CAN/CSA-Z22857-06
Health Informatics - Guidelines on Data Protection to Facilitate Trans-Border Flows of Personal Health Information (Adopted ISO 22857, first edition, 2004-04-01, with Canadian deviations)
Product Details
This is the first edition of CAN/CSA-Z22857, Health informatics - Guidelines on data protection to facilitate trans-border flows of personal health information, which is an adoption, with Canadian deviations, of the identically titled ISO (International Organization for Standardization) Standard 22857 (first edition, 2004-04-01). At the time of publication, ISO 22857:2004 is available from ISO in English only. CSA will publish the French version when it becomes available from ISO.
Scope
This International Standard provides guidance on data protection requirements to facilitate the transfer of personal health data across national borders. It does not require the harmonisation of existing national standards, legislation or regulations. It is normative only in respect of international exchange of personal health data. However it may be informative with respect to the protection of health information within national boundaries and provide assistance to national bodies involved in the development and implementation of data protection principles. The International Standard covers both the data protection principles that should apply to international transfers and the security policy which an organisation should adopt to ensure compliance with those principles.
Where a multilateral treaty between a number of countries has been agreed e.g. the EU Data Protection Directive, the terms of that treaty will take precedence.
This International Standard aims to facilitate international health-related applications involving the transfer of personal health data. It seeks to provide the means by which data subjects, such as patients, may be assured that health data relating to them will be adequately protected when sent to, and processed in, another country.
This International Standard does not provide definitive legal advice but comprises guidance. When applying the guidance to a particular application legal advice appropriate to that application should be sought.
National privacy and data protection requirements vary substantially and can change relatively quickly. Whereas this International Standard in general encompasses the more stringent of international and national requirements it nevertheless comprises a minimum. Some countries may have some more stringent and particular requirements and this should be checked.