Home » Compliance Management Blog- ESG, EHS, EHSQ » Our Top 10 Health Information Technology Standards — and 4 you must know about…

Our Top 10 Health Information Technology Standards — and 4 you must know about…

Kyle Bach

Having trouble knowing where to start with your Electronic Medical Record implementation?  Here’s our list of some of the most important Health Information Technology Standards to help you get familiar with the field.

1.  ASTM-E2553 – Guide for Implementation of a Voluntary Universal Healthcare Identification System

This guide provides you with implementation principles needed to create a healthcare identification system.  It is intended to help you clearly identify the individuals in your healthcare delivery system.

2.  ASTM-E1714 – Guide for Properties of a Universal Healthcare Identifier (UHID)

Originally intended for the U.S. population, the guide covers a set of requirements “outlining the properties required to create a universal healthcare identifier system.”   The goal:

Positive identification of patients, automatic links to all computer-bases records on that patient, data security, and record handling efficiency.

3.  ISO-27799 – Health informatics — Information security management in health using ISO/IEC 27002

The standard provides you with a set of detailed controls and security best practices.  It will assist in the implementation of a system that maintains confidentiality, integrity of information, and availability of patient health records.  It covers a wide variety of data formats.

4.  ISO-21548 – Health informatics — Security requirements for archiving of electronic health records – Guidelines

A companion to the document below, this is an implementation guide for EMR archiving.


5.  ISO-21547 Health informatics — Security requirements for archiving of electronic health records — Principles

This technical specification defines the basic principles required to preserving health records in any format.  It is focused on document and records management, with an emphasis on privacy protection.

6.  ISO-22600-1 – Health informatics — Privilege management and access control — Part 1: Overview and policy management

Another technical specification, this time supporting the needs of record sharing partners as diverse as health insurance companies, patients, government, and other healthcare organizations.

7. ASTM-E1869 – Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

This standard is another take on the issues of patient privacy and confidentiality. It provides the user with basic principles and ethical practices for handling confidential patient information.

8. ASTM-E1985 – Guide for User Authentication and Authorization

This guide can assist healthcare providers who are implementing EMR software by providing information on the design, implementation and use of authentication mechanisms.

9.  ISO-18308 – Health informatics — Requirements for an electronic health record architecture

This technical specification assembles a set of clinical and technical requirements for EMR architecture.  It’s goal is to support the exchange of health records across various sectors and jurisdictions.

10.  ASTM-E1384 – Practice for Content and Structure of the Electronic Health Record (EHR)

This is the ASTM take on what the content and logical data structure of an EMR needs to be.  It provides a common vocabulary to assist in the development, purchase and implementation of EMR systems.  It helps map the content of the EMR to a number of biomedical and other health informatics standards.

And the 4 Standards you need to know about:

HL7-CDA – The Clinical Document Architecture

This standard provides an XML-based model for the exchange of clinical documents (like discharge summaries).  The document creates information that is both machine- and human-readable.  Display is available in web-browsers and wireless applications like cell phones.  It tends to be used in applications for large-scale implementation, like large hospital chains.

CCD – Continuity of Care Document

This is a joint standard generated by ASTM and HL7 to combine the benefits of the ASTM CCR standard (below) and the HL7 CDA standards (above).  It is for use in the U.S. only.  It basically is a method to create simpler documents now (probably from legacy information) with a migration path to the more complex CDA protocol later.

ASTM-E2369 – Specification for Continuity of Care Record (CCR)

This standard also provides for the exchange of clinical documents, with some XML, in a more flexible schema.  The goal in creating the standard was to tag specific elements in a health record so that data could be communicated in a vendor-neutral fashion.  It tends to be used in smaller-venue applications.

DICOM – Digital Imaging and Communications in Medicine

DICOM is a multi-part document created by a joint committee of the American College of Radiology and the National Electrical Manufacturers Association.  It defines standard methods of transmission of medical images and their associated information.  The importance of DICOM in the Health Informatics is that it addresses the integration of specialty application information into the Electronic Health Record.

A complete list of Health Informatics Standards is available at our website:


Please contact me, Claudia Bach, with any questions you might have.