Health informatics - Information security management in health using ISO/IEC 27002 (ISO 27799:2016)

This Technical Specification examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. Hardware and process controls are out of the scope. This Technical Specification addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment. ISO/IEC 15408 (all parts) defines “targets of evaluation” for security evaluation of IT products. This Technical Specification includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts). The point-of-service (POS) clinical software is typically part of a larger system, for example, running on top of an operating system, so it must work in concert with other components to provide proper security and privacy. While a Protection Profile (PP) includes requirements for component security functions to support system security services, it does not specify protocols or standards for conformity assessment, and does not address privacy requirements.This Technical Specification focuses on two main topics: a) Security and privacy requirements (Clause 5). Clause 5 is technical and provides a comprehensive set of 82 requirements necessary to protect (information, patients) against the main categories of risks, addressing the broad scope of security and privacy concerns for point of care, interoperable clinical (electronic patient record) systems. These requirements are suitable for conformity assessment purposes. b) Best practice and guidance for establishing and maintaining conformity assessment programs (Clause 6). Clause 6 provides an overview of conformity assessment concepts and processes that can be used by governments, local authorities, professional associations, software developers, health informatics societies, patients’ representatives and others, to improve conformity with health software security and privacy requirements. Annex A provides complementary information useful to countries in designing conformity assessment programs such as further material on conformity assessment business models, processes and other considerations, along with illustrative examples of conformity assessment activities in four countries. Policies that apply to a local, regional or national implementation environment, and procedural, administrative or physical (including hardware) aspects of privacy and security management are outside the scope of this Technical Specification. Security management is included in the scope of ISO 27799.

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. ISO 25237:2017 - defines one basic concept for pseudonymization (see Clause 5), - defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6), - specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7), - gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A), - gives a guide to risk assessment for re-identification (see Annex B), - provides an example of a system that uses de-identification (see Annex C), - provides informative requirements to an interoperability to pseudonymization services (see Annex D), and - specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).

ISO 11616:2017 is intended to provide specific levels of information relevant to the identification of a Medicinal Product or group of Medicinal Products. It defines the data elements, structures and relationships between data elements that are required for the exchange of regulated information, in order to uniquely identify pharmaceutical products. This identification is to be applied throughout the product lifecycle to support pharmacovigilance, regulatory and other activities worldwide. In addition, ISO 11616:2017 is essential to ensure that pharmaceutical product information is assembled in a structured format with transmission between a diverse set of stakeholders for both regulatory and clinical (e.g. e-prescribing, clinical decision support) purposes. This ensures interoperability and compatibility for both the sender and the recipient. ISO 11616:2017 is not intended to be a scientific classification for pharmaceutical products. Rather, it is a formal association of particular data elements categorised in prescribed combinations and uniquely identified when levelling degrees of information are incomplete. This allows for Medicinal Products to be unequivocally identified on a global level.

This document provides an information model to define and identify substances within medicinal products or substances used for medicinal purposes, including dietary supplements, foods and cosmetics. The information model can be used in the human and veterinary domain since the principles are transferrable. Other standards and external terminological resources are referenced that are applicable to this document.