{"id":349017,"date":"2024-10-20T00:34:18","date_gmt":"2024-10-20T00:34:18","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-228572013\/"},"modified":"2024-10-26T00:12:47","modified_gmt":"2024-10-26T00:12:47","slug":"bs-iso-228572013","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-228572013\/","title":{"rendered":"BS ISO 22857:2013"},"content":{"rendered":"

This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national or jurisdictional borders.<\/p>\n

It does not require the harmonization of existing national or jurisdictional standards, legislation or regulations. It is normative only in respect of international or trans-jurisdictional exchange of personal health data. However it can be informative with respect to the protection of health information within national\/jurisdictional boundaries and provide assistance to national or jurisdictional bodies involved in the development and implementation of data protection principles.<\/p>\n

This International Standard covers both the data protection principles that apply to international or trans-jurisdictional transfers and the security policy which an organization adopts to ensure compliance with those principles.<\/p>\n

Where a multilateral treaty between a number of countries has been agreed (e.g. the EU Data Protection Directive), the terms of that treaty will take precedence.<\/p>\n

This International Standard aims to facilitate international and trans-jurisdictional health-related applications involving the transfer of personal health data. It seeks to provide the means by which health data relating to data subjects, such as patients, will be adequately protected when sent to, and processed in, another country\/jurisdiction.<\/p>\n

This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application, legal advice appropriate to that application can be sought.<\/p>\n

National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries\/jurisdictions may have some more stringent and particular requirements.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
7<\/td>\nForeword <\/td>\n<\/tr>\n
8<\/td>\nIntroduction <\/td>\n<\/tr>\n
11<\/td>\nSection sec_1
Section sec_2
Section sec_3
Section sec_3.1
Section sec_3.2
1\tScope
2\tNormative references
3\tTerms and definitions <\/td>\n<\/tr>\n
12<\/td>\nSection sec_3.3
Section sec_3.4
Section sec_3.5
Section sec_3.6
Section sec_3.7
Section sec_3.8
Section sec_3.9
Section sec_3.10
Section sec_3.11
Section sec_3.12
Section sec_3.13
Section sec_3.14
Section sec_3.15 <\/td>\n<\/tr>\n
13<\/td>\nSection sec_3.16
Section sec_4
Section sec_5
Section sec_6
Section sec_6.1
4\tAbbreviated terms
5\tStructure of this International Standard
6\tGeneral principles and roles
6.1\tGeneral principles <\/td>\n<\/tr>\n
14<\/td>\nSection sec_6.2
Section sec_6.2.1
Section sec_6.2.2
Section sec_7
Section sec_7.1
6.2\tRoles
7\tLegitimising data transfer
7.1\tThe concept of \u201cadequate\u201d data protection <\/td>\n<\/tr>\n
15<\/td>\nSection sec_7.2
Section sec_7.2.1
Section sec_7.2.2
7.2\tConditions for legitimate transfer <\/td>\n<\/tr>\n
16<\/td>\nSection sec_8
Section sec_8.1
Section sec_8.2
Section sec_8.2.1
Section sec_8.2.2
8\tCriteria for ensuring adequate data protection with respect to the transfer of personal health data
8.1\tThe requirement for adequate data protection
8.2\tContent principles <\/td>\n<\/tr>\n
17<\/td>\nSection sec_8.2.3
Section sec_8.2.4
Section sec_8.2.5 <\/td>\n<\/tr>\n
18<\/td>\nSection sec_8.2.6
Section sec_8.2.7
Section sec_8.2.8 <\/td>\n<\/tr>\n
19<\/td>\nSection sec_8.3
Section sec_8.3.1
Section sec_8.3.2
8.3\tProcedural\/enforcement mechanisms <\/td>\n<\/tr>\n
20<\/td>\nSection sec_8.3.3
Section sec_8.3.4
Section sec_8.4
8.4\tContracts <\/td>\n<\/tr>\n
21<\/td>\nSection sec_8.5
Section sec_8.6
Section sec_8.6.1
Section sec_8.6.2
8.5\tOverriding laws
8.6\tAnonymisation <\/td>\n<\/tr>\n
22<\/td>\nSection sec_8.7
Section sec_9
Section sec_9.1
Section sec_9.2
8.7\tLegitimacy of consent
9\tSecurity policy
9.1\tGeneral
9.2\tThe purpose of the security policy <\/td>\n<\/tr>\n
23<\/td>\nSection sec_9.3
Section sec_9.4
Section sec_9.4.1
Figure fig_1
Section sec_9.4.2
9.3\tThe \u201clevel\u201d of security policy
9.4\tHigh Level Security Policy: general aspects <\/td>\n<\/tr>\n
24<\/td>\nSection sec_9.4.3
Section sec_9.4.4
Section sec_9.4.5
Section sec_9.4.6
Section sec_10
Section sec_10.1
Section sec_10.1.1
Section sec_10.1.2
10\tHigh Level Security Policy: the content
10.1\tPrinciple One: overriding generic principle <\/td>\n<\/tr>\n
25<\/td>\nSection sec_10.1.3
Section sec_10.1.4
Section sec_10.1.5
Section sec_10.2
Section sec_10.2.1
Section sec_10.2.2
Section sec_10.2.3
Section sec_10.2.4
Section sec_10.2.5
Section sec_10.2.6
10.2\tPrinciple Two: chief executive support <\/td>\n<\/tr>\n
26<\/td>\nSection sec_10.3
Section sec_10.3.1
Section sec_10.3.2
Section sec_10.3.3
Section sec_10.3.4
Section sec_10.4
Section sec_10.4.1
Section sec_10.4.2
Section sec_10.4.3
Section sec_10.4.4
Section sec_10.4.5
10.3\tPrinciple Three: documentation of measures and review
10.4\tPrinciple Four: Data protection security officer <\/td>\n<\/tr>\n
27<\/td>\nSection sec_10.4.6
Section sec_10.5
Section sec_10.5.1
Section sec_10.5.2
Section sec_10.5.3
Section sec_10.5.4
Section sec_10.5.5
Section sec_10.5.6
10.5\tPrinciple Five: permission to process <\/td>\n<\/tr>\n
28<\/td>\nSection sec_10.5.7
Section sec_10.6
Section sec_10.6.1
Section sec_10.6.2
Section sec_10.6.3
Section sec_10.6.4
Section sec_10.6.5
Section sec_10.6.6
Section sec_10.6.7
Section sec_10.6.8
10.6\tPrinciple Six: information about processing <\/td>\n<\/tr>\n
29<\/td>\nSection sec_10.6.9
Section sec_10.6.10
Section sec_10.6.11
Section sec_10.6.12
Section sec_10.6.13 <\/td>\n<\/tr>\n
30<\/td>\nSection sec_10.6.14
Section sec_10.7
Section sec_10.7.1
Section sec_10.7.2
Section sec_10.7.3
Section sec_10.8
Section sec_10.8.1
Section sec_10.8.2
Section sec_10.8.3
Section sec_10.8.4
10.7\tPrinciple Seven: information for the data subject
10.8\tPrinciple Eight: prohibition of onward data transfer without consent <\/td>\n<\/tr>\n
31<\/td>\nSection sec_10.8.5
Section sec_10.8.6
Section sec_10.9
Section sec_10.9.1
Section sec_10.9.2
Section sec_10.9.3
Section sec_10.9.4
Section sec_10.9.5
10.9\tPrinciple Nine: remedies and compensation <\/td>\n<\/tr>\n
32<\/td>\nSection sec_10.10
Section sec_10.10.1
Section sec_10.10.2
Section sec_10.10.3
Section sec_10.10.4
Section sec_10.10.5
Section sec_10.10.6
Section sec_10.10.7
Section sec_10.10.8
Section sec_10.10.9
Section sec_10.10.10
10.10\tPrinciple Ten: security of processing <\/td>\n<\/tr>\n
33<\/td>\nSection sec_10.10.11
Section sec_10.10.12
Section sec_10.10.13
Section sec_10.10.14
Section sec_10.11
Section sec_10.11.1
Section sec_10.11.2
Section sec_10.11.3
Section sec_10.11.4
Section sec_10.11.5
Section sec_10.11.6
10.11\tPrinciple Eleven: responsibilities of staff and other contractors <\/td>\n<\/tr>\n
34<\/td>\nSection sec_11
Section sec_11.1
Section sec_11.2
Section sec_11.3
11\tRationale and observations on measures to support Principle Ten concerning security of processing
11.1\tGeneral
11.2\tEncryption and digital signatures for transmission to the data importer
11.3\tAccess controls and user authentication <\/td>\n<\/tr>\n
35<\/td>\nSection sec_11.4
Section sec_11.5
Section sec_11.6
Section sec_11.7
Section sec_11.8
Section sec_11.9
11.4\tAudit trails
11.5\tPhysical and environmental security
11.6\tApplication management and network management
11.7\tMalicious software
11.8\tBreaches of security
11.9\tBusiness continuity plan <\/td>\n<\/tr>\n
36<\/td>\nSection sec_11.10
Section sec_11.11
Section sec_12
11.10\tHandling very sensitive data
11.11\tStandards
12\tPersonal health data in non-electronic form <\/td>\n<\/tr>\n
37<\/td>\nAnnex sec_A
Annex sec_A.1
Annex sec_A.1.1
Annex sec_A.1.2
Annex sec_A.1.3
Annex sec_A.1.4
Annex\u00a0A
\n(informative)<\/p>\n

Key primary international documents on data protection <\/td>\n<\/tr>\n

38<\/td>\nAnnex sec_A.1.5
Annex sec_A.1.6 <\/td>\n<\/tr>\n
39<\/td>\nAnnex sec_A.1.7
Annex sec_A.1.8
Annex sec_A.1.9
Annex sec_A.2 <\/td>\n<\/tr>\n
40<\/td>\nAnnex sec_A.3 <\/td>\n<\/tr>\n
41<\/td>\nAnnex sec_A.4
Annex sec_A.4.1
Annex sec_A.4.2
Annex sec_A.4.3 <\/td>\n<\/tr>\n
42<\/td>\nAnnex sec_B
Annex sec_B.1
Annex sec_B.2
Annex\u00a0B
\n(informative)<\/p>\n

National documented requirements and legal provisions in a range of countries <\/td>\n<\/tr>\n

44<\/td>\nAnnex sec_B.3 <\/td>\n<\/tr>\n
45<\/td>\nAnnex sec_B.4
Annex sec_B.5
Annex sec_B.6 <\/td>\n<\/tr>\n
46<\/td>\nAnnex sec_B.7 <\/td>\n<\/tr>\n
47<\/td>\nAnnex sec_C
Annex sec_C.1
Annex sec_C.2
Annex sec_C.3
Annex sec_C.4
Annex\u00a0C
\n(informative)<\/p>\n

Exemplar contract clauses: Controller to controller <\/td>\n<\/tr>\n

54<\/td>\nAnnex sec_D
Annex sec_D.1
Annex sec_D.2
Annex sec_D.3
Annex\u00a0D
\n(informative)<\/p>\n

Exemplar contract clauses: Controller to processor <\/td>\n<\/tr>\n

55<\/td>\nAnnex sec_D.4 <\/td>\n<\/tr>\n
63<\/td>\nAnnex sec_E
Annex sec_E.1
Annex sec_E.2
Annex sec_E.3
Annex\u00a0E
\n(informative)<\/p>\n

Handling very sensitive personal health data <\/td>\n<\/tr>\n

64<\/td>\nAnnex sec_E.4
Annex sec_E.5
Annex sec_E.6
Annex sec_E.7 <\/td>\n<\/tr>\n
65<\/td>\nReference ref_1
Reference ref_2
Reference ref_3
Reference ref_4
Reference ref_5
Reference ref_6
Reference ref_7
Reference ref_8
Reference ref_9
Reference ref_10
Reference ref_11
Reference ref_12
Reference ref_13
Reference ref_14
Reference ref_15
Reference ref_16
Reference ref_17
Reference ref_18
Bibliography <\/td>\n<\/tr>\n
66<\/td>\nReference ref_19
Reference ref_20
Reference ref_21
Reference ref_22
Reference ref_23
Reference ref_24
Reference ref_25 <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2014<\/td>\n70<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":349021,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[704,2641],"product_tag":[],"class_list":{"0":"post-349017","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-80","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/349017","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/349021"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=349017"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=349017"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=349017"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}