1、 Reference number ISO/TR 18307:2001(E) ISO 2001TECHNICAL REPORT ISO/TR 18307 First edition 2001-12-15 Health informatics Interoperability and compatibility in messaging and communication standards Key characteristics Informatique de sant Interoperabilit et compatibilit avec les normes de messagerie
2、et de communication Caractristiques ISO/TR 18307:2001(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the co
3、mputer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to cr
4、eate this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform t
5、he Central Secretariat at the address given below. ISO 2001 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from eithe
6、r ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Printed in Switzerland ii ISO 2001 All rights reservedISO/TR 18307:2001(E) ISO 200
7、1 All rights reserved iiiContents Page Forewordv 1 Scope 1 2 References .1 3 Terms and definitions .1 4 Abbreviated terms .21 5 Trust Constituency23 6 Principles and objectives24 6.1 Ensured Trust 24 6.2 Trust Constituency25 6.3 Health record rights.25 6.4 Health record obligations .26 6.5 Health re
8、cord composition .26 6.6 Healthcare parties and their accountable actions .27 6.7 Healthcare agents and their accountable actions27 6.8 Scope of accountability, Unit of accountability .27 6.9 Authentication28 6.10 Auditability .28 6.11 Chain of trust .28 6.12 Faithfulness, permanence, persistence an
9、d indelibility28 6.13 Data definition, Data registry28 6.14 Data integrity29 6.15 Completeness and continuity 29 7 Key characteristics (KC) .29 7.1 Identifiable information.29 7.2 Architectural basis 30 7.3 Master files .33 7.4 Master registries 37 7.5 Electronic records .40 7.6 Record chronology, c
10、ontinuity, completeness 42 7.7 Authentication, non-repudiation services.43 7.8 Digital signature, Public key infrastructure 44 7.9 Audit44 7.10 Permanence, persistence, indelibility .45 7.11 On-Line Transaction Processing (OLTP) 45 7.12 On-Line Analytical Processing (OLAP) .46 7.13 Fault tolerance .
11、46 7.14 Data synchrony46 7.15 Time synchrony .47 7.16 Trusted end-to-end information flows.47 7.17 Disclosure, Export.49 7.18 Prospective services.50 7.19 Work flow52 7.20 Concurrent status, Records .53 7.21 Retrospective status, Records.54 7.22 Personal healthcare professional services.54 7.23 Data
12、 integrity55 7.24 Protocols: Care plans, Critical paths.56 7.25 Problem lists 56 7.26 Decision support .56 ISO/TR 18307:2001(E) iv ISO 2001 All rights reserved7.27 Surveillance, Metrics and Analysis57 7.28 Communications infrastructure .58 7.29 Multiple person linkage.58 7.30 Healthcare professional
13、 Subject of care linkage.59 7.31 Localization, Local authority 59 7.32 User environments 60 7.33 Version management 60 7.34 Inter-application interoperability60 7.35 Change scale (Scalability) 62 7.36 Validation62 8 Principles and objectives enabled by key characteristics 63 Annex A Exercise to vali
14、date the key characteristics set out in this technical report69 Annex B RM-ODP viewpoints 89 Annex C RM-ODP enterprise viewpoint90 Annex D RC-ODP architecture Enterprise language91 Bibliography 92 ISO/TR 18307:2001(E) ISO 2001 All rights reserved vForeword ISO (the International Organization for Sta
15、ndardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the righ
16、t to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International
17、Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an
18、 International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may
19、 decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that so
20、me of the elements of this Technical Report may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 18307 was prepared by Technical Committee ISO/TC 215, Health informatics. TECHNICAL REPORT ISO/TR 18307:2001(E) ISO 2001 All rights
21、 reserved 1Health informatics Interoperability and compatibility in messaging and communication standards Key characteristics 1 Scope This Technical Report describes a set of key characteristics to achieve interoperability and compatibility in trusted health information interchange between communica
22、nt application systems. The key characteristics describe inter-application interoperability needs of the healthcare community, in particular the subject of care, the healthcare professional/caregiver, the healthcare provider organization, its business units and the integrated delivery network. The k
23、ey characteristics offer criteria for standards developers and implementers of standards for messaging and communications in the healthcare domain and provide a guide for software developers and vendors, healthcare providers and end users. 2 References ISO/IEC Guide:1996, Guide 2: definition 3.2 ISO
24、 2382-4, Information technology Vocabulary Part 4: Organization of data ISO 6523-1:1998, Information technology Structure for the identification of organizations and organization parts Part 1: Identification of organization identification schemes ISO 7498-2:1989, Information processing systems Open
25、Systems Interconnection Basic Reference Model Part 2: Security Architecture ISO/IEC 10746-2:1996, Information technology Open Distributed Processing Reference Model: Foundations ISO/IEC 10746-3:1996, Information technology Open Distributed Processing Reference Model: Architecture ISO/IEC 10746-4:199
26、8, Information technology Open Distributed Processing Reference Model: Architectural Semantics ISO/IEC 15408-1:1999, Information technology Security techniques Evaluation criteria for IT security Part 1: Introduction and general model 3 Terms and definitions 3.1 access ability or the means necessary
27、 to read, write, modify, or communicate data/information or otherwise make use of any system resource HIPAA ISO/TR 18307:2001(E) 2 ISO 2001 All rights reservedprovision of an opportunity to approach, inspect, review, make use of data or information CPRI specific type of interaction between a subject
28、 and an object that results in the flow of information from one to the other GCST 3.2 access control means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways ISO/IEC 2382-8 prevention of an unauthorized use of a resource, includi
29、ng the prevention of use of a resource in an unauthorized manner ISO 7498-2 policies and procedures preventing access by those who are not authorized to have it IOM 3.3 access level level associated with an individual who may be accessing information (e.g. a clearance level), the information which m
30、ay be accessed (e.g. a classification level) HIPAA 3.4 accountability property that ensures that the actions of an entity can be traced uniquely to the entity ISO 7498-2 concept that individual persons or entities can be held responsible for specified actions NRC obligation to disclose periodically,
31、 in adequate detail and consistent form, to all directly and indirectly responsible or properly interested parties, the purposes, principles, procedures, relationships, results, incomes and expenditures involved in any activity, enterprise, or assignment so that they can be evaluated by the interest
32、ed parties JCAHO 3.5 actor with respect to an action an enterprise object (or entity) that participates in the action ISO/IEC 15414 3.6 agent enterprise object (or entity) that has been delegated (authority, a function, etc.) by and acts for another (in exercising the authority, performing the funct
33、ion, etc.) ISO/IEC 15414 ISO/TR 18307:2001(E) ISO 2001 All rights reserved 33.7 aggregate aggregation to combine standardized data and information JCAHO 3.8 algorithm algorithmic series of steps for addressing a specific issue JCAHO 3.9 application identifiable computer running a software process NO
34、TE 1 In this context, it may be any software process used in healthcare information systems including those without any direct role in treatment or diagnosis. NOTE 2 In some jurisdictions, including software processes may be regulated medical devices. 3.10 architecture set of principles on which the
35、 logical structure and interrelationships to an organization and business context are based NOTE Software architecture is the result of software design activity. 3.11 archived (records) archival (records) healthcare data saved for later reference or use, possibly off-line COACH 3.12 assurance ground
36、s for confidence, surety, certitude grounds for confidence that an entity meets its security objectives ISO/IEC 15408:1999 development, documentation, testing, procedural and operational activities carried out to ensure a systems security services do in fact provide the claimed level of protection O
37、MG 97 3.13 asymmetric cryptographic algorithm algorithm for performing encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ ISO 10181-1 3.14 audit control mechanisms employed to record and examine system activity HIPAA ISO/TR 18307:2001(E) 4
38、ISO 2001 All rights reserved3.15 audit trail record of the resources which were accessed and/or used by whom ISO 7498-2 documentary evidence of monitoring each operation (of healthcare parties) on health information NRC chronological record of system activities that is sufficient to enable the recon
39、struction, reviewing and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results GCST 3.16 authentication of health record entries process used to verify that an entry is complete
40、, accurate and final JCAHO 3.17 authentication providing assurance regarding the identity of a subject (author) or object (information) ASTM E1762 3.18 authentication (data) verification of the integrity of data that have been stored, transmitted or otherwise exposed to possible unauthorized modific
41、ation GCST 3.19 authentication (data source) corroboration that the source of data received is as claimed ISO 7498-2 3.20 authentication (user) provision of assurance of the claimed identity of an entity ISO/IEC 10181-2 3.21 authorize authorization granting of rights, which includes granting of acce
42、ss based on access rights ISO 7498-2 prescription that a particular behaviour must not be prevented ISO/IEC 15414 3.22 authorized user user who may, in accordance with the Security Policy, perform an operation ISO/IEC 15408:1999 ISO/TR 18307:2001(E) ISO 2001 All rights reserved 53.23 availability pr
43、operty of being accessible and useable upon demand by an authorized entity ISO 7498-2 prevention of the unauthorized withholding of information or resources ITSEC 3.24 biometric biometrics use of specific attributes that reflect unique personal characteristics, such as a fingerprint, an eye blood-ve
44、ssel print, or a voice print, to validate the identity of entities ISO/IEC 2382-08 3.25 business unit discrete and accountable function or sub-function within an organization NOTE For example, a business unit includes a department, service or speciality of a healthcare provider organization. 3.26 ca
45、re provision of accommodations, comfort and treatment to an individual subject of care (patient), also implying responsibility for safety JCAHO 3.27 caregiver cf. healthcare professional (3.76) 3.28 care plan cf. critical path (3.47) 3.29 certificate public key certificate user certificate public ke
46、ys of a user, together with some other information, rendered unforgeable by encipherment with the private key of the certification authority which issued it ISO 9594-8 agreement that binds a users name to a public key, signed by a trusted issuer NRC NOTE A framework for the use of public key certifi
47、cates is defined in CCITT Standard X.509. 3.30 certificate policy named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements X.509 ISO/TR 18307:2001(E) 6 ISO 2001 All rights reserved3.31 certification p
48、rocedure by which a third party gives assurance that all or part of a data processing system conforms to security requirements ISO/IEC 2382-08 administrative act of approving a system for use in a particular application NRC 3.32 certification authority CA certificate issuer authority trusted by one
49、or more relying parties to create and assign certificates ISO 9594-8 NOTE Optionally the certification authority may create the relying parties keys. 3.33 ciphertext data produced through the use of encipherment; the semantic content of the resulting content is not available ISO 7498-2 3.34 classification level security level of information NSC 3.35 clearance level permission granted to an individual to a
