISO 11240) define, characterise, and uniquely identify regulated Medicinal Products for human use from approval, to post-marketing and renewal or withdrawal from the market, where applicable.
Furthermore, to support successful information exchange in relation to the unique identification and characterisation of Medicinal Products, the normative use of HL7 common product model (CPM) and structured product labeling (SPL) messaging is described. References to the use of other relevant standards for Medicinal Product information are included in ISO/TS 20443:2017 to support successful information exchange.

ISO/TS 19293:2018 specifies requirements for a record of a dispense of a medicinal product.
It is intended to be adopted by detailed, implementable specifications, such as interoperability standards, system specifications, and regulatory programs.
ISO/TS 19293:2018 applies to information systems in which a dispense of a medicinal product is registered, and the systems that consume such information. These systems are usually in pharmacies or other healthcare institutions. This document does not necessarily apply to non-pharmacy shops or other non-clinical systems (e.g. supermarket cashiers).
The scope of ISO/TS 19293:2018 includes the activities relating to the dispensing of a medicinal product and the information content for the capture of structured information produced in those events.
These activities include any actual dispense, cancellation or other outcome that may have occurred at the time of planned or actual dispense. In other words, the dispense record also contains information that medication was expected to be dispensed but was not dispensed.

ISO 21298:2017 defines a model for expressing functional and structural roles and populates it with a basic set of roles for international use in health applications. Roles are generally assigned to entities that are actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles in the context of the provision of care (e.g. subject of care).
Roles can be structural (e.g. licensed general practitioner, non-licensed transcriptionist, etc.) or functional (e.g. a provider who is a member of a therapeutic team, an attending physician, prescriber, etc.). Structural roles are relatively static, often lasting for many years. They deal with relationships between entities expressed at a level of complex concepts. Functional roles are bound to the realization of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained concepts.
Roles addressed in this document are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this document. This document does not address specifications related to permissions. This document treats the role and the permission as separate constructs. Further details regarding the relationship with permissions, policy, and access control are provided in ISO 22600.

ISO/TS 19844:2016 is used in the implementation of ISO 11238. This document defines substances based on their scientific identity (i.e. what they are) rather than on their use or method of production.
ISO 11238 provides the conceptual framework for defining Substances and Specified Substances and for assigning unique identifiers in the context of the ISO IDMP standards. ISO 11238 describes general concepts for defining and distinguishing substances and a high level model for the structuring of information for substances. This document provides detailed explanations of each type or grouping of substance information, an element-by-element description for implementation of ISO 11238, and examples for a variety of Substances and Specified Substances.
This second edition of the document addresses substances, Groups 1 to 3 of the Specified Substances as defined in ISO 11238 and Annexes A, B, C, D, E, F, G and H. It is anticipated that Specified Substances Group 4, as defined in ISO 11238, will be addressed in a subsequent edition of this document. Some information that would typically fall under Specified Substances Group 4 may be covered in the Annexes of this document. This information, although not defining of either a Substance or a Specified Substance Group 1, may be essential to distinguishing substances. This document addresses the following:
·         Data elements necessary for defining Substances and Specified Substances Groups 1 to 3;
·         The logical use of data elements as defined in ISO 11238;
·         Substances and Specified Substances Groups 1 to 3 business rules for
-  determining necessary data elements,
-  distinguishing and defining materials according to ISO 11238,
-  triggering the assignment of identifiers.
ISO/TS 19844:2016 does not address the following:
·         Business processes for data management;
·         Implementation of a specific data information system (e.g. a relational database schema);
·         Normative messaging standards for substances;
·         The maintenance of controlled vocabularies;
·         The specific global identifier system that should be used;
·         Nomenclature standards for substances.

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.
ISO 25237:2017
-      defines one basic concept for pseudonymization (see Clause 5),
-      defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6),
-      specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7),
-      gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A),
-      gives a guide to risk assessment for re-identification (see Annex B),
-      provides an example of a system that uses de-identification (see Annex C),
-      provides informative requirements to an interoperability to pseudonymization services (see Annex D), and
-      specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).

ISO/TS 19256:2016 defines the required characteristics for any MPD-system to support use cases in healthcare.
These characteristics include the medication concepts, identifiers and relationships to form a kind of structure that supports the use cases.

ISO 27799:2016 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).
It defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that International Standard.
ISO 27799:2016 provides implementation guidance for the controls described in ISO/IEC 27002 and supplements them where necessary, so that they can be effectively used for managing health information security. By implementing ISO 27799:2016, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information in their care.
It applies to health information in all its aspects, whatever form the information takes (words and numbers, sound recordings, drawings, video, and medical images), whatever means are used to store it (printing or writing on paper or storage electronically), and whatever means are used to transmit it (by hand, through fax, over computer networks, or by post), as the information is always be appropriately protected.
ISO 27799:2016 and ISO/IEC 27002 taken together define what is required in terms of information security in healthcare, they do not define how these requirements are to be met. That is to say, to the fullest extent possible, ISO 27799:2016 is technology-neutral. Neutrality with respect to implementing technologies is an important feature. Security technology is still undergoing rapid development and the pace of that change is now measured in months rather than years. By contrast, while subject to periodic review, International Standards are expected on the whole to remain valid for years. Just as importantly, technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that ISO 27799:2016 describes.
As noted in the introduction, familiarity with ISO/IEC 27002 is indispensable to an understanding of ISO 27799:2016.
The following areas of information security are outside the scope of ISO 27799:2016:
a)   methodologies and statistical tests for effective anonymization of personal health information;
b)   methodologies for pseudonymization of personal health information (see Bibliography for a brief description of a Technical Specification that deals specifically with this topic);
c)   network quality of service and methods for measuring availability of networks used for health informatics;
d)   data quality (as distinct from data integrity).

ISO 17523:2016 specifies the requirements that apply to electronic prescriptions. It describes generic principles that are considered important for all electronic prescriptions.
ISO 17523:2016 is constrained to the content of the electronic prescription itself, the digital document which is issued by a prescribing healthcare professional and received by a dispensing healthcare professional. The prescribed medicinal product is to be dispensed through an authorized healthcare professional with the aim of being administered to a human patient. Other messages, roles and scenarios (e.g. validation of a prescription, administration, medication charts, EHR of the patient, reimbursement of care and dispensed products) are out of scope of this International Standard, because they are more or less country or region specific, due to differences in culture and in legislation of healthcare. However, requirements and content of electronic prescriptions within the context of jurisdictions have a relationship with these scenarios. The way in which electronic prescriptions are made available or exchanged also fall outside the scope of this International Standard.
ISO 17523:2016 is applicable to electronic prescriptions of medicinal products. Although other kinds of products (e.g. medical devices, wound care products) can be ordered by means of an electronic prescription, the requirements in this International Standard are aimed at medicinal products that have a market authorization and at pharmaceutical preparations which are compounded in a pharmacy. An electronic prescription is an information object that authorizes a healthcare professional to legally dispense a medicinal product.
ISO 17523:2016 specifies a list of data elements that can be considered as essential for electronic prescriptions, depending on jurisdiction or clinical setting (primary healthcare, hospital, etc.).

ISO 16278:2016 defines the characteristics required to synthetically describe the organization and content of human anatomy within a terminological system. It is intended primarily for use with computer-based applications such as clinical electronic health records, decision support and for various bio-medical research purposes.
ISO 16278:2016 will serve to
-      facilitate the construction of new terminological systems in a regular form which will increase their coherence and expressiveness,
-      facilitate maintenance of human anatomy within terminological systems,
-      increase consistency and coherence of existing terminological system,
-      allow systematic cross-references between items of human anatomy in different types of terminological systems,
-      facilitate convergence among human anatomy within terminological systems,
-      make explicit the overlap for human anatomy between different health care domains terminological systems,
-      provide elements for negotiation about integration of different terminological systems into information systems between the respective developers, and
-      enable the systematic evaluation of human anatomy within terminological systems.
ISO 16278:2016 itself is not suitable or intended for use by, individual clinicians or hospital administrators.
The target groups for this International Standard are the following:
-      designers of specialized standard healthcare terminological categorial structures;
-      developers of healthcare terminological systems including classifications and coding systems;
-      producers of services for terminological systems and designers of software including natural language processing;
-      information modellers, knowledge engineers, and standards developers building models for health information management systems;
-      developers of information systems that require an explicit representation of healthcare terminological systems;
-      developers of marked-up standards for representation of healthcare documents.
ISO 16278:2016 does not include categorial structure that might be necessary for the description of developmental anatomy during the human life cycle, which includes prenatal development, post-natal growth and aging.
ISO 16278:2016 has been developed for use as an integrated part of computer-based applications and for the electronic healthcare record. It would be of limited value for manual use.
It is not the purpose of this International Standard to standardize the end user classification of human anatomy terminology or to conflict with the concept systems embedded in national practice and languages.

ISO 13940:2015 defines a system of concepts for different aspects of the provision of healthcare.
The core business in healthcare is the interaction between subjects of care and healthcare professionals. Such interactions occur in healthcare/clinical processes and are the justification for the process approach of ISO 13940:2015. To be able to represent both clinical content and clinical context, ISO 13940:2015 is related to a generic healthcare/clinical process model as well as comprehensive concept definitions and concept models for the clinical, management and resource aspects of healthcare services.
In practice ISO 13940:2015 covers the concept definitions needed whenever structured information in healthcare is specified as a requirement. The definitions are intended to refer to the conceptual level only and not to details of implementation. ISO 13940:2015 will cover all levels of specifications in the development of
logical reference models within the information viewpoint as a common basis for semantic interoperability on international, national or local levels,
information systems, and
information for specified types of clinical processes.

ISO 10781:2015 provides a reference list of functions that may be present in an Electronic Health Record System (EHR-S). The function list is described from a user perspective with the intent to enable consistent expression of system functionality. This EHR-S Functional Model, through the creation of Functional Profiles for care settings and realms, enables a standardized description and common understanding of functions sought or available in a given setting (e.g. intensive care, cardiology, office practice in one country or primary care in another country).

ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions.
It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation.
It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.
ISO 22600-2:2014 introduces the underlying paradigm of formal high-level models for architectural components. It is based on ISO/IEC 10746 (all parts) and introduces the domain model, the document model, the policy model, the role model, the authorization model, the delegation model, the control model, and the access control model.

ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions.
It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation.
It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.
ISO 22600-1:2014 proposes a template for the policy agreement. It enables the comparable documentation from all parties involved in the information exchange.

ISO 22600 defines principles and specifies services needed for managing privileges and access control to data and/or functions.
It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situation.
It specifies the necessary component-based concepts and is intended to support their technical implementation. It will not specify the use of these concepts in particular clinical process pathways.
ISO 22600-3:2014 instantiates requirements for repositories for access control policies and requirements for privilege management infrastructures. It provides implementation examples of the formal models specified in ISO 22600‑2.

This Technical Report addresses the issue of multiple identifiers that may refer to the same person. It describes the management of patient identification and cross-referencing of identities and provides some practical guidance for addressing implementation of standards, reports, guidelines, methods, etc. The need to identify a person unambiguously is an important component for the interoperability of health information systems.
Within healthcare there is an essential requirement for good quality information, not least to uniquely identify an individual to ensure that the appropriate and relevant care can be delivered irrespective of geography, time and situation. To ensure that health care providers have access to information about an individual patient, it is vital that the patient can be reliably identified within a Health Care Information System. Currently, a given patient may have several identifiers corresponding to different geographical locations, different health care organisations or various specialities. The allocation of multiple identifiers and related processes increases the risk of identification error within one or more information systems and as a result, might compromise the safety of a patient.
The quality of identification ensures that health care providers have access to patient information, facilitating closer coordination and continuity of care, improving service in terms of prevention and follow-up. Quality will be pursued within the framework of:
—   medical care in a hospital information system (HIS): covering all the stages from patient identification to admittance to the health care organization or directly to the care unit or emergency care, through to the issuing of reports by the different health care services (medical and medico-technical services);
—   continuity of care;
—   patient mobility.
Because electronic heath care records may be updated by several and various healthcare providers over a long period of time, the patient identification needs to be formalized in such a way to ensure that the correct patient’s healthcare record is being accessed.
In the regions or the countries where a national unique patient identifier is not used, the patient is identified by using patient identifiers for each healthcare system, wherever the patient is registered. Even within an individual healthcare organization, the patient may be identified by a specific identifier for an individual ward or a medical support unit. To ensure the continuity of care and the sharing of patient information, it is necessary to reliably link together the different patient identities within what we will call a "patient identifier cross-reference domain".
The need to cross-reference identities appears when a healthcare provider wants to access all the healthcare information for one patient and that information is contained in different healthcare systems managed by several healthcare professionals or organisations.
In recent years, many research studies and implementations have taken place to try to resolve this issue. This document provides an overview and proposals for the management of the patient identities and the cross referencing of identities and provides guidance for authorities, organisations, project managers and users.

ISO/TS 14441:2013 examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. ISO/TS 14441:2013 addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.
ISO/TS 14441:2013 includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts).

ISO 21091:2013 defines minimal specifications for directory services for healthcare. It can be used to enable communications between organizations, devices, servers, application components, systems, technical actors, and devices.
ISO 21091:2013 provides the common directory information and services needed to support the secure exchange of healthcare information over public networks where directory information and services are used for these purposes. It addresses the health directory from a community perspective in anticipation of supporting inter-enterprise, inter-jurisdiction, and international healthcare communications. While several options are supported by ISO 21091:2013, a given service will not need to include all of the options.
In addition to the support of security services, such as access control and confidentiality, ISO 21091:2013 provides specification for other aspects of communication, such as addresses and protocols of communication entities.
ISO 21091:2013 also supports directory services aiming to support identification of health professionals and organizations and the subjects of care.

ISO 11240:2012:
specifies rules for the usage and coded representation of units of measurement for the purpose of exchanging information about quantitative medicinal product characteristics that require units of measurement  (e.g. strength) in the human medicine domain;
establishes requirements for units in order to provide traceability to international metrological standards;
provides rules for the standardized and machine-readable documentation of quantitative composition and strength of medicinal products, specifically in the context of medicinal product identification;
defines the requirements for the representation of units of measurement in coded form;
provides structures and rules for mapping between different unit vocabularies and language translations to support the implementation of ISO 11240:2012, taking into account that existing systems, dictionaries and repositories use a variety of terms and codes for the representation of units.
The scope of ISO 11240:2012 is limited to the representation of units of measurement for data interchange between computer applications.

ISO 1828:2012 specifies the minimal characteristics of a categorial structure for terminological systems of surgical procedures and the minimal domain constraints to support interoperability, comparability and the exchange of meaningful information on surgical procedures, independently of the language, insofar as the significant differences are specified by the system.
ISO 1828:2012 is applicable to terminological systems of surgical procedures in all surgical disciplines. It covers only the terminology part, as defined in ISO 1087-1:2000, of the terminological systems of surgical procedures.
ISO 1828:2012 is intended to be used as an integrated part of computer-based applications and for electronic health care records.

ISO 27593-2:2011 seeks to create a standardized framework for international regulatory reporting and information sharing by providing a common set of data elements and a messaging format for transmission of ICSRs for adverse drug reactions (ADR), adverse events (AE), infections, and incidents that can occur upon the administration of one or more human pharmaceutical products to a patient, regardless of source and destination.

ISO 27953-1:2011 seeks to establish an international framework for data exchange and information sharing by providing a common messaging format for transmission of ICSRs for adverse drug reactions (ADR), adverse events (AE), product problems and consumer complaints that can occur upon the administration or use of one or more products.
The messaging format is based upon the HL7 Reference Information Model (RIM) and can be extended or constrained to accommodate a variety of reporting use cases. ISO 27953-1:2011 will be harmonized over time with other HL7 public health and patient safety reporting standards to help ensure that messaging constructs and vocabulary are harmonized in the HL7 Public Heath and Regulatory Reporting domains.
The data elements used in ISO 27953-1:2011 were identified as consistent across many of the use cases and can be applied to a variety of reporting scenarios. Specific reporting requirements within organizations or regions might vary.

ISO 21090:2011
- provides a set of datatype definitions for representing and exchanging basic concepts that are commonly encountered in healthcare environments in support of information exchange in the healthcare environment;
- specifies a collection of healthcare-related datatypes suitable for use in a number of health-related information environments;
- declares the semantics of these datatypes using the terminology, notations and datatypes defined in ISO/IEC 11404, thus extending the set of datatypes defined in that standard;
- provides UML definitions of the same datatypes using the terminology, notation and types defined in Unified Modelling Language (UML) version 2.0;
- specifies an XML (Extensible Mark-up Language) based representation of the datatypes.
The requirements which underpin the scope reflect a mix of requirements gathered primarily from HL7 Version 3 and ISO/IEC 11404, and also from CEN/TS 14796, ISO 13606 (all parts) and past ISO work on healthcare datatypes.
ISO 21090:2011 can offer a practical and useful contribution to the internal design of health information systems, but is primarily intended to be used when defining external interfaces or messages to support communication between them.

1.1   Purpose
This European Standard provides a structure aiding the representation, e.g. systematic terms or coding systems, of dedicated kinds of property, including dedicated kinds of quantity, in laboratory medicine.  The structure for representation is intended to facilitate the unambiguous communication of messages containing information about properties.
1.2   Field of application
This European Standard is applicable to all branches of laboratory medicine and other bodies offering laboratory analytic services. Examinations performed in the physician's office, at the bedside, or in the home are considered to be part of the laboratory medicine domain and thus this European Standard applies.
1.3   Uses
This structure for representation constitutes the essential basis for development of nomenclatures and coding systems intended for use in unambiguous and fully informative communication about properties, which fall within the field of application. Every such communication, including requests to and reports from clinical laboratories, and information retrieval for management reporting, research and reimbursement, will require additional information which is outside the scope of this European Standard.
1.4   Limitations
It should be emphasized that it is not the purpose of this European Standard to standardize the language used by health care practitioners in requesting or reporting clinical laboratory data.  It may, however, be used as a guide by those who wish to adopt systematic terms for routine requesting and reporting of laboratory data.
The syntax used for representing dedicated kinds-of-property is outside the scope of this European Standard, as are syntactic rules for the construction of codes in coding schemes.
The purpose is not to standardize the presentation of properties or kinds-of-property in user interfaces of computer systems nor the presentation in printed documents.

This document describes the general requirements on a terms and concepts database. This document also proposes a maintenance procedure for CEN/TC 251, the content, structure and user interface to a web-based terms- and concepts database that will compile the defined concepts with their preferred terms and definitions from the standards developed by
CEN/TC 251. These are terms from the health informatics field and not all terms and concepts used in healthcare.
It also describes an example of an implementation and ends with a proposal for CEN/TC 251 for the establishment and maintenance of such a terms and concepts database.