• There are no items in your cart

ISO/TS 13606-4:2009

Withdrawn
Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

View Superseded by
withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

Health informatics Electronic health record communication Part 4: Security
Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Withdrawn date

03-09-2022

Language(s)

English

Published date

09-16-2009

Foreword
0 Introduction
  0.1 Challenge addressed by this part of ISO 13606
  0.2 Communication scenarios
  0.3 Requirements and technical approach
  0.4 Generic EHR access policy model
  0.5 Audit log interoperability
  0.6 Relationship to ENV 13606-3
1 Scope
2 Conformance
3 Terms and definitions
4 Abbreviations
5 Record component sensitivity and functional roles
  5.1 RECORD_COMPONENT sensitivity
  5.2 Functional roles
  5.3 Mapping of functional role to RECORD_COMPONENT sensitivity
6 Representing access policy information within an EHR_EXTRACT
  6.1 General
  6.2 Archetype of the Access policy COMPOSITION
  6.3 ADL representation of the archetype of the access
      policy COMPOSITION
  6.4 UML representation of the archetype of the access
      policy COMPOSITION
7 Representation of audit log information -
  EHR_AUDIT_LOG_EXTRACT model
Annex A (informative) - Illustrative access control example
Annex B (informative) - Relationship of this part of ISO 13606
                        to ENV 13606-3:2000
Bibliography

ISO/TS 13606-4:2009 describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in ISO 136061.

ISO/TS 13606-4:2009 seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.

DevelopmentNote
DRAFT ISO/DIS 13606-4 is also available for this standard. (02/2017)
DocumentType
Technical Specification
Pages
30
PublisherName
International Organization for Standardization
Status
Withdrawn
SupersededBy

Standards Relationship
NEN NPR ISO/TS 13606-4 : 2009 Identical

DIN EN ISO 22600-3:2015-02 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
UNI EN ISO 22600-3 : 2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS
DD ISO/TS 14265 : 2011 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION
S.R. CEN ISO/TS 14441:2013 HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF EHR SYSTEMS FOR USE IN CONFORMITY ASSESSMENT (ISO/TS 14441:2013)
ISO 18308:2011 Health informatics — Requirements for an electronic health record architecture
CEN ISO/TS 14265:2013 Health Informatics - Classification of purposes for processing personal health information (ISO/TS 14265:2011)
10/30231940 DC : 0 BS EN ISO 12967-1 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
BS EN ISO 12967-3:2011 Health informatics. Service architecture Computational viewpoint
BS ISO 18308:2011 Health informatics. Requirements for an electronic health record architecture
BS EN ISO 13940:2016 Health informatics. System of concepts to support continuity of care
PD ISO/TS 17975:2015 Health informatics. Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information
10/30156465 DC : DRAFT DEC 2010 BS EN ISO 27789 - HEALTH INFORMATICS - AUDIT TRAILS FOR ELECTRONIC HEALTH RECORDS
PD ISO/TR 14292:2012 Health informatics. Personal health records. Definition, scope and context
I.S. EN ISO 12967-1:2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
ISO/TS 17975:2015 Health informatics — Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information
UNI CEN ISO/TS 14441 : 2014 HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF HER SYSTEMS FOR USE IN CONFORMITY ASSESSMENT
EN ISO 12967-3:2011 Health informatics - Service architecture - Part 3: Computational viewpoint (ISO 12967-3:2009)
PD CEN ISO/TS 14265:2013 Health Informatics. Classification of purposes for processing personal health information
10/30231948 DC : 0 BS EN ISO 12967-3 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
DD ISO/TS 22600-3:2009 Health informatics. Privilege management and access control Implementations
BS EN ISO 10781:2015 Health Informatics. HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM)
DIN EN ISO 22600-3 E : 2015 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
I.S. EN ISO 13940:2016 HEALTH INFORMATICS - SYSTEM OF CONCEPTS TO SUPPORT CONTINUITY OF CARE (ISO 13940:2015)
S.R. CEN ISO/TS 14265:2013 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION (ISO/TS 14265:2011)
UNI EN ISO 12967-1 : 2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT
UNI CEN ISO/TS 14265 : 2013 HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION
ISO/TR 17522:2015 Health informatics Provisions for health applications on mobile/smart devices
EN ISO 22600-3:2014 Health informatics - Privilege management and access control - Part 3: Implementations (ISO 22600-3:2014)
PD IEC/TR 80001-2-2:2012 Application of risk management for IT-networks incorporating medical devices Guidance for the disclosure and communication of medical device security needs, risks and controls
I.S. EN ISO 12967-3:2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
IEC TR 80001-2-2:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
ISO 12967-3:2009 Health informatics Service architecture Part 3: Computational viewpoint
ISO/TS 14265:2011 Health Informatics - Classification of purposes for processing personal health information
ISO/TS 14441:2013 Health informatics — Security and privacy requirements of EHR systems for use in conformity assessment
ISO 22600-3:2014 Health informatics Privilege management and access control Part 3: Implementations
EN ISO 10781:2015 Health Informatics - HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM) (ISO 10781:2015)
EN ISO 13940:2016 Health informatics - System of concepts to support continuity of care (ISO 13940:2015)
AAMI IEC TIR 80001-2-2 : 2012 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-2: GUIDANCE FOR THE DISCLOSURE AND COMMUNICATION OF MEDICAL DEVICE SECURITY NEEDS, RISKS AND CONTROLS
UNE-EN ISO 13940:2016 Health informatics - System of concepts to support continuity of care (ISO 13940:2015)
PD ISO/TR 14639-2:2014 Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model
PD CEN ISO/TS 14441:2013 Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment
BS EN ISO 22600-3:2014 Health informatics. Privilege management and access control Implementations
PD ISO/TR 17522:2015 Health informatics. Provisions for health applications on mobile/smart devices
I.S. EN ISO 22600-3:2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014)
UNI EN ISO 12967-3 : 2011 HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT
I.S. EN ISO 10781:2015 HEALTH INFORMATICS - HL7 ELECTRONIC HEALTH RECORDS-SYSTEM FUNCTIONAL MODEL, RELEASE 2 (EHR FM) (ISO 10781:2015)
ISO/TR 14292:2012 Health informatics Personal health records Definition, scope and context
ISO 13940:2015 Health informatics System of concepts to support continuity of care
ISO/HL7 10781:2015 Health Informatics — HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM)

ISO 17090-1:2013 Health informatics Public key infrastructure Part 1: Overview of digital certificate services
ISO/TS 22600-1:2006 Health informatics Privilege management and access control Part 1: Overview and policy management
ISO 22857:2013 Health informatics Guidelines on data protection to facilitate trans-border flows of personal health data
ISO/TS 18308:2004 Health informatics Requirements for an electronic health record architecture
EN 14822-2:2005 Health informatics - General purpose information components - Part 2: Non-clinical
ISO/TS 21091:2005 Health informatics Directory services for security, communications and identification of professionals and patients
ISO/TR 22221:2006 Health informatics - Good principles and practices for a clinical data warehouse
ISO 27789:2013 Health informatics Audit trails for electronic health records
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
EN 14484:2003 Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy
ENV 13608-2 : DRAFT 2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 2: SECURE DATA OBJECTS
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ENV 13608-3 : DRAFT 2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 3: SECURE DATA CHANNELS
ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
EN 14485:2003 Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive
ISO/TS 22600-3:2009 Health informatics Privilege management and access control Part 3: Implementations
ENV 13608-1:2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
ISO/TS 21298:2008 Health informatics Functional and structural roles
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

View more information
US$73.00
Excluding Tax where applicable

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.