Norme internationale
ISO/TS 17975:2022
Informatique de santé — Principes et exigences des données pour le consentement dans la collecte, l'utilisation ou la divulgation d'informations de santé personnelles
Numéro de référence
ISO/TS 17975:2022
Edition 2
Norme internationale
ISO/TS 17975:2022
Indisponible en français
Publiée (Edition 2, 2022)

ISO/TS 17975:2022

ISO/TS 17975:2022
CHF 151
Convertir les francs suisses (CHF) dans une autre devise


This document defines the set of frameworks of consent for the collection, use and/or disclosure of personal information by healthcare practitioners or organizations that are frequently used to obtain agreement to process the personal health information of subjects of care. This is in order to provide an informational consent framework which can be specified and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of healthcare services and the communication of electronic health records across organizational and jurisdictional boundaries.

This document is applicable to Personal Health Information (PHI).

Good practice requirements are specified for each framework of informational consent. Adherence to these requirements is intended to ensure any subject of care and any parties that process personal health information that their agreement to do so has been properly obtained and correctly specified.

The document is intended to be used to inform:

—    discussion of national or jurisdictional informational consent policies;

—    ways in which individuals and the public are informed about how personal health information is processed within organizations providing health services and health systems;

—    how to judge the adequacy of the information provided when seeking informational consent;

—    design of both paper and electronic informational consent declaration forms;

—    design of those portions of electronic privacy policy services and security services that regulate access to personal health data;

—    working practices of organizations and personnel who obtain or comply with consent for processing personal health information.

The document does not:

—    address the granting of consent to the delivery of healthcare-related treatment and care. Consent to the delivery of care or treatment has its own specific requirements, and is distinct from informational consent.

—    specify what consent framework is applicable to a data classification or data purpose as this can vary according to law or policy, although an examples of implementation profile is provided in Annex B;

—    specify the data format used when consent status is communicated. The focus is on the information characteristics of consent, and not the technology or medium in which the characteristics are instantiated;

—    specify how individuals giving Informed Consent come to be informed of the responsibilities, obligations and consequences related to granting consent;

—    specify requirements on how individuals are informed of the specifics of the data, data sharing or data processing concerned;

—    specify requirements on how consent itself or the specific activities of the consent process are recorded. Specific requirements on recording consent in EHR systems are given in ISO/TS 14441:2013, 5.3.2;

—    specify any information security requirements, e.g. the use of encryption or specific forms of user authentication (see e.g. ISO 27799).

Informations générales

  •  : Publiée
     : 2022-11
    : Norme internationale publiée [60.60]
  •  : 2
  • ISO/TC 215
  • RSS mises à jour

Vous avez une question?

Consulter notre Aide et assistance

Service à la clientèle
+41 22 749 08 88

Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)