• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

ISO/TS 17975:2015

Withdrawn
Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

View Superseded by
withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

Health informatics — Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information
Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Withdrawn date

02-11-2022

Language(s)

English

Published date

18-09-2015

ISO/TS 17975:2015 defines the set of frameworks of consent for the Collection, Use and/or Disclosure of personal information by health care practitioners or organizations that are frequently used to obtain agreement to process the personal health information of subjects of care. This is in order to provide an Informational Consent framework which can be specified and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and the communication of electronic health records across organizational and jurisdictional boundaries.

The scope of application of this Technical Specification is limited to Personal Health Information (PHI) as defined in ISO 27799, "information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual. This information might include:

- information about the registration of the individual for the provision of health services;

- information about payments or eligibility for health care in respect to the individual;

- a number, symbol or particular code assigned to an individual to uniquely identify the individual for health purposes;

- any information about the individual that is collected in the course of the provision of health services to the individual;

- information derived from the testing or examination of a body part or bodily substance;

- identification of a person, e.g. a health professional, as a provider of healthcare to the individual."

Good practice requirements are specified for each framework of Informational Consent. Adherence to these requirements is intended to ensure any subject of care and any parties that process personal health information that their agreement to do so has been properly obtained and correctly specified.

ISO/TS 17975:2015 is intended to be used to inform:

- discussion of national or jurisdictional Informational Consent policies;

- ways in which individuals and the public are informed about how personal health information is processed within organizations providing health services and health systems;

- how to judge the adequacy of the information provided when seeking Informational Consent;

- design of both paper and electronic Informational Consent declaration forms;

- design of those portions of electronic privacy policy services and security services that regulate access to personal health data;

- working practices of organizations and personnel who obtain or comply with consent for processing personal health information.

ISO/TS 17975:2015 does not:

- address the granting of consent to the delivery of healthcare-related treatment and care. Consent to the delivery of care or treatment has its own specific requirements, and is distinct from Informational Consent. Note that as Consent to Treatment and Care are outside the scope of this Technical Specification, the phrase "informational consent" is hereafter supplanted by the shorter "consent". In every case, it is Informational Consent that is intended;

- specify any jurisdiction's legal requirements or regulations relating to consent. The focus is on frameworks, not on jurisdictional legislation or its adequacy in any given jurisdiction. While care has been taken to design the frameworks so that they do not conflict with the legislation in most jurisdictions, they might challenge some existing practices. This Technical Specification uses an approach that allows organizations or jurisdictions to select a subset of those frameworks which best fit their law culture and approach to data sharing;

- specify what consent framework is to be applied to a data classification or data purpose as this may vary according to law or policy, although some examples of implementation profiles are provided in an informative Annex;

- determine the legal adequacy of the information upon which the consent is based or possible legal consequences of inadequate information;

- specify the data format used when consent status is communicated. The focus is on the information characteristics of consent, and not the technology or medium in which the characteristics are instantiated;

- specify how individuals giving Informed Consent come to be informed of the responsibilities, obligations and consequences related to granting consent;

- specify how individuals are to be informed of the specifics of the data, data sharing or data processing concerned;

- specify how consent itself or the specific activities of the consent process are to be recorded; only that they be recorded. Specific requirements on recording consent in EHR systems are given in ISO/TS 14441, 5.3.2;

- specify any information security requirements (e.g. the use of encryption or specific forms of user authentication) as these are the subject of other standards (e.g. ISO 27799).

DocumentType
Technical Specification
Pages
34
PublisherName
International Organization for Standardization
Status
Withdrawn
SupersededBy

Standards Relationship
DS ISO/TS 17975 : 2015 Identical
IS/ISO/TS 17975 : 2015 Identical
PD ISO/TS 17975:2015 Identical

14/30304350 DC : 0 BS EN ISO 27799 - HEALTH INFORMATICS - INFORMATION SECURITY MANAGEMENT IN HEALTH USING ISO/IEC 27002
BS EN ISO 27799:2008 Health informatics. Information security management in health using ISO/IEC 27002
EN ISO 27799:2016 Health informatics - Information security management in health using ISO/IEC 27002 (ISO 27799:2016)

ISO/TS 25237:2008 Health informatics Pseudonymization
ISO 22857:2013 Health informatics Guidelines on data protection to facilitate trans-border flows of personal health data
ISO/TS 14265:2011 Health Informatics - Classification of purposes for processing personal health information
ISO/TS 14441:2013 Health informatics — Security and privacy requirements of EHR systems for use in conformity assessment
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC 10181-3:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO 22600-1:2014 Health informatics Privilege management and access control Part 1: Overview and policy management
ISO/TS 13606-4:2009 Health informatics Electronic health record communication Part 4: Security
ISO 22600-3:2014 Health informatics Privilege management and access control Part 3: Implementations
ISO 22600-2:2014 Health informatics Privilege management and access control Part 2: Formal models
ISO/TS 21298:2008 Health informatics Functional and structural roles
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

View more information
£58.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.