Category
Standard
Organisation
ID
ISO 13606-4:2019
Type
Standard
Version
1
Access
Fees apply to access
Status
Active
Created
Jun 2019
This document is Part 4 of a 5-part series that sets out a system for communicating about electronic health records (EHRs). This system enables the communication of whole or partial EHRs between EHR systems, or between EHR systems and a centralised EHR data repository. Part 4 describes a methodology for specifying the privileges necessary to access EHR data, including the representation and communication of EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.
In addition to the direct communication of EHRs, the system can also be used for decision support components, personal health applications and devices that need to access or provide EHR data, or the representation of EHR data within a distributed (federated) record system.
This document is primarily intended to support direct care given to identifiable individuals, self-care by individuals and population monitoring systems such as disease registries and public health surveillance. It may also be useful for other purposes such as teaching, clinical audit, administration and reporting, service management, research and epidemiology, which often require the anonymisation or aggregation of individual records.
Main sections:
· Scope
· Normative references
· Terms and definitions
· Conformance
· Record component sensitivity and functional roles
· Representing access policy information within an EHR_EXTRACT
· Representing audit log information
· Annex A: Illustrative access control example
· Annex B: Relations of ISO 13606-4 to alternative approaches
In addition to the direct communication of EHRs, the system can also be used for decision support components, personal health applications and devices that need to access or provide EHR data, or the representation of EHR data within a distributed (federated) record system.
This document is primarily intended to support direct care given to identifiable individuals, self-care by individuals and population monitoring systems such as disease registries and public health surveillance. It may also be useful for other purposes such as teaching, clinical audit, administration and reporting, service management, research and epidemiology, which often require the anonymisation or aggregation of individual records.
Main sections:
· Scope
· Normative references
· Terms and definitions
· Conformance
· Record component sensitivity and functional roles
· Representing access policy information within an EHR_EXTRACT
· Representing audit log information
· Annex A: Illustrative access control example
· Annex B: Relations of ISO 13606-4 to alternative approaches
Access Health informatics – Electronic health record communication – Part 4: Security
By accessing this content, you are leaving this website. The Agency takes no responsibility for the accuracy of content on the destination page.