ISO/TS 27790:2026

Technical
Specification
ISO/TS 27790
Second edition
Health informatics — Document
2026-03
registry framework
Informatique de santé — Cadre d'enregistrement de document
Reference number
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Document registry framework . . 4
4.1 Overview .4
4.2 General structure of the framework based on IHE XDS .4
4.2.1 General .4
4.2.2 Information model (ebRIM) and service (ebRS) web services .4
4.2.3 Cross-enterprise document sharing (IHE-XDS) .5
4.2.4 Patient identification, security and privacy profiles .6
4.3 General structure of the framework based on IHE MHD or IHE MHDS .6
4.3.1 General .6
4.3.2 HL7 FHIR Document related resources .6
4.3.3 Mobile access to Health Documents (IHE MHD) .6
4.3.4 Mobile Health Document Sharing (IHE MHDS) .7
4.4 Document content profiles .8
Bibliography .10

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 215, Health informatics.
This second edition cancels and replaces the first edition (ISO/TS 27790:2009), which has been technically
revised.
The main changes are as follows:
— Annex A was removed as only one country, the Republic of Korea, was included in it originally;
— updated to reflect the latest changes in the IHE document sharing profiles, such as the addition of Mobile
Health Document (MHD), addition of IHE Integration Profile, Mobile Health Document Sharing (MHDS)
IHE Integration Profile, and corrections to Cross-Enterprise Document Sharing (XDS.b) IHE Integration
Profile. These profiles facilitate the registration, distribution and access across health enterprises of
patient electronic health records.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
Development and implementation of electronic health records (EHR) are rapidly progressing around the
world. An appropriate deployment of EHR will enhance various aspects of healthcare delivery, such as
safety and efficiency. EHR are thought to enable the provision of essential care information to providers at
point-of-care through information and telecommunications technologies. This includes a broad spectrum of
capabilities including acquisition, storage, presentation and management of patient information (represented
in different digital forms such as video, audio or data) and communication of this information between care
facilities with the use of communications links.
Recent development of health information exchange where the patients’ EHR are accessed securely whenever
necessary (sharing EHR information at point-of-care and by the consumer citizen) requires that electronic
health records of an individual, although they originate from various health-related subjects distributed
over space and time, remain accessible irrespective of their centralized or distributed storage. The use of
centralized registry systems pointing to such records can greatly facilitate the discovery of their locations
to allow effective access to the appropriate and secured EHR.
Many organizations with operational large-scale deployments implement this foundational approach
in sharing health data among existing systems as a simple and effective service. However, these initial
projects identified several issues or gaps in document sharing that limited their deployment (e.g. lack of
standardization, fragmentation of health data, difficulty in locating distributed records, inconsistencies
in abilities to search records from many care delivery organization). The proposed framework addresses
such issues by offering consistent search data among data stored with various degrees of granularity. There
have been enough operational deployments across more than 20 countries with hundreds of different
health information systems and several millions of clinical documents shared to confirm the robustness and
efficiency of such a standards-based document sharing framework.
This document is targeted at policy makers, architects of national ehealth infrastructure, health IT
product managers and designers. It describes the principles and specification of interoperability needed
to support a registry system for locating and accessing records grouped into shared documents. The
supported documents may contain any type of person-centric health information, whether structured (e.g.
coded patient summary, numeric lab results) or unstructured (e.g. scanned images, free-text documents),
depending on the source standard for their content. The clinical document architecture (CDA), the Fast
Healthcare Interoperability Resources (FHIR), Digital Imaging and Communications in Medicine (DICOM)
are standards that are likely companions to this document. This document does not address the security
and privacy considerations in detail but refers to related interoperability standards and profiles designed to
be used in conjunction. The document does not mandate a specific method or technology but rather provides
a coherent inclusive description of principles and practices that can facilitate the formulation of policies and
governance practices locally or nationally.
The web services-based registry framework includes a document registry and associated repository to
allow the sharing of any form of health documents including HL7 CDA, FHIR documents and DICOM objects.
The registry framework specializes in health two different application programming interfaces (API):
— The W3C Web Services Standards, ISO 15000 (ebXML registry standards) and OASIS ebXML Registry
Information Model 3.0 through the use of the IHE Cross-Enterprise Document Sharing (XDS) from the
Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) technical
framework, summarizing from the Cross-Enterprise Document Sharing (XDS) Profile:
“The Cross-Enterprise Document Sharing IHE Integration Profile facilitates the registration, distribution
and access across health enterprises of patient and citizen electronic health records. Cross-Enterprise
Document Sharing (XDS) is focused on providing a standards-based specification for managing the
sharing of documents between all health enterprises, ranging from private physician offices to clinics
to acute care in-patient facilities to personal health record systems. The XDS IHE Integration Profile
assumes that these enterprises belong to one or more affinity domains. An affinity domain is a group of
healthcare enterprises that have agreed to work together using a common set of policies and that share
a common registry infrastructure.”

v
— The HL7 FHIR Document Reference resources through the use of the IHE Mobile access to Health
Document (MHD) or the more extensive IHE Mobile Health Document Sharing (MHDS) from the
Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) technical
framework, summarizing from the Mobile access to Health Document Sharing (MHDS) Profile:
[37]
“The Mobile access to Health Documents (MHD ) Profile defines a standardized API for mobile
devices, like smartphones and tablets, to share health documents. It simplifies the document sharing
process originally used in XDS and XCA, making it easier for mobile and simple systems to submit, query,
and retrieve health documents.
[38]
The MHDS Profile provides a framework for communities to exchange health information by using
a combination of other IHE profiles. It covers essential functions like patient identification, document
management and storage, and privacy and security, all to ensure a standardized and interoperable
approach to health information sharing.”
[9]
This document also references a number of companion standards-based specifications that offer optional
extensions to enhance the basic capabilities offered by IHE XDS, namely a series of security-related and
[9]
privacy-related IHE profiles, such as Patient Identification Cross-Referencing (PIX ), Patient Demographics
[9] [9] [9]
Query (PDQ ), Basic Patient Privacy Consent (BPPC ), and Cross-Enterprise User Assertion (XUA ).
NOTE The use of IHE Audit trail and Node Authentication (ATNA) as well as Consistent Time (CT) is required as
part of IHE XDS. These Profiles are therefore not listed above.

vi
Technical Specification ISO/TS 27790:2026(en)
Health informatics — Document registry framework
1 Scope
This document specifies a general-purpose document registry framework for transmitting, storing and
utilizing documents in clinical and personalized health environments. It is quite broad in its applicability
to realise the goal of sharing health-related documents spanning a broad spectrum of health domains such
as healthcare specialities covering laboratory, cardiology, eye care, etc. and the many areas of personalized
health.
This document also supports shared document registration and retrieval via the federation of documents’
registries (IHE Cross-Community Access) in terms of individual users to reduce health information extrusion
possibilities.
This document supports the sharing of documents of any standardized content in the context of healthcare
and well-being. It describes the means of locating and accessing shared documents among a diverse set of
health organizations. It is designed to leverage existing health informatics for structuring and semantically
rich health information, if so desired. It does not require the development of new health informatics
standards.
2 Normative references
There are no normative references in the document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
actor
user of the system-of-interest interacting with the system in a particular usage context or role
3.2
architecture
set of design artefacts or descriptive representations that are relevant for describing an object such that it
can be produced to requirements (quality) as well as maintained over the period of its useful life (change)
3.3
authentication
act of verifying the claimed identity of an entity
[SOURCE: ISO/IEC 10181-2:1996, 3.3, modified — “provision of assurance” was changed to “act of verifying”.]
3.4
authorization
granting of rights, including the granting of access based on access rights
[SOURCE: ISO 7498-2:1989, 3.3.10]

3.5
clinical document
defined and complete information object that can include text, images, sounds, and other multimedia content
EXAMPLE Discharge, summary, progress note, procedure report, a medical image.
Note 1 to entry: A clinical document has six characteristics: persistence, stewardship, potential for authentication,
context, wholeness and human readability.
Note 2 to entry: Adapted from ISO/IEC 10181-2:1996.
3.6
consumer
person requiring, scheduled to receive, receiving or having received a healthcare service
Note 1 to entry: Consent can be revoked at any time and may be context-specific, particularly relevant for
implementations involving patient portals and mobile applications.
3.7
document registry
function or system designed to store, index and enable discovery of clinical documents based on metadata,
supporting queries and access policies
3.8
electronic health record
EHR
longitudinal collection of personal health information of a single individual, entered or accepted by
healthcare providers, and stored electronically
Note 1 to entry: The record may be made available at any time to providers, who have been authorized by the
individual, as a tool in the provision of health care services. The individual has access to the record and can request
changes to its contents. The transmission and storage of the record is under strict security.
Note 2 to entry: Patient-controlled EHR access via third-party applications, consistent with FHIR and global patient
empowerment trends may be supported.
Note 3 to entry: Adapted from ISO/IEEE 11073-10103:2025.
3.9
encounter
patient contact
contact between a clinician and patient
3.10
event
change in device status that is communicated by a notification reporting service
3.11
framework
logical structure for classifying and organizing complex information
3.12
information model
structured specification of the information requirements of a project
3.14
interoperability
ability of two or more systems or components to exchange information and to use the information that has
been exchanged
3.15
model
abstraction used to express the relevant concepts and interdependencies of a project

3.16
operation
function or transformation that may be applied to or by objects in a class
Note 1 to entry: Sometimes also called service.
3.17
participant
data exporter and data importer
3.18
patient
individual person who is a subject of care
Note 1 to entry: Patient are clinical care recipients
3.19
privacy
freedom from intrusion into the private life or affairs of an individual when that intrusion results from
undue or illegal gathering and use of data about that individual
Note 1 to entry: Privacy includes key privacy principles such as data minimization, purpose limitation, and informed
consent under modern regulatory frameworks.
3.20
record
collection of data
3.21
registry
collection of all the official records relating to something, or the place where they are kept
3.22
repository
place where something is safely kept
3.23
security
combination of confidentiality, integrity and availability
3.24
service
specific behaviour that a communication party in a specific role is responsible for exhibiting
3.25
shared document
byte sequence managed by actors in document sharing profiles
Note 1 to entry: There is no concept of equivalent Documents. If the byte sequence is different, then the Documents are
different. A Shared document may include a variety of content such as textual representation, images or a composition
of clinical information that contains observations and services for the purpose of exchange with the following
characteristics: Persistence, Stewardship, Potential for Authentication, and Wholeness. Shared documents may be
exchanged by IHE profiles such as XDS or MHD.
[37]
Note 2 to entry: Adapted from IHE IT Infrastructure Framework – Mobile Health Documents (MHD ).
3.26
system
demarcated part of the perceivable universe, existing in time and space, that can be regarded as a set of
elements and relationships between these elements
Note 1 to entry: A system is composed of actors and is an entity that operates through messages between actors.

4 Document registry framework
4.1 Overview
This framework is built upon widely adopted standards such as the FHIR Document Reference resource
1)
MHD Document Reference Comprehensiv
...