ISO/TS 22691:2021
(Main)Health informatics — Token-based health information sharing
Health informatics — Token-based health information sharing
This document specifies the data element content and exchange format for tokens used in token-based health information sharing. It includes a) the data items that may be contained in a health information token (HI-TOKEN), b) the value representation for each data item, c) the exchange formats allowed for HI-TOKEN sharing (electronic, machine-readable symbol, print), and d) considerations when establishing governance policies specifying how HI-TOKENs can be used within a specific group of healthcare organizations. Provision is made for both physical media and electronic exchange media. This document addresses the overall conceptual architecture and process for token-based health information sharing, as well as the role of patients, referring healthcare facilities, referred healthcare service providers, and health research institutions. Provision is made for pseudonymization of patient data. This document only defines the specification of the HI-TOKEN used in token-based health information sharing. Data exchange / transport architectures, encryption methods, and specific governance policy requirements are outside the scope of this document.
Titre manque
General Information
Buy Standard
Standards Content (Sample)
TECHNICAL ISO/TS
SPECIFICATION 22691
First edition
2021-05
Health informatics — Token-based
health information sharing
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Data items in HI-TOKEN . 3
4.1 Overview . 3
4.2 Item definitions . 3
5 Data types and value representations in HI-TOKEN . 4
5.1 Overview . 4
5.2 Data types and value representations . 4
6 Exchange format of HI-TOKEN . 5
6.1 Overview . 5
6.2 Electronic representation . 5
6.3 Machine-readable optical representation . 6
6.4 Printed text representation . 7
7 Security considerations. 8
7.1 General considerations . 8
7.1.1 Overview . 8
7.1.2 HI-TOKEN . 9
7.1.3 Documents stored in the information repository . 9
7.1.4 Data transfer . 9
7.1.5 Encryption . 9
7.1.6 Authentication and authorization . 9
7.1.7 Logging . 9
7.2 Specific requirements . 9
8 Guidance for establishing a HI-community token sharing policy .9
Annex A (informative) Comparison of IHE XDS/XDR and token-based health information
sharing use cases .12
Annex B (informative) Data flow of token-based health information sharing .17
Bibliography .22
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 215, Health informatics.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved
Introduction
The interexchange of patient health information between healthcare facilities is important for both
patients and the facilities to ensure the continuity and safety of healthcare and to reduce unnecessary
examinations. Exchange of health information using IHE XDS is known as an effective solution for
accessing patient health information in real-time when needed to provide care.
NOTE 1 Integrating the Healthcare Enterprise (IHE) Cross-enterprise Document Sharing (XDS) architecture
and specifications. See Annex A for more information.
However, the ability to share information using IHE XDS technologies tends to require high cost to build
and maintain the necessary infrastructure, and it is sometimes difficult for each healthcare facility to
create the operational policy for the interoperable exchange of patient health information using that
infrastructure. Therefore, media such as CD / DVD continues to be used for exchanging images and
other health information (e.g. examination report, lab results, prescriptions, etc.).
In token-based health information sharing, each HI-TOKEN (health information token) contains
metadata of a health information document stored in a repository. The HI-TOKEN includes the document
ID, which identifies the specific document to be shared. Therefore, there is no need to search for the
document using, for example, patient identifying information as search keys. This saves time for the
recipient to locate and retrieve the shared document.
A HI-TOKEN can be provided to the patient, who can provide it to the referred healthcare facility at
his / her discretion. The referred healthcare facility can then use the HI-TOKEN to retrieve the shared
document. This process has the additional advantage that it allows the patient to provide implicit
consent for the information exchange in that they are in full control of providing the HI-TOKEN to the
receiving care service provider.
Standardization of HI-TOKEN metadata and exchange formats minimizes the potential differences in
interpretation between vendors implementing the corresponding systems, thereby contributing to the
overall improvement of interoperability.
NOTE 2 Annex B provides an example implementation and data flow for a health information sharing system
using HI-TOKEN based exchange, including data content and token format examples.
TECHNICAL SPECIFICATION ISO/TS 22691:2021(E)
Health informatics — Token-based health information
sharing
1 Scope
This document specifies the data element content and exchange format for tokens used in token-based
health information sharing. It includes
a) the data items that may be contained in a health information token (HI-TOKEN),
b) the value representation for each data item,
c) the exchange formats allowed for HI-TOKEN sharing (electronic, machine-readable symbol, print),
and
d) considerations when establishing governance policies specifying how HI-TOKENs can be used
within a specific group of healthcare organizations.
Provision is made for both physical media and electronic exchange media.
This document addresses the overall conceptual architecture and process for token-based health
information sharing, as well as the role of patients, referring healthcare facilities, referred healthcare
service providers, and health research institutions. Provision is made for pseudonymization of patient
data.
This document only defines the specification of the HI-TOKEN used in token-based health information
sharing. Data exchange / transport architectures, encryption methods, and specific governance policy
requirements are outside the scope of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 3166-1, Codes for the representation of names of countries and their subdivisions — Part 1: Country
code
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
metadata
attributes and related information about a set of data
3.2
object identifier
globally unique identifier for an information object
Note 1 to entry: Object identifiers are standardized by standard developing organizations such as the
International Telecommunications Union (ITU), ISO or IEC.
3.3
quick response code
QR code
two-dimensional machine-readable optical symbol
Note 1 to entry: QR code formats are specified in ISO/IEC 18004:2015.
3.4
transport layer security
TLS
mechanism that enables use of a secure channel (communication path) for communication between
various servers and clients using TCP/IP
Note 1 to entry: TLS is a suite of protocols managed by the Internet Engineering Task Force (IETF), with the
foundational definition in RFC 1122.
3.5
health information token
HI-TOKEN
metadata that enables secure exchange in token-based health information sharing
Note 1 to entry: HI-TOKENs can be exchanged in electronic representation, machine-readable optical
representation, or paper
...
TECHNICAL ISO/TS
SPECIFICATION 22691
First edition
2021-05
Health informatics — Token-based
health information sharing
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Data items in HI-TOKEN . 3
4.1 Overview . 3
4.2 Item definitions . 3
5 Data types and value representations in HI-TOKEN . 4
5.1 Overview . 4
5.2 Data types and value representations . 4
6 Exchange format of HI-TOKEN . 5
6.1 Overview . 5
6.2 Electronic representation . 5
6.3 Machine-readable optical representation . 6
6.4 Printed text representation . 7
7 Security considerations. 8
7.1 General considerations . 8
7.1.1 Overview . 8
7.1.2 HI-TOKEN . 9
7.1.3 Documents stored in the information repository . 9
7.1.4 Data transfer . 9
7.1.5 Encryption . 9
7.1.6 Authentication and authorization . 9
7.1.7 Logging . 9
7.2 Specific requirements . 9
8 Guidance for establishing a HI-community token sharing policy .9
Annex A (informative) Comparison of IHE XDS/XDR and token-based health information
sharing use cases .12
Annex B (informative) Data flow of token-based health information sharing .17
Bibliography .22
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 215, Health informatics.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved
Introduction
The interexchange of patient health information between healthcare facilities is important for both
patients and the facilities to ensure the continuity and safety of healthcare and to reduce unnecessary
examinations. Exchange of health information using IHE XDS is known as an effective solution for
accessing patient health information in real-time when needed to provide care.
NOTE 1 Integrating the Healthcare Enterprise (IHE) Cross-enterprise Document Sharing (XDS) architecture
and specifications. See Annex A for more information.
However, the ability to share information using IHE XDS technologies tends to require high cost to build
and maintain the necessary infrastructure, and it is sometimes difficult for each healthcare facility to
create the operational policy for the interoperable exchange of patient health information using that
infrastructure. Therefore, media such as CD / DVD continues to be used for exchanging images and
other health information (e.g. examination report, lab results, prescriptions, etc.).
In token-based health information sharing, each HI-TOKEN (health information token) contains
metadata of a health information document stored in a repository. The HI-TOKEN includes the document
ID, which identifies the specific document to be shared. Therefore, there is no need to search for the
document using, for example, patient identifying information as search keys. This saves time for the
recipient to locate and retrieve the shared document.
A HI-TOKEN can be provided to the patient, who can provide it to the referred healthcare facility at
his / her discretion. The referred healthcare facility can then use the HI-TOKEN to retrieve the shared
document. This process has the additional advantage that it allows the patient to provide implicit
consent for the information exchange in that they are in full control of providing the HI-TOKEN to the
receiving care service provider.
Standardization of HI-TOKEN metadata and exchange formats minimizes the potential differences in
interpretation between vendors implementing the corresponding systems, thereby contributing to the
overall improvement of interoperability.
NOTE 2 Annex B provides an example implementation and data flow for a health information sharing system
using HI-TOKEN based exchange, including data content and token format examples.
TECHNICAL SPECIFICATION ISO/TS 22691:2021(E)
Health informatics — Token-based health information
sharing
1 Scope
This document specifies the data element content and exchange format for tokens used in token-based
health information sharing. It includes
a) the data items that may be contained in a health information token (HI-TOKEN),
b) the value representation for each data item,
c) the exchange formats allowed for HI-TOKEN sharing (electronic, machine-readable symbol, print),
and
d) considerations when establishing governance policies specifying how HI-TOKENs can be used
within a specific group of healthcare organizations.
Provision is made for both physical media and electronic exchange media.
This document addresses the overall conceptual architecture and process for token-based health
information sharing, as well as the role of patients, referring healthcare facilities, referred healthcare
service providers, and health research institutions. Provision is made for pseudonymization of patient
data.
This document only defines the specification of the HI-TOKEN used in token-based health information
sharing. Data exchange / transport architectures, encryption methods, and specific governance policy
requirements are outside the scope of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 3166-1, Codes for the representation of names of countries and their subdivisions — Part 1: Country
code
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
metadata
attributes and related information about a set of data
3.2
object identifier
globally unique identifier for an information object
Note 1 to entry: Object identifiers are standardized by standard developing organizations such as the
International Telecommunications Union (ITU), ISO or IEC.
3.3
quick response code
QR code
two-dimensional machine-readable optical symbol
Note 1 to entry: QR code formats are specified in ISO/IEC 18004:2015.
3.4
transport layer security
TLS
mechanism that enables use of a secure channel (communication path) for communication between
various servers and clients using TCP/IP
Note 1 to entry: TLS is a suite of protocols managed by the Internet Engineering Task Force (IETF), with the
foundational definition in RFC 1122.
3.5
health information token
HI-TOKEN
metadata that enables secure exchange in token-based health information sharing
Note 1 to entry: HI-TOKENs can be exchanged in electronic representation, machine-readable optical
representation, or paper
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.