1、 ISO 2012 Health informatics Personal health records Definition, scope and context Informatique de sant Dossiers de sant personnels Dfinition, domaine dapplication et contexte TECHNICAL REPORT ISO/TR 14292 First edition 2012-03-15 Reference number ISO/TR 14292:2012(E) ISO/TR 14292:2012(E) ii ISO 201
2、2 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from eithe
3、r ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ISO/TR 14292:2012(E) ISO 2012 All rights reserved iii C
4、ontents Page Foreword iv Introduction v 1 Scope 1 2 Terms and definitions . 1 3 Abbreviations . 5 4 Definition of a PHR 5 4.1 Definition . 5 4.2 Explanation of the definition 5 5 Scope of the PHR 6 5.1 PHR Dimension 1: Scope of the information . 6 5.2 PHR Dimension 2: Control over the information 7
5、5.3 PHR Dimension 3: Data processor . 7 5.4 PHR Dimension 4: Repository auditability . 8 5.5 PHR Dimension 5: Interoperability and communication 8 5.6 PHR Dimension 6: Technical architecture 9 6 Context of the PHR10 6.1 Origins 10 6.2 Engagement with healthcare services .10 Annex A (informative) Pub
6、lished definitions of the PHR .13 Annex B (informative) Relationship of this Technical Report to the HL7 PHR System Functional Model .18 Bibliography .20 ISO/TR 14292:2012(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
7、 member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, gover
8、nmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC D
9、irectives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member
10、bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish
11、 a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.
12、ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 14292 was prepared by Technical Committee ISO/TC 215, Health informatics. iv ISO 2012 All rights reserved ISO/TR 14292:2012(E) Introduction Personal health records (PHRs) are by their very nature hard to define.
13、In order to understand the breadth and depth of PHRs, it might be helpful to consider PHRs and clinical electronic health records (EHRs) as being positioned at two opposing ends of a spectrum of health records (see Figure 1). A PHR could be defined as the direct counterpoint to an EHR, but in practi
14、ce the lines of demarcation are most often not clear, nor desirable, except when viewed in terms of who has control over the health record and the content within it. While EHRs have traditionally been defined as “logical representations of information regarding, or relevant to, the health of a subje
15、ct of care”, they have existed primarily for the purposes of the healthcare organization providing care to an individual. Information from EHRs might be made available to the subject of care or his/her authorized representative, upon request to the clinician who is acting as a steward of the health
16、information. In some countries, this is supported by specific legislation. PHRs are also “logical representations of information regarding, or relevant to, the health of a subject”; however, in the strictest sense, these health records are primarily managed and controlled by the individual who is th
17、e subject of the record, or his/her authorized representative. The individual has rights over the clinical content held within a PHR, including the ability to delegate those rights to others, especially in the case of minors, the elderly or the disabled. The individual, or his/her authorized represe
18、ntative, is the key stakeholder, determining that the content of the PHR is relevant and appropriate. The simplest examples include self-contained mobile phone applications that track a personal diet or exercise history, which are controlled by the individual and accessed only by the individual him
19、or herself. Healthcare organizations and healthcare systems are accountable for the content of the EHRs they control. Individuals have autonomy over records they choose to keep. However, in between these two strict views of an EHR and a PHR is a continuum of person-centric health records, which migh
20、t have varying degrees of information sharing and/or shared control, access and participation by the individual and his/her healthcare professionals. Towards the EHR end of the spectrum, some EHRs provide viewing access or annotation by the individual to some or all of the clinicians EHR notes. Towa
21、rds the PHR end of the spectrum, some PHRs enable individuals to allow varying degrees of participation by authorized clinicians to their health information, from the simple viewing of data to the control of part or all of the PHR. Individual-controlled health record Healthcare provider- controlled
22、health record PHRE HR Information exchange or shared use, under mixed governance models Figure 1 The PHREHR spectrum In the middle of this continuum there exists a growing plethora of person-centric health records that operate under collaborative models, combining content from individuals and health
23、care professionals under agreed terms and conditions, depending on the purpose of the health record. Control of the record might be shared, or parts controlled primarily by either the individual or the healthcare professional with specified permissions being granted to the other party. For example,
24、a shared antenatal record might be either primarily a PHR, under the auspice of the individual, permitting authorized healthcare professionals to contribute content or directly edit part or all of the record itself, or it might be an extension of an organizations EHR, permitting the individual to vi
25、ew or directly contribute content to some or all of the record. The exact nature of the sharing of responsibilities and participations by each party needs to be specified in the terms and conditions (governance) of the health record. Health information with a PHR might be purely for use by the indiv
26、idual him or herself, or might be shared with healthcare professionals and others, such as family members. The inclusion of EHR extracts within a PHR, for example laboratory reports or discharge summaries, is a desired feature of a comprehensive PHR, but in order to preserve data integrity, the PHR
27、might only be annotated with comments by the individual and not edited. ISO 2012 All rights reserved v ISO/TR 14292:2012(E) Ownership of a shared PHR can be complicated, requiring differentiation between moral ownership of the health information content and technical/legal stewardship for storing an
28、d securing the data. Storage of health information upon a PHR platform that is managed by a third party requires a formal relationship between the two parties so that individuals can assert their rights and the third party can uphold their responsibilities. The content scope for a PHR varies accordi
29、ng to purpose and is broader than most conventional EHRs. In the maximal scope, a PHR might have a breadth that encompasses health, wellness, development, welfare and concerns, as well as a chronological depth that embraces history of past events, actions and services, tracking and monitoring of cur
30、rent health or activities, and goals and plans for the future. Some PHRs will have a very general summary focus; others might be activity-driven, e.g. a diabetes management record within a diabetes community portal or a personal fitness and exercise record. An individual might choose to have a singl
31、e summary PHR or several activity-driven PHRs, or a combination of both. vi ISO 2012 All rights reserved TECHNICAL REPORT ISO/TR 14292:2012(E) Health informatics Personal health records Definition, scope and context 1 Scope This Technical Report defines a personal health record (PHR). This definitio
32、n is intended to help clarify the kinds of records that should be called PHRs, in recognition of the lack of consistency in how this term is presently used. This Technical Report considers the PHR from the perspective of the personal information contained within it and the core services needed to ma
33、nage this information. A PHR is not a singular entity; the concept encompasses a spectrum of possible information repositories and services that meet different purposes consistent with the definition. This Technical Report therefore also discusses the scope of the PHR in terms of this spectrum as a
34、series of dimensions by which a PHR may be classified and equivalent PHR products compared. It also includes one dimension to classify the kinds of collaborative care PHRs provided by healthcare organizations. This Technical Report also considers the wider context of engagement of individuals in the
35、 management of their own health and healthcare, since this engagement is the primary driver for present-day growth of PHR systems and services internationally. This Technical Report includes: a definition of a PHR; a pragmatic multidimensional classification of PHRs; an overview of the possible ways
36、 in which the inclusion and engagement of individuals in managing their health and healthcare impacts on the potential roles of the PHR, including scenarios for collaborative care between individuals and healthcare organizations. The many kinds of end-user application that might be implemented and u
37、sed to deliver PHR system functionality are outside the scope of this Technical Report. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 access control means of ensuring that the resources of a data processing system can be accessed only by au
38、thorized entities in authorized ways ISO/IEC 2382-8:1998, definition 08.04.01 2.2 auditability property that ensures that any action of any security subject on any security object may be examined in order to establish the real operational responsibilities ISO/TS 13606-4:2009, definition 3.3 ISO 2012
39、 All rights reserved 1 ISO/TR 14292:2012(E) 2.3 audit trail chronological record of activities of information system users which enables prior states of the information to be faithfully reconstructed ISO 13606-1:2008, definition 3.9 2.4 authorization granting of privileges 2.5 care plan personalized
40、 statement of planned healthcare activities relating to one or more specified health issues NOTE Adapted from EN 13940-1:2007. 2.6 clinical information health information information about a person, relevant to his or her health or healthcare ISO 13606-1:2008, definition 3.13 2.7 concept unit of kno
41、wledge created by a unique combination of characteristics ISO 1087-1:2000, definition 3.2.1 2.8 confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes ISO 7498-2:1989, definition 3.3.16 2.9 data controller person who determine
42、s the purposes of the processing of personal data 2.10 data owner person having responsibility and authority for the data 2.11 data processing obtaining, recording or holding personal data NOTE This includes organising, adapting, altering, retrieving, consulting, using, disclosing, aligning, combini
43、ng, blocking, erasing or destroying. 2.12 data processor person who processes personal data on behalf of the data controller 2.13 data subject living individual who is the subject of personal data 2 ISO 2012 All rights reserved ISO/TR 14292:2012(E) 2.14 EHR electronic health record information relev
44、ant to the wellness, health and healthcare of an individual, in computer-processable form and represented according to a standardized information model ISO 18308: 2011, definition 3.20 2.15 electronic health record repository database in which EHR information is stored 2.16 electronic health record
45、system system for recording, retrieving and manipulating information in EHRs ISO 13606-1:2008, definition 3.26 2.17 entity concrete or abstract thing of interest, including associations among things NOTE Adapted from ISO/IEC 2382-17:1999, definition 17.02.05. 2.18 entry documentation of a discrete i
46、tem of health information NOTE An entry may, for example, represent the documentation of a clinical observation, an inference, an intention, a plan or an action. 2.19 health issue issue related to the health of a subject of care, as identified or stated by a specific health care party EN 13940-1:200
47、7 2.20 healthcare activities, services or supplies related to the health of an individual 2.21 healthcare service service provided with the intention of directly or indirectly improving the health of the subject(s) of care to which it is provided 2.22 healthcare organization organization undertaking
48、 the delivery of healthcare 2.23 healthcare professional person authorized by a jurisdictionally defined mechanism to be involved in the direct provision of certain healthcare activities NOTE Adapted from EN 13940-1:2007. 2.24 organization unique framework of authority within which a person or perso
49、ns act, or are designated to act, towards some purpose ISO 6523-1:1998, definition 3.1 ISO 2012 All rights reserved 3 ISO/TR 14292:2012(E) 2.25 party natural person or any other entity considered to have some of the rights, powers and duties of a natural person NOTE Adapted from ISO/IEC 15414:2006, definition 6.5.1. 2.26 persistent data data which are stored on a permanent basis ISO 13606-1:2008, definition 3.40 2.27 personal data data relating to an identified or identifiable natural person 2.28 personal h
