• Shopping Cart
    There are no items in your cart

PD CEN ISO/TS 14265:2013

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by

Health Informatics. Classification of purposes for processing personal health information

Available format(s)

Hardcopy , PDF

Superseded date

01-23-2024

Superseded by

PD CEN ISO/TS 14265:2024

Language(s)

English

Published date

03-31-2014

US$257.86
Excluding Tax where applicable

Foreword
0 Introduction
1 Scope
2 Terms and definitions
3 Abbreviated terms
4 Conformance
5 Context
6 Terminology for classifying purposes for processing
  personal health information
Annex A (informative) - Examples
Bibliography

Describes a set of high-level categories of purposes for which personal health information can be processed, i.e. collected, used, stored, accessed, analysed, created, linked, communicated, disclosed or retained.

Committee
IST/35
DevelopmentNote
Renumbers and supersedes DD ISO/TS 14265. 2013 Version incorporates corrigendum to DD ISO/TS 14265. (03/2014)
DocumentType
Standard
Pages
26
PublisherName
British Standards Institution
Status
Superseded
SupersededBy
Supersedes

This Technical Specification defines a set of high-level categories of purposes for which personal health information can be processed, i.e. collected, used, stored, accessed, analysed, created, linked, communicated, disclosed or retained. This is in order to provide a framework for classifying the various specific purposes that can be defined and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and for the communication of electronic health records across organizational and jurisdictional boundaries.

The scope of application of this Technical Specification is limited to Personal Health Information (PHI) as defined in ISO 27799, information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual. This information might include:

  • information about the registration of the individual for the provision of health services;

  • information about payments or eligibility for heath care in respect to the individual;

  • a number, symbol or particular code assigned to an individual to uniquely identify the individual for health purposes;

  • any information about the individual that is collected in the course of the provision of health services to the individual;

  • information derived from the testing or examination of a body part or bodily substance;

  • identification of a person, e.g. a health professional, as a provider of healthcare to the individual.

This Technical Specification, while not defining an exhaustive set of such purposes, provides a common mapping target to bridge between differing national lists, thereby supporting authorized automated cross-border flows of EHR data.

This Technical Specification is not intended to control the use of non-personal health information. However, because anonymization or de-identification of data might be a condition of further use or new uses, a defined data purpose might be a requirement for the use of even de-identified or anonymized data according to the policy or law of a given jurisdiction.

Health data that have been irreversibly de-identified are not formally in the scope of this Technical Specification. Since de-identification processes often include some degree of reversibility, however, this Technical Specification can also be used for disclosures of de-identified health data whenever practicable.

Standards Relationship
CEN ISO/TS 14265:2013 Identical
ISO/TS 14265:2011 Identical

ISO/TS 25237:2008 Health informatics Pseudonymization
ISO/TS 22600-1:2006 Health informatics Privilege management and access control Part 1: Overview and policy management
ISO 18308:2011 Health informatics — Requirements for an electronic health record architecture
ISO 13606-1:2008 Health informatics Electronic health record communication Part 1: Reference model
ISO/IEC 10181-3:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
ISO/TS 13606-4:2009 Health informatics Electronic health record communication Part 4: Security
ISO/TS 21298:2008 Health informatics Functional and structural roles
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.