BS-ISO-22857-2004.pdf
《BS-ISO-22857-2004.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-22857-2004.pdf(72页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO 22857:2004 Health informatics Guidelines on data protection to facilitate trans-border flows of personal health information ICS 35.240.80 ? Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO 22857:2004 This Britis
2、h Standard was published under the authority of the Standards Policy and Strategy Committee on 7 March 2005 BSI 7 March 2005 ISBN 0 580 45580 7 National foreword This British Standard reproduces verbatim ISO 22857:2004 and implements it as the UK national standard. The UK participation in its prepar
3、ation was entrusted to Technical Committee IST/35, Health informatics, which has the responsibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in
4、this document may be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a
5、contract. Users are responsible for its correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposa
6、ls for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO title page, pages ii to viii, pages 1 to 60, an inside back cover and a bac
7、k cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. DateComments Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO 22857:20
8、04(E) OSI 4002 INTERNATIONAL STANDARD ISO 22857 First edition 2004-04-01 Health informatics Guidelines on data protection to facilitate trans-border flows of personal health information Informatique de sant Lignes directrices sur la protection des donnes pour faciliter les flux dinformation sur la s
9、ant du personnel de part et dautre des frontires BS ISO 22857:2004 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS:75822 O4002(E) DPlcsid Fremia ihTs PDF file may ctnoian emdebt dedyfepcaes. In ccaocnadrw eith Aebods licensilop gnic,y thi
10、s file mairp eb ynted iv roweb detu slahl ton ide ebtlnu deess the typefaces whice era hml era deddebicsnede to i dnanstlaled t noeh computfrep reormign tide ehtin.g In wodlnidaot gnhis file, trapise atpecc tiereht nser ehnopsiiblity fo not infriigngn Aebods licensilop gnic.y ehT ISO tneClar Secrtei
11、raat caceptl on siibality in this .aera Ai ebods a tredamafo kr Aebod SystemI sncotaropr.de teDails fo teh softwacudorp erts sut deo crtaee this PDF file cna f ebi dnuon tlareneG eh Info leratit evo the file; tP ehDc-Frtaeion marapterew setpo erimizde for irpnti.gn Evyre caer neeb sah taken to sneer
12、u that the file is suitlbae fosu re yb ISO memdob rebeis. In tlnu ehikletneve y ttah lborp aem leratit gno it is f,dnuo plsaee inform ttneC ehlar Secrteiraat ta the serddaig sleb nevwo. ISO 4002 All irthgs erse.devr lnUeto sswrehise specified, on trap fo this lbupictaion maeb y cudorperro de tuilizi
13、 den yna form ro na ybm ynae,s lecetrinoc ro mecinahcal, inclidung tohpcoiypodna gn micrfoilm, wittuoh repmissii non writign from ietI rehSa Ot tsserdda eh ebolw or ISOs memreb i ydobn the cnuotrfo y ttseuqer ehe.r ISO cirypothg fofice saCe tsopale 65 eneG 1121-HC 02 av leT. 4 + 10 947 22 1 11 xaF0
14、947 22 14 + 9 74 E-mail coirypthgiso.o gr We bwww.is.o gro Pulbisdehi n Switlrez dna ii ISO 4002 Allr ithgsr esedevr BS ISO 22857:2004 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS:75822 O4002(E) I SO 4002 All irthgs ersedevr iii Conten
15、ts Page Foreword.vii Introduction .ix 1 Scope1 2 Normative references .1 3 Terms and definitions.1 4 Abbreviated terms.3 5 Structure of this International Standard.3 6 General principles and roles3 6.1 General principles.3 6.2 Roles.4 7 Legitimising data transfer4 7.1 The concept of “adequate” data
16、protection.4 7.2 Conditions for legitimate transfer .5 8 Criteria for ensuring adequate data protection with respect to the transfer of personal health data .6 8.1 The requirement for adequate data protection6 8.2 Content principles.6 8.3 Procedural/enforcement mechanisms8 8.4 Contracts10 8.5 Overri
17、ding laws .10 8.6 Anonymisation 11 8.7 Legitimacy of Consent11 9 Security policy.12 9.1 General.12 9.2 The purpose of the security policy .12 9.3 The “level” of security policy 12 9.4 High Level Security Policy: general aspects13 10 High Level Security Policy: the content .14 10.1 Principle One: ove
18、rriding generic principle.14 10.2 Principle Two: chief executive support15 10.3 Principle Three: documentation of Measures and review15 10.4 Principle Four: Data Protection Security Officer.16 10.5 Principle Five: permission to process16 10.6 Principle Six: information about processing .17 10.7 Prin
19、ciple Seven: information for the data subject.19 10.8 Principle Eight: prohibition of onward data transfer without consent19 10.9 Principle Nine: remedies and compensation.20 10.10 Principle Ten: security of processing.21 10.11 Principle Eleven: responsibilities of staff and other contractors22 11 R
20、ationale and Observations on Measures to support Principle Ten concerning security of processing.23 11.1 General.23 11.2 Encryption and digital signatures for transmission to the data importer.23 11.3 Access controls and user authentication.23 11.4 Audit trails23 11.5 Physical and environmental secu
21、rity24 BS ISO 22857:2004 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS:75822 O4002(E) iv I SO 4002 All irthgs ersedevr 11.6 Application management and network management24 11.7 Malicious software 24 11.8 Breaches of security.24 11.9 Bus
22、iness Continuity Plan.24 11.10 Handling very sensitive data24 11.11 Standards.25 12 Personal health data in non-electronic form25 Annex A (informative) Key primary international documents on data protection .26 Annex B (informative) National documented requirements and legal provisions in a range of
23、 countries 32 Annex C (informative) Relevant ISO and CEN Standards.35 Annex D (informative) Sources of advice.36 Annex E (informative) Exemplar contract clauses: Controller to Controller38 Annex F (informative) Exemplar contract clauses: Controller to Processor47 Annex G (informative) Handling very
24、sensitive personal health data.57 Bibliography59 BS ISO 22857:2004 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 02:54:38 GMT+00:00 2006, Uncontrolled Copy, (c) BSI IS:75822 O4002(E) I SO 4002 All irthgs ersedevr v Foreword ISO (the International Organization for Standardization) is a world
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- BS ISO 22857 2004
链接地址:https://www.31doc.com/p-3747392.html