This International Standard provides guidance on data protection requirements to facilitate the transfer of
personal health data across national borders. It does not require the harmonisation of existing national
standards, legislation or regulations. It is normative only in respect of international exchange of personal
health data. However it may be informative with respect to the protection of health information within national
boundaries and provide assistance to national bodies involved in the development and implementation of data
protection principles. The International Standard covers both the data protection principles that should apply to
international transfers and the security policy which an organisation should adopt to ensure compliance with
those principles.
Where a multilateral treaty between a number of countries has been agreed e.g. the EU Data Protection
Directive, the terms of that treaty will take precedence.
This International Standard aims to facilitate international health-related applications involving the transfer of
personal health data. It seeks to provide the means by which data subjects, such as patients, may be assured
that health data relating to them will be adequately protected when sent to, and processed in, another country.
This International Standard does not provide definitive legal advice but comprises guidance. When applying
the guidance to a particular application legal advice appropriate to that application should be sought.
National privacy and data protection requirements vary substantially and can change relatively quickly.
Whereas this International Standard in general encompasses the more stringent of international and national
requirements it nevertheless comprises a minimum. Some countries may have some more stringent and
particular requirements and this should be checked.
ISO 22857:2004 history
2013ISO 22857:2013 Health informatics.Guidelines on data protection to facilitate trans-border flows of personal health data
2004ISO 22857:2004 Health informatics - Guidelines on data protection to facilitate trans-border flows of personal health information