BS ISO 22857:2013:2014 Edition

$198.66

Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data

Published By	Publication Date	Number of Pages
BSI	2014	70

Guaranteed Safe Checkout

Categories: 35.240.80 - IT applications in health care technology, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.

It does not require the harmonization of existing national or jurisdictional standards, legislation or regulations. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles.

This International Standard covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles.

Where a multilateral treaty between a number of countries has been agreed (e.g. the EU Data Protection Directive), the terms of that treaty will take precedence.

This International Standard aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country/jurisdiction.

This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application, legal advice appropriate to that application can be sought.

National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries/jurisdictions may have some more stringent and particular requirements.

PDF Catalog

PDF Pages	PDF Title
7	Foreword
8	Introduction
11	Section sec_1 Section sec_2 Section sec_3 Section sec_3.1 Section sec_3.2 1 Scope 2 Normative references 3 Terms and definitions
12	Section sec_3.3 Section sec_3.4 Section sec_3.5 Section sec_3.6 Section sec_3.7 Section sec_3.8 Section sec_3.9 Section sec_3.10 Section sec_3.11 Section sec_3.12 Section sec_3.13 Section sec_3.14 Section sec_3.15
13	Section sec_3.16 Section sec_4 Section sec_5 Section sec_6 Section sec_6.1 4 Abbreviated terms 5 Structure of this International Standard 6 General principles and roles 6.1 General principles
14	Section sec_6.2 Section sec_6.2.1 Section sec_6.2.2 Section sec_7 Section sec_7.1 6.2 Roles 7 Legitimising data transfer 7.1 The concept of “adequate” data protection
15	Section sec_7.2 Section sec_7.2.1 Section sec_7.2.2 7.2 Conditions for legitimate transfer
16	Section sec_8 Section sec_8.1 Section sec_8.2 Section sec_8.2.1 Section sec_8.2.2 8 Criteria for ensuring adequate data protection with respect to the transfer of personal health data 8.1 The requirement for adequate data protection 8.2 Content principles
17	Section sec_8.2.3 Section sec_8.2.4 Section sec_8.2.5
18	Section sec_8.2.6 Section sec_8.2.7 Section sec_8.2.8
19	Section sec_8.3 Section sec_8.3.1 Section sec_8.3.2 8.3 Procedural/enforcement mechanisms
20	Section sec_8.3.3 Section sec_8.3.4 Section sec_8.4 8.4 Contracts
21	Section sec_8.5 Section sec_8.6 Section sec_8.6.1 Section sec_8.6.2 8.5 Overriding laws 8.6 Anonymisation
22	Section sec_8.7 Section sec_9 Section sec_9.1 Section sec_9.2 8.7 Legitimacy of consent 9 Security policy 9.1 General 9.2 The purpose of the security policy
23	Section sec_9.3 Section sec_9.4 Section sec_9.4.1 Figure fig_1 Section sec_9.4.2 9.3 The “level” of security policy 9.4 High Level Security Policy: general aspects
24	Section sec_9.4.3 Section sec_9.4.4 Section sec_9.4.5 Section sec_9.4.6 Section sec_10 Section sec_10.1 Section sec_10.1.1 Section sec_10.1.2 10 High Level Security Policy: the content 10.1 Principle One: overriding generic principle
25	Section sec_10.1.3 Section sec_10.1.4 Section sec_10.1.5 Section sec_10.2 Section sec_10.2.1 Section sec_10.2.2 Section sec_10.2.3 Section sec_10.2.4 Section sec_10.2.5 Section sec_10.2.6 10.2 Principle Two: chief executive support
26	Section sec_10.3 Section sec_10.3.1 Section sec_10.3.2 Section sec_10.3.3 Section sec_10.3.4 Section sec_10.4 Section sec_10.4.1 Section sec_10.4.2 Section sec_10.4.3 Section sec_10.4.4 Section sec_10.4.5 10.3 Principle Three: documentation of measures and review 10.4 Principle Four: Data protection security officer
27	Section sec_10.4.6 Section sec_10.5 Section sec_10.5.1 Section sec_10.5.2 Section sec_10.5.3 Section sec_10.5.4 Section sec_10.5.5 Section sec_10.5.6 10.5 Principle Five: permission to process
28	Section sec_10.5.7 Section sec_10.6 Section sec_10.6.1 Section sec_10.6.2 Section sec_10.6.3 Section sec_10.6.4 Section sec_10.6.5 Section sec_10.6.6 Section sec_10.6.7 Section sec_10.6.8 10.6 Principle Six: information about processing
29	Section sec_10.6.9 Section sec_10.6.10 Section sec_10.6.11 Section sec_10.6.12 Section sec_10.6.13
30	Section sec_10.6.14 Section sec_10.7 Section sec_10.7.1 Section sec_10.7.2 Section sec_10.7.3 Section sec_10.8 Section sec_10.8.1 Section sec_10.8.2 Section sec_10.8.3 Section sec_10.8.4 10.7 Principle Seven: information for the data subject 10.8 Principle Eight: prohibition of onward data transfer without consent
31	Section sec_10.8.5 Section sec_10.8.6 Section sec_10.9 Section sec_10.9.1 Section sec_10.9.2 Section sec_10.9.3 Section sec_10.9.4 Section sec_10.9.5 10.9 Principle Nine: remedies and compensation
32	Section sec_10.10 Section sec_10.10.1 Section sec_10.10.2 Section sec_10.10.3 Section sec_10.10.4 Section sec_10.10.5 Section sec_10.10.6 Section sec_10.10.7 Section sec_10.10.8 Section sec_10.10.9 Section sec_10.10.10 10.10 Principle Ten: security of processing
33	Section sec_10.10.11 Section sec_10.10.12 Section sec_10.10.13 Section sec_10.10.14 Section sec_10.11 Section sec_10.11.1 Section sec_10.11.2 Section sec_10.11.3 Section sec_10.11.4 Section sec_10.11.5 Section sec_10.11.6 10.11 Principle Eleven: responsibilities of staff and other contractors
34	Section sec_11 Section sec_11.1 Section sec_11.2 Section sec_11.3 11 Rationale and observations on measures to support Principle Ten concerning security of processing 11.1 General 11.2 Encryption and digital signatures for transmission to the data importer 11.3 Access controls and user authentication
35	Section sec_11.4 Section sec_11.5 Section sec_11.6 Section sec_11.7 Section sec_11.8 Section sec_11.9 11.4 Audit trails 11.5 Physical and environmental security 11.6 Application management and network management 11.7 Malicious software 11.8 Breaches of security 11.9 Business continuity plan
36	Section sec_11.10 Section sec_11.11 Section sec_12 11.10 Handling very sensitive data 11.11 Standards 12 Personal health data in non-electronic form
37	Annex sec_A Annex sec_A.1 Annex sec_A.1.1 Annex sec_A.1.2 Annex sec_A.1.3 Annex sec_A.1.4 Annex A (informative) Key primary international documents on data protection
38	Annex sec_A.1.5 Annex sec_A.1.6
39	Annex sec_A.1.7 Annex sec_A.1.8 Annex sec_A.1.9 Annex sec_A.2
40	Annex sec_A.3
41	Annex sec_A.4 Annex sec_A.4.1 Annex sec_A.4.2 Annex sec_A.4.3
42	Annex sec_B Annex sec_B.1 Annex sec_B.2 Annex B (informative) National documented requirements and legal provisions in a range of countries
44	Annex sec_B.3
45	Annex sec_B.4 Annex sec_B.5 Annex sec_B.6
46	Annex sec_B.7
47	Annex sec_C Annex sec_C.1 Annex sec_C.2 Annex sec_C.3 Annex sec_C.4 Annex C (informative) Exemplar contract clauses: Controller to controller
54	Annex sec_D Annex sec_D.1 Annex sec_D.2 Annex sec_D.3 Annex D (informative) Exemplar contract clauses: Controller to processor
55	Annex sec_D.4
63	Annex sec_E Annex sec_E.1 Annex sec_E.2 Annex sec_E.3 Annex E (informative) Handling very sensitive personal health data
64	Annex sec_E.4 Annex sec_E.5 Annex sec_E.6 Annex sec_E.7
65	Reference ref_1 Reference ref_2 Reference ref_3 Reference ref_4 Reference ref_5 Reference ref_6 Reference ref_7 Reference ref_8 Reference ref_9 Reference ref_10 Reference ref_11 Reference ref_12 Reference ref_13 Reference ref_14 Reference ref_15 Reference ref_16 Reference ref_17 Reference ref_18 Bibliography
66	Reference ref_19 Reference ref_20 Reference ref_21 Reference ref_22 Reference ref_23 Reference ref_24 Reference ref_25

Additional information

Status	Confirmed
Pages	70
Publication Date	2014-02-28
ISBN	978 0 580 65294 3
Standard Number	BS ISO 22857:2013
Title	Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data
Identical National Standard Of	ISO 22857:2013
Replaces	BS ISO 22857:2004
Descriptors	Data transfer, Medical technology, Data security, Health services, Legislation, Personal health, Information handling, National organizations, Information exchange, Electronic data interchange, Data processing
Publisher	BSI
Committee	IST/35
ICS Codes	35.240.80 - IT applications in health care technology

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS ISO 22857:2013:2014 Edition

PDF Catalog

Related products