ISO/TS 13606-4:2009
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Health informatics Electronic health record communication Part 4: Security
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
09-03-2022
English
16-09-2009
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
0 Introduction
0.1 Challenge addressed by this part of ISO 13606
0.2 Communication scenarios
0.3 Requirements and technical approach
0.4 Generic EHR access policy model
0.5 Audit log interoperability
0.6 Relationship to ENV 13606-3
1 Scope
2 Conformance
3 Terms and definitions
4 Abbreviations
5 Record component sensitivity and functional roles
5.1 RECORD_COMPONENT sensitivity
5.2 Functional roles
5.3 Mapping of functional role to RECORD_COMPONENT sensitivity
6 Representing access policy information within an EHR_EXTRACT
6.1 General
6.2 Archetype of the Access policy COMPOSITION
6.3 ADL representation of the archetype of the access
policy COMPOSITION
6.4 UML representation of the archetype of the access
policy COMPOSITION
7 Representation of audit log information -
EHR_AUDIT_LOG_EXTRACT model
Annex A (informative) - Illustrative access control example
Annex B (informative) - Relationship of this part of ISO 13606
to ENV 13606-3:2000
Bibliography
ISO/TS 13606-4:2009 describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in ISO 136061.
ISO/TS 13606-4:2009 seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.
| DevelopmentNote |
DRAFT ISO/DIS 13606-4 is also available for this standard. (02/2017)
|
| DocumentType |
Technical Specification
|
| Pages |
30
|
| PublisherName |
International Organization for Standardization
|
| Status |
Withdrawn
|
| SupersededBy |
| Standards | Relationship |
| NEN NPR ISO/TS 13606-4 : 2009 | Identical |
| DIN EN ISO 22600-3:2015-02 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014) |
| UNI EN ISO 22600-3 : 2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS |
| DD ISO/TS 14265 : 2011 | HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION |
| S.R. CEN ISO/TS 14441:2013 | HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF EHR SYSTEMS FOR USE IN CONFORMITY ASSESSMENT (ISO/TS 14441:2013) |
| ISO 18308:2011 | Health informatics — Requirements for an electronic health record architecture |
| CEN ISO/TS 14265:2013 | Health Informatics - Classification of purposes for processing personal health information (ISO/TS 14265:2011) |
| 10/30231940 DC : 0 | BS EN ISO 12967-1 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT |
| BS EN ISO 12967-3:2011 | Health informatics. Service architecture Computational viewpoint |
| BS ISO 18308:2011 | Health informatics. Requirements for an electronic health record architecture |
| BS EN ISO 13940:2016 | Health informatics. System of concepts to support continuity of care |
| PD ISO/TS 17975:2015 | Health informatics. Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information |
| 10/30156465 DC : DRAFT DEC 2010 | BS EN ISO 27789 - HEALTH INFORMATICS - AUDIT TRAILS FOR ELECTRONIC HEALTH RECORDS |
| PD ISO/TR 14292:2012 | Health informatics. Personal health records. Definition, scope and context |
| I.S. EN ISO 12967-1:2011 | HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT |
| ISO/TS 17975:2015 | Health informatics — Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information |
| UNI CEN ISO/TS 14441 : 2014 | HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF HER SYSTEMS FOR USE IN CONFORMITY ASSESSMENT |
| EN ISO 12967-3:2011 | Health informatics - Service architecture - Part 3: Computational viewpoint (ISO 12967-3:2009) |
| PD CEN ISO/TS 14265:2013 | Health Informatics. Classification of purposes for processing personal health information |
| 10/30231948 DC : 0 | BS EN ISO 12967-3 - HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT |
| DD ISO/TS 22600-3:2009 | Health informatics. Privilege management and access control Implementations |
| BS EN ISO 10781:2015 | Health Informatics. HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM) |
| I.S. EN ISO 13940:2016 | HEALTH INFORMATICS - SYSTEM OF CONCEPTS TO SUPPORT CONTINUITY OF CARE (ISO 13940:2015) |
| S.R. CEN ISO/TS 14265:2013 | HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION (ISO/TS 14265:2011) |
| UNI EN ISO 12967-1 : 2011 | HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 1: ENTERPRISE VIEWPOINT |
| UNI CEN ISO/TS 14265 : 2013 | HEALTH INFORMATICS - CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION |
| ISO/TR 17522:2015 | Health informatics Provisions for health applications on mobile/smart devices |
| EN ISO 22600-3:2014 | Health informatics - Privilege management and access control - Part 3: Implementations (ISO 22600-3:2014) |
| PD IEC/TR 80001-2-2:2012 | Application of risk management for IT-networks incorporating medical devices Guidance for the disclosure and communication of medical device security needs, risks and controls |
| I.S. EN ISO 12967-3:2011 | HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT |
| ISO/TS 22600-3:2009 | Health informatics Privilege management and access control Part 3: Implementations |
| IEC TR 80001-2-2:2012 | Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls |
| ISO 12967-3:2009 | Health informatics Service architecture Part 3: Computational viewpoint |
| ISO/TS 14265:2011 | Health Informatics - Classification of purposes for processing personal health information |
| ISO/TS 14441:2013 | Health informatics — Security and privacy requirements of EHR systems for use in conformity assessment |
| ISO 22600-3:2014 | Health informatics Privilege management and access control Part 3: Implementations |
| EN ISO 10781:2015 | Health Informatics - HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM) (ISO 10781:2015) |
| EN ISO 13940:2016 | Health informatics - System of concepts to support continuity of care (ISO 13940:2015) |
| AAMI IEC TIR 80001-2-2 : 2012 | APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-2: GUIDANCE FOR THE DISCLOSURE AND COMMUNICATION OF MEDICAL DEVICE SECURITY NEEDS, RISKS AND CONTROLS |
| UNE-EN ISO 13940:2016 | Health informatics - System of concepts to support continuity of care (ISO 13940:2015) |
| PD ISO/TR 14639-2:2014 | Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model |
| PD CEN ISO/TS 14441:2013 | Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment |
| BS EN ISO 22600-3:2014 | Health informatics. Privilege management and access control Implementations |
| PD ISO/TR 17522:2015 | Health informatics. Provisions for health applications on mobile/smart devices |
| I.S. EN ISO 22600-3:2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014) |
| UNI EN ISO 12967-3 : 2011 | HEALTH INFORMATICS - SERVICE ARCHITECTURE - PART 3: COMPUTATIONAL VIEWPOINT |
| I.S. EN ISO 10781:2015 | HEALTH INFORMATICS - HL7 ELECTRONIC HEALTH RECORDS-SYSTEM FUNCTIONAL MODEL, RELEASE 2 (EHR FM) (ISO 10781:2015) |
| ISO/TR 14292:2012 | Health informatics Personal health records Definition, scope and context |
| ISO 13940:2015 | Health informatics — System of concepts to support continuity of care |
| ISO/HL7 10781:2015 | Health Informatics — HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM) |
| ISO 17090-1:2013 | Health informatics Public key infrastructure Part 1: Overview of digital certificate services |
| ISO/TS 22600-1:2006 | Health informatics Privilege management and access control Part 1: Overview and policy management |
| ISO 22857:2013 | Health informatics — Guidelines on data protection to facilitate trans-border flows of personal health data |
| ISO/TS 18308:2004 | Health informatics Requirements for an electronic health record architecture |
| EN 14822-2:2005 | Health informatics - General purpose information components - Part 2: Non-clinical |
| ISO/TS 21091:2005 | Health informatics Directory services for security, communications and identification of professionals and patients |
| ISO/TR 22221:2006 | Health informatics - Good principles and practices for a clinical data warehouse |
| ISO 27789:2013 | Health informatics Audit trails for electronic health records |
| ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
| EN 14484:2003 | Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy |
| ENV 13608-2:2000 | Health informatics - Security for healthcare communication - Part 2: Secure data objects |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ENV 13608-3:2000 | Health informatics - Security for healthcare communication - Part 3: Secure data channels |
| ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
| ISO/TS 22600-2:2006 | Health informatics Privilege management and access control Part 2: Formal models |
| EN 14485:2003 | Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive |
| ISO/TS 22600-3:2009 | Health informatics Privilege management and access control Part 3: Implementations |
| ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
| ISO/TS 21298:2008 | Health informatics Functional and structural roles |
| ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.