Microsoft Word C033396e doc Reference number ISO/TR 18307 2001(E) © ISO 2001 TECHNICAL REPORT ISO/TR 18307 First edition 2001 12 15 Health informatics — Interoperability and compatibility in messaging[.]
TECHNICAL REPORT ISO/TR 18307 First edition 2001-12-15 Health informatics — Interoperability and compatibility in messaging and communication standards — Key characteristics Informatique de santé —Interoperabilité et compatibilité avec les normes de messagerie et de communication — Caractéristiques Reference number ISO/TR 18307:2001(E) © ISO 2001 `,,```,,,,````-`-`,,`,,`,`,,` - Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale ISO/TR 18307:2001(E) PDF disclaimer This PDF file may contain embedded typefaces In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing In downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy The ISO Central Secretariat accepts no liability in this area Adobe is a trademark of Adobe Systems Incorporated Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing Every care has been taken to ensure that the file is suitable for use by ISO member bodies In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below © ISO 2001 All rights reserved Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body in the country of the requester ISO copyright office Case postale 56 • CH-1211 Geneva 20 Tel + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.ch Web www.iso.ch Printed in Switzerland `,,```,,,,````-`-`,,`,,`,`,,` - ii Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2001 – All rights reserved Not for Resale ISO/TR 18307:2001(E) Contents Page Foreword v Scope References Terms and definitions Abbreviated terms 21 Trust Constituency 23 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 6.11 6.12 6.13 6.14 6.15 Principles and objectives 24 Ensured Trust 24 Trust Constituency 25 Health record rights 25 Health record obligations 26 Health record composition 26 Healthcare parties and their accountable actions 27 Healthcare agents and their accountable actions 27 Scope of accountability, Unit of accountability 27 Authentication 28 Auditability 28 Chain of trust 28 Faithfulness, permanence, persistence and indelibility 28 Data definition, Data registry 28 Data integrity 29 Completeness and continuity 29 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 7.13 7.14 7.15 7.16 7.17 7.18 7.19 7.20 7.21 7.22 7.23 7.24 7.25 7.26 Key characteristics (KC) 29 Identifiable information 29 Architectural basis 30 Master files 33 Master registries 37 Electronic records 40 Record chronology, continuity, completeness 42 Authentication, non-repudiation services 43 Digital signature, Public key infrastructure 44 Audit 44 Permanence, persistence, indelibility 45 On-Line Transaction Processing (OLTP) 45 On-Line Analytical Processing (OLAP) 46 Fault tolerance 46 Data synchrony 46 Time synchrony 47 Trusted end-to-end information flows 47 Disclosure, Export 49 Prospective services 50 Work flow 52 Concurrent status, Records 53 Retrospective status, Records 54 Personal healthcare professional services 54 Data integrity 55 Protocols: Care plans, Critical paths 56 Problem lists 56 Decision support 56 `,,```,,,,````-`-`,,`,,`,`,,` - iii © ISO 2001 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale ISO/TR 18307:2001(E) 7.27 7.28 7.29 7.30 7.31 7.32 7.33 7.34 7.35 7.36 Surveillance, Metrics and Analysis 57 Communications infrastructure 58 Multiple person linkage .58 Healthcare professional — Subject of care linkage 59 Localization, Local authority 59 User environments 60 Version management 60 Inter-application interoperability 60 Change scale (Scalability) 62 Validation 62 Principles and objectives enabled by key characteristics 63 Annex A Exercise to validate the key characteristics set out in this technical report 69 Annex B RM-ODP viewpoints 89 Annex C RM-ODP enterprise viewpoint 90 Annex D RC-ODP architecture — Enterprise language 91 Bibliography 92 `,,```,,,,````-`-`,,`,,`,`,,` - iv Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2001 – All rights reserved Not for Resale ISO/TR 18307:2001(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies) The work of preparing International Standards is normally carried out through ISO technical committees Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part The main task of technical committees is to prepare International Standards Draft International Standards adopted by the technical committees are circulated to the member bodies for voting Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful Attention is drawn to the possibility that some of the elements of this Technical Report may be the subject of patent rights ISO shall not be held responsible for identifying any or all such patent rights ISO/TR 18307 was prepared by Technical Committee ISO/TC 215, Health informatics `,,```,,,,````-`-`,,`,,`,`,,` - v © ISO 2001 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale `,,```,,,,````-`-`,,`,,`,`,,` - Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale TECHNICAL REPORT ISO/TR 18307:2001(E) Health informatics — Interoperability and compatibility in messaging and communication standards — Key characteristics Scope This Technical Report describes a set of key characteristics to achieve interoperability and compatibility in trusted health information interchange between communicant application systems The key characteristics describe inter-application interoperability needs of the healthcare community, in particular the subject of care, the healthcare professional/caregiver, the healthcare provider organization, its business units and the integrated delivery network The key characteristics offer criteria for standards developers and implementers of standards for messaging and communications in the healthcare domain and provide a guide for software developers and vendors, healthcare providers and end users References ISO/IEC Guide:1996, Guide 2: definition 3.2 ISO 2382-4, Information technology — Vocabulary — Part 4: Organization of data ISO 6523-1:1998, Information technology — Structure for the identification of organizations and organization parts — Part 1: Identification of organization identification schemes ISO 7498-2:1989, Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture ISO/IEC 10746-2:1996, Information technology — Open Distributed Processing — Reference Model: Foundations `,,```,,,,````-`-`,,`,,`,`,,` - ISO/IEC 10746-3:1996, Information technology — Open Distributed Processing — Reference Model: Architecture ISO/IEC 10746-4:1998, Information technology — Open Distributed Processing — Reference Model: Architectural Semantics ISO/IEC 15408-1:1999, Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model Terms and definitions 3.1 access ability or the means necessary to read, write, modify, or communicate data/information or otherwise make use of any system resource [HIPAA] © ISO 2001 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale ISO/TR 18307:2001(E) provision of an opportunity to approach, inspect, review, make use of data or information [CPRI] specific type of interaction between a subject and an object that results in the flow of information from one to the other [GCST] 3.2 access control means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways [ISO/IEC 2382-8] prevention of an unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner [ISO 7498-2] policies and procedures preventing access by those who are not authorized to have it [IOM] 3.3 access level level associated with an individual who may be accessing information (e.g a clearance level)…, the information which may be accessed (e.g a classification level) [HIPAA] 3.4 accountability property that ensures that the actions of an entity can be traced uniquely to the entity [ISO 7498-2] concept that individual persons or entities can be held responsible for specified actions [NRC] obligation to disclose periodically, in adequate detail and consistent form, to all directly and indirectly responsible or properly interested parties, the purposes, principles, procedures, relationships, results, incomes and expenditures involved in any activity, enterprise, or assignment so that they can be evaluated by the interested parties [JCAHO] 3.5 actor 〈with respect to an action〉 an enterprise object (or entity) that participates in the action [ISO/IEC 15414] 3.6 agent enterprise object (or entity) that has been delegated (authority, a function, etc.) by and acts for another (in exercising the authority, performing the function, etc.) [ISO/IEC 15414] `,,```,,,,````-`-`,,`,,`,`,,` - Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2001 – All rights reserved Not for Resale ISO/TR 18307:2001(E) 3.7 aggregate aggregation to combine standardized data and information [JCAHO] 3.8 algorithm algorithmic series of steps for addressing a specific issue `,,```,,,,````-`-`,,`,,`,`,,` - [JCAHO] 3.9 application identifiable computer running a software process NOTE In this context, it may be any software process used in healthcare information systems including those without any direct role in treatment or diagnosis NOTE In some jurisdictions, including software processes may be regulated medical devices 3.10 architecture set of principles on which the logical structure and interrelationships to an organization and business context are based NOTE Software architecture is the result of software design activity 3.11 archived (records) archival (records) 〈healthcare〉 data saved for later reference or use, possibly off-line [COACH] 3.12 assurance grounds for confidence, surety, certitude grounds for confidence that an entity meets its security objectives [ISO/IEC 15408:1999] development, documentation, testing, procedural and operational activities carried out to ensure a system's security services in fact provide the claimed level of protection [OMG 97] 3.13 asymmetric cryptographic algorithm algorithm for performing encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ [ISO 10181-1] 3.14 audit control mechanisms employed to record and examine system activity [HIPAA] © ISO 2001 – All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS Not for Resale ISO/TR 18307:2001(E) 3.15 audit trail record of the resources which were accessed and/or used by whom [ISO 7498-2] documentary evidence of monitoring each operation (of healthcare parties) on health information [NRC] chronological record of system activities that is sufficient to enable the reconstruction, reviewing and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results [GCST] 3.16 authentication of health record entries process used to verify that an entry is complete, accurate and final [JCAHO] 3.17 authentication providing assurance regarding the identity of a subject (author) or object (information) 3.18 authentication (data) verification of the integrity of data that have been stored, transmitted or otherwise exposed to possible unauthorized modification [GCST] 3.19 authentication (data source) corroboration that the source of data received is as claimed [ISO 7498-2] 3.20 authentication (user) provision of assurance of the claimed identity of an entity [ISO/IEC 10181-2] 3.21 authorize authorization granting of rights, which includes granting of access based on access rights [ISO 7498-2] prescription that a particular behaviour must not be prevented [ISO/IEC 15414] 3.22 authorized user user who may, in accordance with the Security Policy, perform an operation [ISO/IEC 15408:1999] Copyright International Organization for Standardization Provided by IHS under license with ISO No reproduction or networking permitted without license from IHS © ISO 2001 – All rights reserved Not for Resale `,,```,,,,````-`-`,,`,,`,`,,` - [ASTM E1762]