International Organization for Standardization (ISO)
Latest
ISO/TS 21547:2010
Scope
The purpose of this Technical Specification is to define the basic principles needed to securely preserve
health records in any format for the long term. It concentrates on previously documented healthcare-specific
archiving problems. It also gives a brief introduction to general archiving principles. Unlike the traditional
approach to standardization work, where the perspective is that of modelling, code sets and messages, this
Technical Specification looks at archiving from the angle of document management and related privacy
protection. The document management angle has traditionally been used in connection with patient records in
paper form and it can also be applied to digitally stored documents. There are different architectural and
technical ways to develop and implement long-term preservation of electronic health records. Archiving can be
a function of the online record-keeping system, and we can have a separate independent archive or a
federated one. Electronic health records are, in many cases, archived in the form of documents, but other
technical solutions also exist.
In this Technical Specification archiving is understood to be a wider process than just the permanent
preservation of selected records. Archiving of EHRs is a holistic process covering records maintenance,
retention, disclosure and destruction when the record is not in active use. Archiving also includes tasks the
EHR system should perform before the record is sent to the EHR-archive.
This Technical Specification defines architecture and technology-independent security requirements for the
long-term preservation of EHRs having fixed content.
ISO/TS 21547:2010 Referenced Document
EN 13606 Health informatics - Electronic health record communication - Part 4: Security
ISO 14721 Space data and information transfer systems - Open archival information system (OAIS) - Reference model*, 2012-09-01 Update
ISO 15489-1 Information and documentation - Records management - Part 1: Concepts and principles [Standard in French]*, 2016-04-01 Update
ISO 23081-1 Information and documentation - Records management processes - Metadata for records - Part 1: Principles*, 2017-10-01 Update
ISO 27799 Health informatics - Information security management in health using ISO/IEC 27002*, 2016-07-01 Update
ISO/IEC 13888 Information security — Non-repudiation — Part 3: Mechanisms using asymmetric techniques*, 2020-09-04 Update
ISO/IEC 17799 Corrigendum 1 - Information technology - Security techniques - Code of good practice for information security management
ISO/TR 15489-2 Information and documentation - Records management - Part 2: Guidelines
ISO/TR 18492 Long-term preservation of electronic document-based information
ISO/TR 21548 Health informatics - Security requirements for archiving of electronic health records - Guidelines
ISO/TS 18308 Health informatics - Requirements for an electronic health record architecture
ISO/TS 22600-1 Health informatics - Privilege management and access control - Part 1: Overview and policy management
ISO/TS 22600-2 Health informatics - Privilege management and access control - Part 2: Formal models
ISO/TS 21547:2010 history
2010ISO/TS 21547:2010 Health informatics - Security requirements for archiving of electronic health records - Principles