SIST EN ISO 17523:2025

SLOVENSKI STANDARD
01-oktober-2025
Nadomešča:
SIST EN ISO 17523:2016
Zdravstvena informatika - Zahteve za elektronske recepte (ISO 17523:2025)
Health informatics - Requirements for electronic prescriptions (ISO 17523:2025)
Medizinische Informatik - Anforderungen an elektronische Verschreibungen (ISO
17523:2025)
Informatique de santé - Exigences applicables aux prescriptions électroniques (ISO
17523:2025)
Ta slovenski standard je istoveten z: EN ISO 17523:2025
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 17523
EUROPEAN STANDARD
NORME EUROPÉENNE
August 2025
EUROPÄISCHE NORM
ICS 35.240.80 Supersedes EN ISO 17523:2016
English Version
Health informatics - Requirements for electronic
prescriptions (ISO 17523:2025)
Informatique de santé - Exigences applicables aux Medizinische Informatik - Anforderungen an
prescriptions électroniques (ISO 17523:2025) elektronische Verschreibungen (ISO 17523:2025)
This European Standard was approved by CEN on 27 June 2025.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 17523:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 17523:2025) has been prepared by Technical Committee ISO/TC 215 "Health
informatics" in collaboration with Technical Committee CEN/TC 251 “Health informatics” the
secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by February 2026, and conflicting national standards
shall be withdrawn at the latest by February 2026.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 17523:2016.
Any feedback and questions on this document should be directed to the users’ national standards
body/national committee. A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Endorsement notice
The text of ISO 17523:2025 has been approved by CEN as EN ISO 17523:2025 without any modification.

International
Standard
ISO 17523
Second edition
Health informatics — Requirements
2025-07
for electronic prescriptions
Informatique de santé — Exigences applicables aux prescriptions
électroniques
Reference number
ISO 17523:2025(en) © ISO 2025
ISO 17523:2025(en)
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO 17523:2025(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 3
4.1 Generic conformance .3
4.2 Data element conformance .4
5 General information . 4
5.1 Structure of this document .4
5.2 Usage of this document .4
5.3 Use cases, actors, processes .4
5.4 Information objects .5
5.4.1 Prescription .5
5.4.2 Related information objects .5
6 Requirements for electronic prescriptions . 6
6.1 General requirements for prescriptions .6
6.2 Identification of the patient .6
6.3 Identification of the prescribing healthcare professional .6
6.4 Identification of the prescribed product .7
6.5 Dispense information .7
6.6 Usage instructions.7
6.7 Authentication of the electronic prescription .7
6.8 Data elements .7
Annex A (normative) Data elements . 8
Annex B (informative) Examples of elements and implementations of electronic prescription.18
Bibliography .24

iii
ISO 17523:2025(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 215, Health informatics, in collaboration with
the European Committee for Standardization (CEN) Technical Committee CEN/TC 251, Health informatics, in
accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO 17523:2016), of which it constitutes a minor
revision. The changes are as follows:
— introduction of a data model;
— reshuffling of requirements into clauses in line with the data model;
— rephrasing the requirements in well-defined capability statements;
— updating the relationship between other ISO standards and this document such as IDMP.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
ISO 17523:2025(en)
Introduction
Modern healthcare is rapidly advancing and relying on electronic communications. Many countries
already have or are in the process of developing electronic systems to contain and distribute personal data
regarding healthcare, including the exchange of electronic prescriptions (ePrescriptions). Therefore, it
becomes increasingly important to set up a document that can facilitate safe and reliable dispensing and
administration of the prescribed product to the patient. Also, since international travelling has become
integrated into daily life, it is important that electronic communications regarding prescriptions can
somehow be synchronized between prescribers and dispensers in different jurisdictions.
The most important question regarding ePrescriptions is which information is required to be included in the
ePrescriptions in order to have exactly the intended medicine dispensed to the patient, including all relevant
information with regard to its correct and safe use. This document provides the basic set of information
requirements for ePrescriptions.
While the organization of healthcare is national, the development and production of medicinal products on
the other hand is truly international. For the identification of medicinal products (IDentification of Medicinal
Products, IDMP), five ISO standards are available. This document on ePrescriptions is based on these
standards. In addition, the market authorization is strictly legislated in jurisdictional specific directives and
laws. Part of this legislation regulates prescribing and dispensing of medicinal products. Information systems
in healthcare must be designed so that end-users comply with this legislation (preferably without needing
to pay too much attention). An International Standard on ePrescriptions can support the implementation of
(international) legislation on medicinal products in health informatics.
The prescription written on paper has a deeply rooted cultural history for both healthcare professionals
and patients. Using an ePrescription instead of paper is a change that should be guided to ensure society’s
trust in healthcare professionals. Requirements for the processing of ePrescriptions can fulfil this need. An
example of use in practice of this specification is the following: a general practitioner prescribes a medicinal
product for a patient with the aid of an information system and sends the ePrescription to the local pharmacy
where the patient picks up the medication a short while thereafter.
The benefit of an International Standard on the requirements of ePrescription is that it can serve as a
starting point and reference for all kinds of records and messages related to ePrescriptions, facilitating the
communication between stakeholders and information systems.
The intended audience for this document is made up of the developers of standards and information systems,
so that, in using their products, end-users (healthcare professionals) comply with legislation, regulations and
expectations of society relating to the prescribing and dispensing of medicinal products. Specifically, this
document provides a basis for a common understanding of the data elements contained in an ePrescription
across legislations.
v
International Standard ISO 17523:2025(en)
Health informatics — Requirements for electronic
prescriptions
1 Scope
The scope of this document is constrained to the content of the electronic prescription (ePrescription) itself,
the digital document which is issued by a prescribing healthcare professional and received by a dispensing
healthcare professional. The prescribed medicinal product is to be dispensed through an authorized
healthcare professional with the aim of being administered to a human patient. The ePrescription in the
administrative workflow of reimbursement is not covered in this document.
This document specifies the requirements that apply to ePrescriptions. It describes generic principles that
are considered important for all ePrescriptions.
This document is applicable to ePrescriptions of medicinal products for human use. Although other kinds
of products (e.g. medical devices, wound care products) can be ordered by means of an ePrescription, the
requirements in this document are aimed at medicinal products that have a market authorization and at
pharmaceutical preparations which are compounded in a pharmacy.
This document does not limit the scope to any setting (community, institutional) and leaves it to the national
bodies to decide on this matter.
This document specifies a list of data elements that can be considered as essential for ePrescriptions,
depending on jurisdiction or clinical setting (primary healthcare, hospital, etc.). Ensuring the authenticity of
these data elements is in scope and will have impact on the requirements of information systems.
Other messages, roles and scenarios (e.g. validation of a prescription, administration, medication charts, EHR
of the patient, reimbursement of care and dispensed products) are not covered in this document, because
they are country-specific or region-specific, due to differences in culture and in legislation of healthcare.
However, requirements and content of ePrescriptions within the context of jurisdictions have a relationship
with these scenarios. This document also does not cover the way in which ePrescriptions are made available
or exchanged, and the process of prescribing itself.
The logistic process of prescribing itself is not part of the scope. A prescription can either be sent (pushed)
to a dispenser or either be retrieved (pulled) at the dispenser. However, the requirement for the prescription
is described, that it will be able to function in both environments.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 11239, Health informatics — Identification of medicinal products — Data elements and structures for the
unique identification and exchange of regulated information on pharmaceutical dose forms, units of presentation,
routes of administration and packaging
ISO 11240, Health informatics — Identification of medicinal products — Data elements and structures for the
unique identification and exchange of units of measurement
ISO 8601-1, Date and time — Representations for information interchange — Part 1: Basic rules
ISO/TS 22220, Health informatics — Identification of subjects of health care

ISO 17523:2025(en)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
dispenser
healthcare professional authorized to dispense medicinal products
3.2
dispensing
process of validation of the electronicprescription (3.3), preparation of the medicinal product (3.8), labelling,
informing and handing the medication to the patient or administering healthcare professional
3.3
electronic prescription
ePrescription
prescription (3.7) (issued by electronic means) that conforms with this document
3.4
digital signature
signature based upon cryptographic methods of originator authentication (3.10), computed by using a set of
rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
Note 1 to entry: Digital signatures employ a type of asymmetric cryptography. For messages sent through an insecure
channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the
claimed sender.
3.5
prescriber
healthcare professional authorized to issue electronic prescriptions (3.3)
Note 1 to entry: Typically, the healthcare professional is a medical specialist or a general practitioner, but this differs
across legislations. In some countries, pharmacists or nurse practitioners are also authorized to prescribe.
3.6
prescribing
the intellectual process of deciding on a medication, related to medication treatment plans, decision support,
etc. including all considerations that lead to defining the information to be entered prior to the prescription
(3.7) entry
3.7
prescription
a set of instructions issued by a prescriber (3.5) that authorizes a medicinal product (3.8) to be dispensed or
administered to a patient.
Note 1 to entry: The word “prescription” is sometimes used when referring to the act of prescribing, “prescription
process”. To avoid confusion with the term “prescription” as an information object, throughout this document, the
word “prescription” is reserved for the information object. For the act of prescribing, the term “prescribing” is used.
Note 2 to entry: The word prescription is used in different contexts depending on the language and country. In certain
languages it only refers to a community setting, while the prescribing (3.6) in institutional setting is called differently,
such as medication order. In other languages the same word is used for the community as well as the institutional
setting. In general, the content should still abide to (international) medicinal acts, that do not distinguish any setting.

ISO 17523:2025(en)
3.8
medicinal product
substance or combination of substances that may be administered to human beings to treat or prevent disease
[SOURCE: ISO 11615:2012, 3.1.49, modified — “with the view to making a medical diagnosis or to restore,
correct or modify physiological functions” was removed from the definition; the Notes to entry were
removed.]
3.9
medicinal product dictionary
system that is specifically designed to support the prescription (3.7), dispensing (3.2) and administration
of medications in healthcare based on an accurate listing, description and identification (3.12) of medicinal
products
3.10
authentication
formalized process of verification that, if successful, results in an authenticated identity for an entity
Note 1 to entry: The authentication process involves tests by a verifier of one or more identity attributes provided by
an entity to determine, with the required level of assurance, their correctness.
Note 2 to entry: Authentication typically involves the use of a policy to specify a required level of assurance for the
result of a successful completion.
Note 3 to entry: Identification is usually done as authentication to obtain a specific level of assurance in the result.
[SOURCE: ISO/IEC 24760-1:2011, 3.3.1]
3.11
authorization
granting of rights, which includes the granting of access based on access rights
[SOURCE: ISO 7498-2:1989, 3.3.10]
3.12
identification
process of recognizing an entity in a particular domain as distinct from other entities
Note 1 to entry: The process of identification applies verification to claimed or observed attributes.
Note 2 to entry: Identification typically is part of the interactions between an entity and the services in a domain and
to access resources. Identification can occur multiple times while the entity is known in the domain.
[SOURCE: ISO/IEC 24760-1:2011, 3.2.1]
3.13
identity information
set of values of attributes that differentiate one entity from others
Note 1 to entry: In an information and communication technology system, an identity is present as identity information.
[SOURCE: ISO/IEC 24760-1:2011, 3.2.4, modified — “optionally with any associated metadata in an identity”
was changed to “that differentiate one entity from others”.]
4 Conformance
4.1 Generic conformance
An ePrescription is conformant to this document when it fulfils all detailed requirements in Clause 6.

ISO 17523:2025(en)
4.2 Data element conformance
An ePrescription is conformant to Annex A when it fulfils the requirements described in Clause 6 by using
data elements from Annex A.
NOTE Data element conformance implies generic conformance.
5 General information
5.1 Structure of this document
Clause 6 describes the generic requirements considered important for any ePrescription, regardless of the
data elements presented in the ePrescription. Annex A lists a selection of data elements and their definition
that should be used to fulfil the requirements as specified in Clause 6. Annex B has three parts: Clause B.1
lists examples of ePrescription implementations in other countries; Clause B.2 provides an overview of
data structures and standards; Clause B.3 lists examples and code snippets belonging to either the core or
optional elements.
5.2 Usage of this document
This document is intended to be used in the process of development of standards and information systems
handling ePrescription information. It can also be used as the baseline for compliance, validation and
certification of information systems. Healthcare system designers should specify which data elements are
supported by their implementation. The chosen subset may vary based on their intended use, regulatory
background, and other aspects that condition the local requirements. However, data elements used shall
fulfil the requirements of Annex A.
5.3 Use cases, actors, processes
This document specifies the requirements for the information object that is created when a system issues
a prescription. While an ePrescription can appear in a wide range of processes, the intended scope of this
document is for a simple use case:
A prescriber enters prescription information for medication. The prescription information may then
be reviewed by another professional before dispensing and the medication is then dispensed. After the
dispense, the medication is expected to be administered.
NOTE 1 The confirmation of the ordering process of a prescription is often a dispense. The requirements for a
dispense is defined in ISO/TS 19293.
NOTE 2 In the cross-border setting in the EU, the use case is described in the “Guidelines on e-prescriptions dataset
[18]
for electronic exchange under cross-border directive 2011/24/EU”.
NOTE 3 Review, dispense, and administration processes use the prescription information. These processes can
lead to the creation of new additional information possibly including parts of the prescription information or referring
to it. The review, dispense and administration processes are considered only in so far as they impose additional
requirements on the prescription information. The information created by those processes is not subject of this
document.
NOTE 4 Beside the primary process of ordering prescriptions, the data of prescriptions can also be subject for
secondary purposes, i.e. as the subject of a query. Examples are input for medication lists or research purposes.
This document only addresses the requirements that are necessary for the ePrescription. However, this use
case can trigger the following acts.
— Prescribing: the activities involved with prescribing as defined in Clause 3.

ISO 17523:2025(en)
— Prescription review: to check prescription information against pharmaceutical knowledge and
regulations, e.g. drug interaction checking.
— In order to fulfil this task, the reviewer should have access to information concerning the current
treatment of the patient and medication already dispensed. For a prescription to be validated, a
prescription review (or several) can be needed. The conditions for this are not relevant for this
document.
— During the review process, there can arise a need to contact the prescriber.
NOTE 5 Prescription review is also known as medication order review or pharmaceutical review.
— Dispense of medication: to dispense the physical medication, based on the (previously validated)
prescription information assigning (giving) the medication to a particular patient, including the
necessary actions that lead to that dispensing. The dispenser may be entitled to diverge from the initial
prescription (e.g. change the brand of the medication) or to reject the prescription and inform the
prescriber on this rejection.
NOTE 6 One prescription can lead to more than one dispense action, such as repeat prescriptions for chronic
diseases. Differences can exist between healthcare settings. In some settings, repeated dispenses require
separate individual prescriptions, yielding a 1:1 relationship between prescriptions and dispenses; in other
settings, multiple dispenses per prescription are allowed.
— Administration: the prescribed medication is intended to be administered to the patient by the patient
itself or by another person.
Additional acts can be triggered by the prescription, such as those related to reimbursement (eligibility,
reimbursement requests) or secondary uses (adding to the patient history).
5.4 Information objects
5.4.1 Prescription
The prescription shall describe the medication that the prescriber wants to be administered to or used by
the patient. It may serve as input to the prescription review and dispense process. Variations in the content
of the prescription can occur, varying from country to country, depending upon regulations, responsibilities,
and standards.
5.4.2 Related information objects
The following information related to a prescription is necessary to support the chain from prescription to
administration.
a) The dispensed medication information contains what medication has actually been dispensed. The
prescription that resulted in a dispense is traceable from the dispense. There can be, in general, multiple
dispenses originating from one prescription.
b) The prescription review documentation object contains the observations and actions of the pharmacist
in the prescription review process. The possible states, represented in the status of a prescription,
are dependent on the protocols of the environment (community, institutional, country). The review
documentation is traceable to the prescription.
c) The administration documentation object describes the administration event (primarily in hospitals).
These events are traceable to the prescription, they may be sent along with the prescription information
or managed in some other way, independently from the prescription information.

ISO 17523:2025(en)
6 Requirements for electronic prescriptions
6.1 General requirements for prescriptions
The following requirements and recommendations, derived from the use case, apply:
a) The patient shall be unambiguously identifiable by all the healthcare professionals (see 6.2).
b) The healthcare professional that enters the prescription shall be identifiable for legal and auditing
reasons and in order to be contacted by the other participants (see 6.3).
c) The prescription information entry is a professional activity of the responsible prescribing person,
potentially causing patient safety issues and also liability issues in subsequent process steps (see 6.8).
Therefore, there shall be an appropriate level of assurance that the prescription information entry
accurately and unambiguously captures the intention of the prescriber (see 6.6).
d) The medicinal product(s) that is the object of the prescription shall be clearly and unambiguously
identifiable by all actors (see 6.4).
e) The contextual information of the prescription that is relevant for the dispensing or administration shall
also be available. This may include insight into specific patient information or instructions (see 6.6).
f) The content shall convey the legal authorization to dispense a medicinal product (see 6.7).
g) Since the prescription is a trigger for a process, the data for these processes (validity, identification,
conditions for dispense or others like reimbursement) should be available (see 6.8).
h) The data that are available (or are permitted) can differ across clinical cases, across regulatory
frameworks, or across different products. Therefore, the standard mechanisms cannot enforce any
specific set of data (see 6.8). The recommendation, however, is to apply international agreed data sets
and terminology.
6.2 Identification of the patient
A patient is a person in the role of subject of care. Data content shall support reliable long-term identification
and provide contact information (e.g. location or telecom).
The patient shall be able to identify themselves using an identification method that is legal in the country of
the prescriber. The identity information shall provide the ability to track the patient in case of emergency,
such as a misprescribed drug or dose or a recall of medication.
In cases where the identity of the patient cannot be revealed to the dispenser (e.g. in special healthcare
situations due to national legislation), the prescriber shall provide alternative identity information. Any
constraints, such as pseudonymization on patient identification can bring risks, namely patient safety risks.
There shall be a reliable way to unambiguously and clearly re-identify the patient, in such cases, in order to
mitigate those risks.
6.3 Identification of the prescribing healthcare professional
A prescriber shall be a healthcare professional, i.e. a person who is involved in or associated with the
delivery of healthcare to a subject of care or caring for the well-being of a subject of care (see ISO/TS 27527)
and is authorized to issue prescriptions (ISO 21549-7). Data content shall support testing the legitimate use
(identification, authentication, authorization), traceability/auditing, and non-repudiation.
A prescriber is related to a healthcare organization. This can be a single care provider practice or an
institution. In many countries the relationship between the prescriber and the health organization is of great
importance and often required as part of the identification of the prescriber. Not only is the identification
provided and non-repudiation guaranteed by the organization, but legal responsibilities are often at the
organizational level.
ISO 17523:2025(en)
6.4 Identification of the prescribed product
The product prescribed in an ePrescription can either be medication, medical device or nursing products,
such as bandages. In case of medication, the ePrescription created, exchanged, and filled according to
this document shall conform with the ISO IDMP standards as defined in A.5.2 to realize the unique and
unambiguous identification of medicinal products in ePrescriptions.
Preferably and in the case of a medicinal product, the information should be derived from a medicinal
product dictionary (MPD) (see ISO/TS 19256).
This means that a prescription shall be created using the following for the description of the medicine:
— an MPD that is based on IDMP;
— if this is not available but there is an MPD with local identification of the medicines, this is second best;
— if both are not available, enough information shall be given on the ePrescription for the dispenser to
dispense the correct product.
6.5 Dispense information
The prescription shall be clear on the amount to be dispensed.
NOTE For certain classes of medicinal products, such as narcotics, special precautions are required to prevent
abuse of medication. Prescribing and dispensing are regulated by international law.
6.6 Usage instructions
The ePrescription shall supply the information that is required to instruct the patient on the use and
administration of the prescribed product. This shall include data on the route of administration, amount per
dosing event, timing of dose events, duration of treatment and directions of use. When this information is
relevant in order to dispense the correct amount of the prescribed product (e.g. number of tablets), it shall
also be available to the dispenser.
The usage instructions should be in machine readable structured format. This allows clinical decision
support to perform safety checks on the medication usage.
NOTE In HL7v3 these machine readable codes are expressed using a specific XML datatype called General Time
Specification (GTS, see ISO 21090). In H7 FHIR the machine readable code is expressed using the FHIR resource
called Dosage.
6.7 Authentication of the electronic prescription
Authentication includes verifying the integrity of the ePrescription, verifying the authentication and
authorization of the prescribing professional, and validating the commitment of the prescriber to the
content. Therefore, a prescription should bear a signature of the prescribing healthcare professional.
An ePrescription may contain a digital signature that provides the potential for authentication of the
prescription information.
6.8 Data elements
An ePrescription shall contain a subset of the data elements listed in Annex A. This subset depends on the
use case. Data elements used shall fulfil the requirements of Annex A.

ISO 17523:2025(en)
Annex A
(normative)
Data elements
A.1 Schematic representation of electronic prescription contents
Figure A.1 — Logical model of ePrescription
The logical model in Figure A.1 depicts the relationships between the different classes in a prescription.
It also shows the cardinality in the relationship of the various classes. The focal object of the model is the
prescription itself:
— A prescription contains information of two different types:
— therapeutical information about a medication therapy, expressed in the usage instructions;
— logistical information with the authorization to dispense and supply the medication, symbolized in
the dispense request.
— The prescription is meant as a medicinal therapy for one single recipient and that is the patient.
— The prescription has been issued under the authorization of only one prescriber.
— The prescription contains one medicinal product. Certain countries allow multiple products under the
same prescription identifier, but this feature is not expected to be supported in mixed environment, such
as cross border exchange.
— In most cases there is at least one dosage instruction for the usage of the medicinal product. In case of
complex dosage schemas there will be multiple instructions.
— In most cases there is one dispense request, including possible instructions for repetition. The dispense
request can be absent in case of a prescription with a stop instruction (i.e. terminate the use) or a dosage
reduction.
A system is conform to the logical model if it supports the classes and relationships as depicted. Country-
specific regulations can have additional stricter rules. Other countries are not required to support these
additional rules.
Each clause in the following chapters contains capability statements. The capability statement are of the
following categories:
— Shall: This requirement is mandatory. Receiving information where this attribute is absent leads to a
rejection of the total received transaction.

ISO 17523:2025(en)
— Should: It is highly recommended that this requirement is supported and if it is there, then this is how it
should be supported. Receiving information where this attribute is present can be ignored by a receiver
that does not support this attribute. However, the remainder of the transaction should be processed.
— May: This requirement is optional, but if it is there, then this is how it should be supported. Receiving
information where this attribute is present can be ignored by a receiver that does not support this
attribute. However, the remainder of the transaction should be processed.
A.2 Electronic prescription information
A.2.1 Electronic prescription identifier
The prescription shall contain an identifier.
This is a value to uniquely identify an ePrescription. The ePrescription should receive a globally unique
identifying code for traceability, e.g. by making use of information object definitions. It may additionally be
used to register whether an ePrescription and/or the maximum number of repeats was already dispensed
[19]
or not to prevent that patients retrieve medicines several times using the same ePrescription .
A.2.2 Issue date
The prescription shall contain an issue date and optionally the time the electronic prescription was issued
by the prescriber. The issue date of the prescription can be important for reimbursement of the prescribed
drug(s) and to indicate whether the ePrescription is still valid to trigger a dispense event. Date shall be
stated as described in ISO 8601-1.
A.2.3 Prescription status
The prescription may contain a prescription status.
This status indicates whether the prescription is still eligible for dispensing or whether it has been completed.
The need for this attribute mainly depends on the scenarios and legislation that are in use in a specific
region. In countries where prescriptions are being sent from
...