ISO/TS TECHNICAL SPECIFICATION 21089 First edition 2018-04 Health informatics Trusted end-to end information flows Informatique de santé - Flux d'informations "trusted end-to-end" Reference number IS0/TS 21089:2018(E) @IS02018 ut license from IHS Not for Resale, 04/20/2018 22:39:24 MDT IS0/TS 21089:2018(E) COPYRIGHTPROTECTEDDOCUMENT @ IS0 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP401·Ch.deBlandonnet8 CH-1214 Vernier, Geneva Phone:+4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland @ IS0 2018 - All rights reserved Not for Resale, 04/20/2018 22:39:24 MDT IS0/TS 21089:2018(E) Contents Page Foreword ..V Introduction. ...vi 1 Scope. 2 Normative references 3 Terms and definitions ..1 4 Abbreviated terms ..25 5 Truth, trust, end-to-end information flows and foundations of interoperability ..27 6 Trust characteristics in end-to-end information flow ..28 7 The trust constituency .29 8 Principles and objectives .32 8.1 Ensuredtrust .32 8.2 Trust constituency .32 8.3 Health record rights. .33 8.4 Health record obligations 33 8.5 Health record composition 34 8.6 Human and business agents and their accountable actions 34 8.7 Software and device agents and their accountable actions. .34 8.8 Scope of accountability 34 8.9 Provenance 35 8.10 Authentication. 35 8.11 Auditability. 36 8.12 Chain of trust .36 8.13 Faithfulness, permanence, persistence and indelibility .36 8.14 Data definition, data registry. .36 8.15 Data integrity. .36 8.16 Completeness. .36 9 Downstream/upstream information flow perspectives .37 9.1 Downstream information flow perspective - Subject of care .37 9.2 Downstream information flow perspective - Accountable agent(s) for health record content. .38 9.3 Upstream perspective — Accountable agent(s) for health record access/view ..39 10 Agents, actions and corresponding persistent record entries ..39 10.1 Agent takes action. ..39 10.2 Agent documents action taken. .40 10.3 Agentstewardstherecordentry .40 11 Key contexts for action instances and record entry instances ..41 11.1 IdentityContext .41 11.2 Accountability Context .41 11.3 Data Integrity Context. .41 11.4 Clinical Context .41 11.5 Administrative/operational context .42 12 Roles and relationships (examples) .42 12.1 Subject of care and provider relationships .42 12.2 Health services. .42 12.3 Health record relationships .42 12.4 Individuals, organizations and business unit relationships ..43 12.5 Inter-healthcare professional relationships. ..43 13 Record lifecycle events and CRUD (create, read, update, delete) .44 iii thout license from IHS Not for Resale, 04/20/2018 22:39:24 MDT