International Organization for Standardization

Health informatics - Principles and data requirements for consent in the Collection, Use or Disclosure of personal health information - First Edition
 N TS 17975

Annotation

This Technical Specification defines the set of frameworks of consent for the Collection, Use and/or Disclosure of personal information by health care practitioners or organizations that are frequently used to obtain agreement to process the personal health information of subjects of care. This is in order to provide an Informational Consent framework which can be specified and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and the communication of electronic health records across organizational and jurisdictional boundaries.

The scope of application of this Technical Specification is limited to Personal Health Information (PHI) as defined in ISO 27799, "information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual. This information might include:

— information about the registration of the individual for the provision of health services;

— information about payments or eligibility for health care in respect to the individual;

— a number, symbol or particular code assigned to an individual to uniquely identify the individual for health purposes;

— any information about the individual that is collected in the course of the provision of health services to the individual;

— information derived from the testing or examination of a body part or bodily substance;