Health Level Seven International (HL7)

The HL7 Health Level Seven Version 3 (V3) standard focuses on interoperability of the health and medical transactions. It specifies how the information should be presented in a clinical context to ensure that the two parties of a transaction share the semantics of the data exchanged. The messaging standard defines a set of interactions, i.e. XML-based messages, to support all healthcare workflow. The Reference Information Model (ISO/HL7 21731) expresses the data content needed in a specific clinical or administrative context. The HL7 Development Framework (ISO/HL7 27931) specifies messaging, processes, tools, actors, rules, and artefacts relevant to development of all HL7 standard specifications for the development of an interoperable healthcare framework.

The security technical committee of HL7 has produced a set of guidelines for the security and privacy policy management, privilege management, access control and auditing. Some of these standards are: HL7 Healthcare Privacy and Security Classification System (HCS), Role-based Access Control Healthcare Permission Catalog (RBAC), HL7 Version 3 Standard: Privacy, Access and Security Services; Security Labeling Service (SLS), and the Privacy, Access and Security Services (PASS).

ISO 22857

ISO 22857 provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders. The standard does not require the harmonisation of the national legislations in terms of data protection and national guidelines to prevent threats to the privacy of the individual, i.e. ensure that medical data of a patient is adequately protected when transmitted and processed by another organisation. The goal is to ensure compliance to security policy principles of an organisation in the trans-national transfer of personal data.

ISO 27799

ISO 27799 provides guidance for the application and implementation of ISO/IEC 2700 for the health sector. The target is organisations holding or processing personal health information and the standard describes how these organisations should protect the information and maintain the confidentiality, integrity and availability of personal health information.

ISO/TR 21548

ISO/TR 21548 complementary Technical Report provides additional guidance for implementation of requirements defined in ISO/TS 21547. It discusses practical methods and tools for the development and management of digital archives that satisfy the security requirements.

ISO/TS 21547

ISO/TS 21547 discusses the security requirements for archiving of electronic health records in any format for the long term. This standard specification discusses the document management and privacy protection, rather than specific messages and protocols, and applies the same care for the management of Electronic Health Records (HERs) as in the paper form. Document management is intended as the practise to archive documents, which can be implemented as a separate independent archive or a federated one. HERs management includes maintenance, retention, disclosure and destruction. The standard also focuses on security requirements (integrity, confidentiality, availability and accountability) and privacy requirements to protect the patient records for their long-term digital preservation in digital archives.

​ISO 22600

ISO 22600 standard defines principles and specifies services needed for managing privileges and access control to data distributed across policy domain boundaries. It proposes a template for policy agreement for the different stakeholders of the healthcare information system, including patients and staff members, and defines how the communication should be managed. The policy agreement must include all the differences in the security systems of the stakeholders in different domain boundaries and the agreed solutions on how to overcome the differences.