Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

02-28-2014

Publisher

British Standards Institution

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this International Standard
6 General principles and roles
7 Legitimising data transfer
8 Criteria for ensuring adequate data protection
   with respect to the transfer of personal
   health data
9 Security policy
10 High Level Security Policy: the content
11 Rationale and Observations on Measures to support
   Principle Ten concerning security of processing
12 Personal health data in non-electronic form
Annex A (informative) - Key primary international
        documents on data protection
Annex B (informative) - National documented
        requirements and legal provisions in a
        range of countries
Annex C (informative) - Exemplar contract clauses:
        Controller to controller
Annex D (informative) - Exemplar contract clauses:
        Controller to processor
Annex E (informative) - Handling very sensitive
        personal health data
Bibliography

Specifies guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.

This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.

It does not require the harmonization of existing national or jurisdictional standards, legislation or regulations. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles.

This International Standard covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles.

Where a multilateral treaty between a number of countries has been agreed (e.g. the EU Data Protection Directive), the terms of that treaty will take precedence.

This International Standard aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country/jurisdiction.

This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application, legal advice appropriate to that application can be sought.

National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries/jurisdictions may have some more stringent and particular requirements.

Committee	IST/35
DevelopmentNote	Supersedes 11/30192880 DC. (02/2014)
DocumentType	Standard
Pages	70
PublisherName	British Standards Institution
Status	Current
Supersedes	BS ISO 22857:2004 11/30192880 DC : 0

Standards	Relationship
ISO 22857:2013	Identical

ISO 17090-1:2013	Health informatics Public key infrastructure Part 1: Overview of digital certificate services
ISO/TS 25237:2008	Health informatics Pseudonymization
ISO/TS 22600-1:2006	Health informatics Privilege management and access control Part 1: Overview and policy management
ISO/TS 14265:2011	Health Informatics - Classification of purposes for processing personal health information
ISO 17090-2:2015	Health informatics Public key infrastructure Part 2: Certificate profile
ISO 27789:2013	Health informatics Audit trails for electronic health records
ISO 21091:2013	Health informatics — Directory services for healthcare providers, subjects of care and other entities
ISO 17090-3:2008	Health informatics Public key infrastructure Part 3: Policy management of certification authority
ISO/TS 22600-2:2006	Health informatics Privilege management and access control Part 2: Formal models
ISO/TS 22600-3:2009	Health informatics Privilege management and access control Part 3: Implementations
ISO/TS 21298:2008	Health informatics Functional and structural roles
ISO 27799:2016	Health informatics Information security management in health using ISO/IEC 27002

View more information

US$330.61

Excluding Tax where applicable

Product format

I agree to the DRM document license rules apply against the PDF selection made.

Please confirm that you agree to the document license rules for this document.

I agree to the document license rules .

Please confirm that you agree to the document license rules for this document.

Access your standards online with a subscription

Features

Simple online access to standards, technical information and regulations.
Critical updates of standards and customisable alerts and notifications.
Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

Get in touch with us

Log into your Account

BS ISO 22857:2013

Current

Table of Contents

Abstract

Scope

General Product Information

International Equivalents

Standards Referencing This Book

Category

Subcategory

Access your standards online with a subscription