Health informatics — Person-owned document repository for PHR applications and health information exchange

This document describes the concept of a person-owned repository (PoR) of health documents. It suggests representative uses for PoRs and surveys some of the existing technologies and projects that can be categorized as PoRs. It is, however, not intended to cover document formats (such as HL7 CDA), exact communication protocols, details of security and privacy protection strategies, or any other normative aspects of PoRs.

Informatique de santé — Dépôt de documents personnels pour les applications PHR et échange d’informations sur la santé

General Information

Status
Published
Publication Date
24-Jul-2018
Current Stage
6060 - International Standard published
Due Date
27-Jan-2018
Completion Date
25-Jul-2018
Ref Project

Buy Standard

Technical report
ISO/TR 20055:2018 - Health informatics -- Person-owned document repository for PHR applications and health information exchange
English language
11 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/TR
REPORT 20055
First edition
2018-08
Health informatics — Person-
owned document repository for PHR
applications and health information
exchange
Informatique de santé — Dépôt de documents personnels pour les
applications PHR et échange d’informations sur la santé
Reference number
ISO/TR 20055:2018(E)
©
ISO 2018

---------------------- Page: 1 ----------------------
ISO/TR 20055:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TR 20055:2018(E)

Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 2
5 Characterization of PoR technologies. 3
5.1 Introduction . 3
5.2 Considerations for the PoR implementation . 3
5.2.1 General. 3
5.2.2 Classification criteria of PoR implementations . 4
6 Potential uses for PoRs. 5
6.1 Clinical document exchange using PoRs . 5
6.2 Personal health management . 6
6.3 Clinical research . 7
6.3.1 Use of PoRs to support information trading in clinical research . 7
6.3.2 Searching CRIPs . 8
6.3.3 Security and privacy . 8
6.3.4 Authenticity and integrity of clinical information . 8
6.3.5 Rewarding . 9
7 Case studies. 9
7.1 Kela pHR CARD . 9
7.2 HeSeL . 9
7.3 Blue Button Plus . 9
7.4 My Health Record . 9
7.5 My Kanta Pages .10
7.6 Microsoft HealthVault .10
7.7 Apple Health app .10
Bibliography .11
© ISO 2018 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TR 20055:2018(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www .iso .org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received. www .iso .org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the WTO
principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary
information
This document was prepared by ISO/TC 215, Health informatics.
iv © ISO 2018 – All rights reserved

---------------------- Page: 4 ----------------------
TECHNICAL REPORT ISO/TR 20055:2018(E)
Health informatics — Person-owned document repository
for PHR applications and health information exchange
1 Scope
This document describes the concept of a person-owned repository (PoR) of health documents. It
suggests representative uses for PoRs and surveys some of the existing technologies and projects that
can be categorized as PoRs. It is, however, not intended to cover document formats (such as HL7 CDA),
exact communication protocols, details of security and privacy protection strategies, or any other
normative aspects of PoRs.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org
3.1
access control
means of ensuring that the resources of a data processing system can be accessed only by authorized
entities in authorized ways
[SOURCE: ISO/TS 21547:2010, 3.2.1]
3.2
authorization
granting privileges
[SOURCE: ISO/TR 14292:2012, 2.4]
3.3
clinical information
information about a person, relevant to his or her health or healthcare
[SOURCE: ISO 13606-1:2008, 3.13]
3.4
data owner
person having responsibility and authority for the data
[SOURCE: ISO/TR 14292:2012, 2.10]
© ISO 2018 – All rights reserved 1

---------------------- Page: 5 ----------------------
ISO/TR 20055:2018(E)

3.5
electronic health record
EHR
information relevant to the wellness, health and healthcare of an individual, in computer-processable
form and represented according to a standardized information model
[SOURCE: ISO 18308:2011, 3.20]
3.6
healthcare
activities, services or supplies related to the health of an individual
[SOURCE: ISO/TR 12773-2:2009, 2.15]
3.7
healthcare provider
healthcare organization or healthcare professional involved in the direct provision of healthcare
[SOURCE: ISO 18308:2011, 3.32]
3.8
information broker
person or system that commercially undertakes to locate, to retrieve and to provide information
3.9
personal health record
PHR
representation of information regarding, or relevant to, the health, including wellness, development
and welfare of that individual, which may be stand-alone or may integrate health information from
multiple sources, and for which the individual, or the representative to whom the individual delegated
his or her rights, manages and controls the PHR content and grants permissions for access by, and/or
sharing with, other parties
Note 1 to entry: See ISO/TR 14292:2012, 4.1.
3.10
service
ability of a system to provide a defined set of output information based on a defined set of input
information
[SOURCE: ISO/TR 14292:2012, 2.31]
4 Symbols and abbreviated terms
AA authentication agent
CDA clinical document architecture
CRIB clinical research information broker
CRIC clinical research information consumer
CRIP clinical research information provider
EHR electronic health record
HIE health information exchange
2 © ISO 2018 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/TR 20055:2018(E)

PHM personal health management
PHR personal health record
PoR person-owned repository (of health documents)
5 Characterization of PoR technologies
5.1 Introduction
A PoR is a repository of health-related information about an individual which is owned, managed,
accessed and shared by the individual using computer technology. A PoR can be implemented in many
different ways such as on a mobile device, USB, personal computer, or by using a PHR application or
[1][2]
server-based cloud service . Its basic purpose is to enable a person to collect and share their health
information. Potential sources of information include clinical information from healthcare providers,
results from laboratories, health status data such as vital signs from personal sensor devices, and any
health-related information entered by the individual who owns the PoR. Once collected, the information
stored in the PoR will be available for sharing with other parties as determined by the individual that
owns the PoR.
A PoR is substantially different from health document repositories operated by healthcare providers
or provider-sponsored HIEs which primarily support the collection of patient health information for
exchange among healthcare providers (although patients may have some access via a portal). While
such provider-centric HIEs are beneficial in many ways, there are circumstances where HIEs may not
be adequate for reasons including lack of budget, lack of motivation for information sharing among
providers, regulatory barriers, and poor support from individuals and patients. In those cases, the PoR
concept can be an effective alternative to provider-centric HIEs.
The defining characteristic of a PoR that distinguishes it from other types of health document
repositories is that the individual has total control over every aspect of their health information within
a PoR, including the technology used to implement the PoR, when and how information is collected,
what information is retained and to whom it is provided.
One of the biggest concerns with PoRs could be data reliability. Information sharing in HIE is thought
to be conducted between trustworthy participants (providers, public health authorities, etc.), but the
fact that each owner of a PoR has total control over how it is used may pose a negative effect on the
reliability of data from the PoR. As such, there is a strong need for means to guarantee the reliability of
[3]
PoR-sourced health data and one solution to this problem can be PKI-based digital signatures .
5.2 Considerations for the PoR implementation
5.2.1 General
A PoR may be owned and controlled by an individual using applications and technology selected by
the individual; however, consideration needs to be given to the possible means by which PoRs will
interoperate with EHR systems and other repositories of patient-related information maintained by
networks of healthcare providers. This consideration needs to take into account:
a) the health IT systems and infrastructure and related health informatics standards that may be
applicable to the exchange of patient health information at the level of any particular region, nation,
province/state or healthcare provider network;
b) the need to support trusted flows of information from provider-owned repositories to individuals’
[4]
PoRs ;
c) the desirability of supporting flows of information from individuals’ PoRs into provider-owned
repositories;
© ISO 2018 – All rights reserved 3

---------------------- Page: 7 ----------------------
ISO/TR 20055:2018(E)

d) the level of control for documents from healthcare professionals;
e) privacy and security issues, including the ways in which an individual’s health information may be
used and who may access it after it has been provided to a potential user.
Existing repositories of patient healthcare information often hold and/or require the exchange of
[5]
information as
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.