scope:

This New Work Item Proposal is for a Technical Specification to define a set of high-level categories of purposes for which personal health information* may be processed: collected, used, stored, accessed, analysed, linked, communicated, disclosed or retained. This is in order to provide a framework for classifying the various specific purposes that may be defined and used by individual policy domains (e.g. healthcare organisation, regional health authority, jurisdiction, country) as an aid to the consistent management of information in the delivery of health care services and for the communication of electronic health records across organisational and policy domain boundaries. It is proposed that a policy domain would conform to this specification if every agreed purpose for which the processing of personal health information is permitted within that jurisdiction is published in a form that is categorised according to the framework defined in this specification. This Specification, whilst not defining an exhaustive set of such purposes, will provide a common mapping target to bridge between differing national lists and thereby support authorised automated cross-border flows of HER data. * NOTE: Personal Health Information is considered here as defined in ISO 27799: information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual, and that may include: a) information about the registration of the individual for the provision of health services, b) information about payments or eligibility for heath care in respect to the individual, c) a number, symbol or particular assigned to an individual to uniquely identify the individual for health purposes, d) any information about the individual that is collected in the course of the provision of health services to the individual, e) information derived from the testing or examination of a body part or bodily substance